Cyberattack Evaluation of Cloud-controlled Energy Storage / Utvärdering av cyberattacker mot molnstyrda energilagringssystem

Oscarsson, Joakim, Öhrström, Frans

January 2024

The demand for electricity is rising rapidly, with more power generated through re-newable energy sources. Renewable energy sources can fluctuate in their power output atshort notice, making it more difficult to maintain the balance between electricity consump-tion and production in the short term. A solution that has gained increased interest recentlyis to connect battery energy storage systems to the grid as a means of maintaining balance.However, such systems are often controlled remotely by a cloud control system, creatingtime-critical control loops over the internet that are partly responsible for the stability andcontinued function of the electrical grid. Cyberattacks against these closed-loop systemscould devastate the electrical grid and the apparatus connected to it.In this thesis, a reference model is designed for an electrical grid load-balancing cloudcontrol system connected to remote battery energy storage systems and remote grid fre-quency sensors (measuring the balance between production and consumption). The modelis evaluated from a cybersecurity perspective by implementing a simulator and applyingdifferent cyberattacks on the simulated system.The results show that some of the most critical attack methods that a threat actor couldutilize are: disrupting the connections over the internet that are part of the closed-loopsystem, abusing remote access links from the outside to gain access to subsystems (suchas seizing control of batteries), or disturbing external dependencies to the cloud such asdomain name system (DNS) and network time protocol (NTP) servers or the contractsrelated to electricity trading. The most important cyberattacks identified in the thesis are:time delay switch (delays of messages), denial of service (disturbing message availability),false data injection (modifying message contents), replay (replaying old messages), andload altering (affecting the grid balance through direct altering of electricity consumptionand production).The simulated cyberattacks differ in how they affect the grid frequency, i.e. the gridproduction-consumption balance. Large enough network packet delays caused oscilla-tions in the simulated frequency. Denial of service attacks caused unpredictable behavior,and a high enough packet drop rate caused oscillations. For false data injection, the re-sults depend on which internet link was attacked and what injection strategy was used;some attacks caused oscillations, while others caused a steady state error or even an in-creasingly deviating frequency. Replay attacks were able to cause a deviation during thereplay window when used effectively. Finally, large enough load altering caused oscilla-tions, especially when an attacker had control over at least 15% of the system’s balancingpower.Overall, attacks on the simulated system are serious and precautions must be carefullyconsidered before such a system is implemented in the real world.

battery energy storage systems

cloud control systems

load frequency control

cybersecurity

Computer Systems

Datorsystem