skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: MaMIoT: Manipulation of Energy Market Leveraging High Wattage IoT Botnets
If a trader could predict price changes in the stock market better than other traders, she would make a fortune. Similarly in the electricity market, a trader that could predict changes in the electricity load, and thus electricity prices, would be able to make large profits. Predicting price changes in the electricity market better than other market participants is hard, but in this paper, we show that attackers can manipulate the electricity prices in small but predictable ways, giving them a competitive advantage in the market. Our attack is possible when the adversary controls a botnet of high wattage devices such as air conditioning units, which are able to abruptly change the total demand of the power grid. Such attacks are called Manipulation of Demand via IoT (MaDIoT) attacks. In this paper, we present a new variant of MaDIoT and name it Manipulation of Market via IoT (MaMIoT). MaMIoT is the first energy market manipulation cyberattack that leverages high wattage IoT botnets to slightly change the total demand of the power grid with the aim of affecting the electricity prices in the favor of specific market players. Using real-world data obtained from two major energy markets, we show that MaMIoT can significantly increase the profit of particular market players or financially damage a group of players depending on the motivation of the attacker.  more » « less
Award ID(s):
1929410 1931573 1929406
PAR ID:
10381947
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
Page Range / eLocation ID:
1338 to 1356
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. (, Proceedings of the 27th USENIX Security Symposium)
    We demonstrate that an Internet of Things (IoT) botnet of high wattage devices–such as air conditioners and heaters–gives a unique ability to adversaries to launch large-scale coordinated attacks on the power grid. In particular, we reveal a new class of potential attacks on power grids called the Manipulation of demand via IoT (MadIoT) attacks that can leverage such a botnet in order to manipulate the power demand in the grid. We study five variations of the MadIoT attacks and evaluate their effectiveness via state-of-the-art simulators on real-world power grid models. These simulation results demonstrate that the MadIoT attacks can result in local power outages and in the worst cases, large-scale blackouts. Moreover, we show that these attacks can rather be used to increase the operating cost of the grid to benefit a few utilities in the electricity market. This work sheds light upon the interdependency between the vulnerability of the IoT and that of the other networks such as the power grid whose security requires attention from both the systems security and power engineering communities. 
    more » « less
  2. ; ; (, USENIX Security Symposium)
    The widespread availability of vulnerable IoT devices has resulted in IoT botnets. A particularly concerning IoT botnet can be built around high-wattage IoT devices such as EV chargers because, in large numbers, they can abruptly change the electricity consumption in the power grid. These attacks are called Manipulation of Demand via IoT (MaDIoT) attacks. Previous research has shown that the existing power grid protection mechanisms prevent any large-scale negative consequences to the grid from MaDIoT attacks. In this paper, we analyze this assumption and show that an intelligent attacker with extra knowledge about the power grid and its state, can launch more sophisticated attacks. Rather than attacking all locations at random times, our adversary uses an instability metric that lets the attacker know the specific time and geographical location to activate the high-wattage bots. We call these new attacks MaDIoT 2.0. 
    more » « less
  3. ; ; (, USENIX Security Symposium)
    The widespread availability of vulnerable IoT devices has resulted in IoT botnets. A particularly concerning IoT botnet can be built around high-wattage IoT devices such as EV chargers because, in large numbers, they can abruptly change the electricity consumption in the power grid. These attacks are called Manipulation of Demand via IoT (MaDIoT) attacks. Previous research has shown that the existing power grid protection mechanisms prevent any large-scale negative consequences to the grid from MaDIoT attacks. In this paper, we analyze this assumption and show that an intelligent attacker with extra knowledge about the power grid and its state, can launch more sophisticated attacks. Rather than attacking all locations at random times, our adversary uses an instability metric that lets the attacker know the specific time and geographical location to activate the high-wattage bots. We call these new attacks MaDIoT 2.0. 
    more » « less
  4. ; ; ; ; (, Earth's Future)
    Abstract The United States (U.S.) West Coast power system is strongly influenced by variability and extremes in air temperatures (which drive electricity demand) and streamflows (which control hydropower availability). As hydroclimate changes across the West Coast, a combination of forces may work in tandem to make its bulk power system more vulnerable to physical reliability issues and market price shocks. In particular, a warmer climate is expected to increase summer cooling (electricity) demands and shift the average timing of peak streamflow (hydropower production) away from summer to the spring and winter, depriving power systems of hydropower when it is needed the most. Here, we investigate how climate change could alter interregional electricity market dynamics on the West Coast, including the potential for hydroclimatic changes in one region (e.g., Pacific Northwest (PNW)) to “spill over” and cause price and reliability risks in another (e.g., California). We find that the most salient hydroclimatic risks for the PNW power system are changes in streamflow, while risks for the California system are driven primarily by changes in summer air temperatures, especially extreme heat events that increase peak system demand. Altered timing and amounts of hydropower production in the PNW do alter summer power deliveries into California but show relatively modest potential to impact prices and reliability there. Instead, our results suggest future extreme heat in California could exert a stronger influence on prices and reliability in the PNW, especially if California continues to rely on its northern neighbor for imported power to meet higher summer demands. 
    more » « less
  5. (, Weather, Climate, and Society)
    This study focuses on the Electric Reliability Council of Texas (ERCOT) electricity market in Texas and demonstrates how the increase in temperature due to climate change is already driving large increases in electricity demand and total electricity costs. Results show that, compared to a 1950–80 baseline climate, electricity demand in 2023 was 1.9 GW (3.9%) higher because of the extreme temperatures of that year—climate change contributed 47% of this increase, with the rest coming from short-term climate variability. As demand increases, so does the price per unit of electricity, so consumers are hit double: They must buy more electricity, and each unit of electricity costs more. Using data from the wholesale market, we estimate that the total cost of electricity (the combination of higher demand and higher per unit prices) increased by $7.6B in 2023 compared to the baseline climate, $290 per ERCOT customer, with most of this increase occurring during the summer. Climate change contributed about 29% of this ($2.2B, $83 per customer), while short-term variability contributed the rest. About two-thirds of this increase is due to price increases triggered when the ERCOT grid becomes constrained. Investments in increasing the power supply or the ability to transmit it across the state, or reducing demand (e.g., demand response), could substantially reduce the impact of increasing temperature on the cost of electricity in Texas. Significance StatementQuantifying the impacts of warmer temperatures due to climate change on society is a key goal of the climate science community. In this paper, we develop a methodology for calculating the cost of increased temperatures on electricity consumption. We show that climate change is driving up the costs of electricity in Texas. Compared to the climate of the mid-twentieth century, electricity demand was 4.1% higher in 2023, with climate change responsible for about half of this increase. This increased the total cost of electricity by $7.6 billion, $290 per person. Climate change contributed about 29% of this extra cost, representing a significant burden on the poorest in our society. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email