![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
walkitouthttps://arstechnica.com/information-technology/2018/08/just-say-no-wi-fi-enabled-appliance-botnet-could-bring-power-grid-to-its-knees/
For all your Worrying About Whether I Should Worry About That needs!
The comments section is particularly entertaining.
Observations conspicuously missing from the discussion: it’s actually pretty easy to match solar panel installation to AC installation in a way that more than compensates for the additional load. If you need AC, you probably have sunshine to collect.
I’m betting Poland’s grid — especially back in 2008, which is when they modeled this — is kinda dodgy, compared to ours, say. Not to pick on Poland, but they’ve had a lot of development catchup to do in the last few decades post Soviet years.
What is this about: could internet connected smart home devices be manipulated en masse by bad actors — Stuxnet style, botnet style — to take down the grid for a large region / country? The idea would be to get a lot of something with a substantial initial load (a water heater, a fridge) to power on in its high power draw mode simultaneously. And possibly do so again as the grid was being restarted to keep it down. There is some debate about whether the scenario is plausible (I don’t think it is particularly plausible in the US, altho not necessarily for the reasons given. How many people have really IoT’d their fridge and/or water heater in a way that would let you hack in and start them all at the same time?). However, in classic geek curmudgeon way, many of the commenters were opposed to all progress in this area, and express consternation that anyone wants any of this new fangled stuff at all.
Ah, comp.risks. I miss the days when I still got worked up about this sort of thing. No more! I actually have a lot of faith in our ability to not just invent stupid shit that people can abuse to cause problem, but to then identify the abusive idiots, throw them in jail, and put some additional safety protocols in place to make it a lot harder for the abusers to abuse.
Look. We still have fire alarms that can be pulled in any public building. Any idiot can pull them. And yet, we have taught a whole lot of low impulse control, bad actors with emotional lability not to do that more than once or twice. I’m pretty sure we’ve got this one.
ETA:
Here’s the paper:
https://arxiv.org/pdf/1808.03826.pdf
The comments included a mention of spinning reserve. R. noted that Very Large Batteries would also be protective. Both are mentioned in the actual paper. I’ve bogged down horribly in section 5, alas.
I haven’t finished, but it does seem like one way around this is to require anything with enough smarts to be manipulated into a Biggest Load state from afar, in a way that lots of them doing that at once would be a problem for the grid, should have the capacity to politely ask whether it is okay to go to its Biggest Load state, thus permitting a grid operator to say, um, no, and create an exponential backoff for requests to deal with the obvious next degenerate case.
Thus, refrigerators and water heaters would start to behave like annoying desktop computers: taking an interminable amount of time to reboot. But, you know, we’re increasingly used to that, right?
Also, that would protect against a lot more than just Bad Actors.
Altho, I’m starting to wonder if I somehow got the wrong paper. Because this doesn’t match the Ars coverage in a lot of salient details.
Yep. Same authors.
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-soltan.pdf
For all your Worrying About Whether I Should Worry About That needs!
The comments section is particularly entertaining.
Observations conspicuously missing from the discussion: it’s actually pretty easy to match solar panel installation to AC installation in a way that more than compensates for the additional load. If you need AC, you probably have sunshine to collect.
I’m betting Poland’s grid — especially back in 2008, which is when they modeled this — is kinda dodgy, compared to ours, say. Not to pick on Poland, but they’ve had a lot of development catchup to do in the last few decades post Soviet years.
What is this about: could internet connected smart home devices be manipulated en masse by bad actors — Stuxnet style, botnet style — to take down the grid for a large region / country? The idea would be to get a lot of something with a substantial initial load (a water heater, a fridge) to power on in its high power draw mode simultaneously. And possibly do so again as the grid was being restarted to keep it down. There is some debate about whether the scenario is plausible (I don’t think it is particularly plausible in the US, altho not necessarily for the reasons given. How many people have really IoT’d their fridge and/or water heater in a way that would let you hack in and start them all at the same time?). However, in classic geek curmudgeon way, many of the commenters were opposed to all progress in this area, and express consternation that anyone wants any of this new fangled stuff at all.
Ah, comp.risks. I miss the days when I still got worked up about this sort of thing. No more! I actually have a lot of faith in our ability to not just invent stupid shit that people can abuse to cause problem, but to then identify the abusive idiots, throw them in jail, and put some additional safety protocols in place to make it a lot harder for the abusers to abuse.
Look. We still have fire alarms that can be pulled in any public building. Any idiot can pull them. And yet, we have taught a whole lot of low impulse control, bad actors with emotional lability not to do that more than once or twice. I’m pretty sure we’ve got this one.
ETA:
Here’s the paper:
https://arxiv.org/pdf/1808.03826.pdf
The comments included a mention of spinning reserve. R. noted that Very Large Batteries would also be protective. Both are mentioned in the actual paper. I’ve bogged down horribly in section 5, alas.
I haven’t finished, but it does seem like one way around this is to require anything with enough smarts to be manipulated into a Biggest Load state from afar, in a way that lots of them doing that at once would be a problem for the grid, should have the capacity to politely ask whether it is okay to go to its Biggest Load state, thus permitting a grid operator to say, um, no, and create an exponential backoff for requests to deal with the obvious next degenerate case.
Thus, refrigerators and water heaters would start to behave like annoying desktop computers: taking an interminable amount of time to reboot. But, you know, we’re increasingly used to that, right?
Also, that would protect against a lot more than just Bad Actors.
Altho, I’m starting to wonder if I somehow got the wrong paper. Because this doesn’t match the Ars coverage in a lot of salient details.
Yep. Same authors.
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-soltan.pdf