Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Hacked Water Heaters Could Trigger Mass Blackouts Someday (wired.com) 175

At the Usenix Security conference this week, a group of Princeton University security researchers will present a study that considers a little-examined question in power grid cybersecurity: What if hackers attacked not the supply side of the power grid, but the demand side? From a report: In a series of simulations, the researchers imagined what might happen if hackers controlled a botnet composed of thousands of silently hacked consumer internet of things devices, particularly power-hungry ones like air conditioners, water heaters, and space heaters. Then they ran a series of software simulations to see how many of those devices an attacker would need to simultaneously hijack to disrupt the stability of the power grid. Their answers point to a disturbing, if not quite yet practical scenario: In a power network large enough to serve an area of 38 million people -- a population roughly equal to Canada or California -- the researchers estimate that just a one percent bump in demand might be enough to take down the majority of the grid. That demand increase could be created by a botnet as small as a few tens of thousands of hacked electric water heaters or a couple hundred thousand air conditioners. "Power grids are stable as long as supply is equal to demand," says Saleh Soltan, a researcher in Princeton's Department of Electrical Engineering, who led the study. "If you have a very large botnet of IoT devices, you can really manipulate the demand, changing it abruptly, any time you want."
This discussion has been archived. No new comments can be posted.

Hacked Water Heaters Could Trigger Mass Blackouts Someday

Comments Filter:
  • by Joe_Dragon ( 2206452 ) on Monday August 13, 2018 @01:51PM (#57117686)

    Rolling blackouts can fix it.

    • by Anonymous Coward on Monday August 13, 2018 @02:04PM (#57117780)

      Not connecting water heaters to the Internet might be a better fix.

      • Re: (Score:2, Funny)

        Not connecting water heaters to the Internet might be a better fix.

        Then how will the internet get hot water?

        • Then how will the internet get hot water?

          By posting anti-SJW documents for public view, then they'll be in all kinds of hot water.

      • by dublin ( 31215 )

        Actually, connecting water heaters via (secure) smart grid IoT has tremendous promise as perhaps the best possible large-scale energy storage method known:
        https://www.esource.com/ES-WP-... [esource.com]

      • by Megane ( 129182 )
        Natural gas-powered water heaters might be an even better fix. They might even be cheaper to run, too.
    • by AvitarX ( 172628 )

      Would you call a grid with rolling blackouts stable?

      I'd think stable means I can reliably get power off of it at a voltage close to what is expected.

      • Voltage, and correct frequency - most devices are relatively tolerant of sloppy frequency, but high power devices and high precision devices tend to be more sensitive.
    • Don't even need rolling blackouts. Most electric companies have programs where they can temporarily disable people's air conditioners to manage demand. This is done with mechanical relays. Usually these are voluntary programs where there is a financial incentive to participate. So your hack ratio would have to be higher than the participation ratio. Otherwise, the electric companies have a simple counter-measure.
  • Introduce a random time error into thermostats for things like HVAC systems -- even if they're all set to turn on at 6pm next Tuesday, some will turn on at 5:58, some will turn on at 6:00, some will turn on at 6:05. This will hopefully give the grid controllers enough time to adapt to a spike in load.

    Also, why do water heaters need to be "smart?" I thought they responded to demand -- if there's no hot water flow, the water stays hot in a well-insulated tank, and the heating element doesn't need to run. T

    • Also, why do water heaters need to be "smart?"

      Probably to respond to load shedding requests. Ideally that should only allow a signal to setback the water temperature setpoint. I suppose if they hacked a large number of electric water heaters to load shed, then waited a few hours for the water heaters to cool, and then took them all off of setback at the same time it could still cause a surge. Probably have better (or worse, depending on your viewpoint) results by hacking air conditioners or electric heat furnaces. But I doubt that there's enough ha

      • by mysidia ( 191772 )

        Probably to respond to load shedding requests. Ideally that should only allow a signal to setback the water temperature setpoint.

        That.... and I see another possible application. Usually hot water from the tank is needed Only during certain times of day.

        Major uses for hot water are: Showers... Hot Baths... Kitchen cleanup. Dishwashing. Laundry.
        All 4 of these tasks occur during certain days and times on a predictable weekly schedule; and among those only Showers/Baths and Dishwashing require

        • Set it too low and it's a great environment for bacteria. Small amounts of bacteria are found in tap water. A better way to make it more efficient is to add extra insulation around it, if you're concerned. Most new water heaters are already fairly well insulated. Also add some insulation on the outlet pipe, if accessible.

    • by DarkOx ( 621550 )

      if there's no hot water flow, the water stays hot in a well-insulated tank

      Because Newton's Law of Cooling.

      Although the tank is well insulated the greater the temperature differential between the water inside and the surrounding environment the greater the energy lossless will be. To simplify its nonlinear. Assuming its 60F in the crawl space under you house and you want the water to be 120F it will require the input of additional energy to keep it around there periodically. Insulated or not. It would require less energy to keep the water around 90F.

      Lets assume you work from 8

      • I hope your water is hotter than 120F. It should be at least 130F at all times to ensure legionella doesn't grow inside it.
        90F is a perfect temperature for it to grow. It prefers 70 - 115F to reproduce. 140F kills it.

        • EPA and DOE recommend setting hot water heaters no higher than 120 F to prevent burns. OSHA recommends 140 for the reasons you mention. I wouldn't doubt that California requires it be set at 120 F upon pain of public humiliation and fines.
    • by DarkOx ( 621550 )

      "Introduce a random time error into thermostats for things like HVAC systems" Might solve the grid loading problem but would not save energy. People are not stupid If they know the HVAC settings might go upto 15min one way or the other they will have them kick on 15min earlier. My heat comes up in Winter around 5:30 because I want my fingers and toes not be cold when I get out of bed at 6. I already know its going to take 1/2 hour for floors and such to warm up to the air temp. If I know the heat might

    • by mysidia ( 191772 )

      Introduce a random time error into thermostats for things like HVAC systems

      Usually when people lower the temperature on their thermostat to below the current temp; they expect their A/C to kick on immediately ---
      if there's a 2 minute delay between adjusting it in the app and seeing the new temp in effect on the thermostat, there are going to be complaints, since that is a long time.

      Better yet, have all new homes use tankless/"on-demand" heaters.

      Tankless heaters require MUCH more electric power while o

      • by Cyberax ( 705495 )
        Get a recirculation pump installed and connect it to a tankless heater. The piping in the house will serve as a heat reservoir and you'll also get immediate hot water.
        • The piping in the house holds a lot less energy than the water inside it, even if it's copper pipe. Lots of new houses have plastic pipes.

          • by Cyberax ( 705495 )
            It's still enough to make sure that you don't get water temperature drops. The recirculation pump also keeps the heater itself warm. It obviously reduces the efficiency, though.
      • Usually when people lower the temperature on their thermostat to below the current temp; they expect their A/C to kick on immediately

        Amen to that.

        Thermostats (room temperature things) in the UK are now all 'smart' energy saving things which attempt to heat a room to the set temperature without overshooting.

        But you're feeling a bit cold, instead of putting the tenperature up 1 degree, you have to put it up 3 so that the heating doesn't switch off until it's gone up 1 degree. (thats centigrade)

        I suppose they

      • Unless the tankless systems are gas powered, which they all should be unless you don't like hot water and are actually looking for "slightly warmer than the cold water tap"

    • On a somewhat unrelated note, I often set my cron jobs with random seconds and/or minutes so the servers don't get hit right at the turn of the hour. Too bad cron doesn't have a syntax for a random wildcard, like *? *? 4 * * * which would mean, anytime between 4am-4:59 59 will be fine.

  • But...

    Then they ran a series of software simulations to see how many of those devices an attacker would need to simultaneously hijack to disrupt the stability of the power grid.

    Wouldn't it just be simpler to run the calculation on paper?
    I can't personally help much here, all I've bothered to learn is how to calculate an appliance's electricity usage over X amount of days, but anyone with decent knowledge of supply and demand for powerplants should be able to do this fairly trivially I'd think. Correct me if I'm wrong.

    Not to mention the power usage likely* varies from one brand of product to the next, let alone one type of item to the next.

    *Would need a couple minutes of rese

    • Correct me if I'm wrong.

      You're wrong.

      Setting up a software simulation of this sort takes way less time than writing it out on paper. Writing it on paper would be even slower than using a graphing calculator for this task, though that would work fine if you're experienced programming it to do this stuff.

      You just don't imagine how easy math is using a statistical programming language like R, or even Matlab.

      Even C would be faster than paper, for a person well-practiced in both.

      But worse, on paper you could have a much wider variety o

  • Remind me again why our hot water heaters need to be online? Better yet, why don't we have on-demand ones that ..you know, just supply hot water, on demand; no connectivity required.

    While I can see the danger presented, let me ask this hot water question related question: Should we be just as concerned with remote execution of code that causes a hot water to overheat and either explode, or catch a house on fire?

    • Remind me again why our hot water heaters need to be online?

      My guess is efficiency? If you work 8 to 5- no need to have the water heating up during that time. If you hurt your back on the job and come home early for a soak, you can use your phone to turn your heater on earlier than expected and be ready for you.

      Dunno- I have a brand new heater and it is a regular old dumb water heater- I'm not in the smart-water heater income range so didn't even consider it.

      • I agree with efficiency, but that's a scheduling function, not something that should require being connected...

        If you hurt yourself and want the water warmed up before you get home, you'd still have to have someone draw the bath. I'm not sure this is something that should ever really need to be connected, even if you give it some 'smart' functions.

    • Remind me again why our hot water heaters need to be online? Better yet, why don't we have on-demand ones that ..you know, just supply hot water, on demand; no connectivity required.

      While I can see the danger presented, let me ask this hot water question related question: Should we be just as concerned with remote execution of code that causes a hot water to overheat and either explode, or catch a house on fire?

      For the ordinary homeowner no absolute benefit. For large multi-story apartment complexes, it could be valuable to minimize damages with quick notifications on leaks...

      • by zlives ( 2009072 )

        you mean like when you call the ladlord for repair and he sends some one over right away next tuesday?

    • by pz ( 113803 ) on Monday August 13, 2018 @02:13PM (#57117858) Journal

      There is no need for your hot water heater to be online. Nor for your watch. Or your lightbulbs. Or oven, piano, fireplace, thermostat, fire alarm, bed, doorbell, garage door opener, iron, washer, dryer, or any of the IoT things, really. It's all artifical demand, and hopefully like the artificial demand for 3D televisions that self-extinguished in the face of lackluster consumer reception, the IoT will go away once the market doesn't support it.

      Your refrigerator needs more insulation, not to run an operating system.

      • by HornWumpus ( 783565 ) on Monday August 13, 2018 @02:54PM (#57118136)

        The grid is stabilized by the load having a positive reactance. When voltage drops, most old fashioned devices draw less power. This is a negative feedback that stabilizes the grid, when power is short, everybodies old fashioned devices naturally draw less power..

        Switching power supplies are the opposite. When voltage drops they draw more current to maintain their output voltage.

        When switching power supplies are more load than AC motors, the grid will have big problem.

      • > Nor for your watch

        I personally don't wear a watch so I have no bias either way, but I could see some people wanting this internet connectivity in a watch in case they don't have their phone.

        For the rest, yup. Why the fuck would you want half of your (unsecured) house connected to the internet where any Tom, Dick, or Harry can hack it???

        IoT is just a disaster waiting to happen. Can we rename that stupid Internet of Things to be what it really is?

        IoT = In-waiting of Tragedy

        I guess the masses need to ha

      • True. Conveniences are not needs. It doesn't mean that it's not nice to have.

        A smart home has been a dream since before the Jetsons.

        I have done a lot towards rewiring my house to connect it online. It's nice to be able to turn on one of my fan lights instead of all 3 in the morning. It's nice to be able to get notified when someone approaches my house or to see a video of the person at my door.

        It's nice when I go on vacation to be able to create a code to let some inside my house on the fly because the

    • by Ichijo ( 607641 )
      To save you money by powering off when electrical demand is high in areas where demand management is in place, and to coordinate with other water heaters so they don't all turn on at once and cause the voltage to sag.
      • Our home had this around 25 years ago: the electric water heater (for the shower) was hooked up to a bakelite box with 2 pushbuttons. The box would turn the heater on automatically twice daily, by means of a signal sent on the grid. The electric company did this in periods of low demand, and charged an extra low rate for the power used. (The pushbuttons were there to turn the heater on manually)

        This so called little-examined issue with hacked boxes all turning on at once came up later, but not that mu
      • How does that work in this case, where that management is compromised?

    • Should we be just as concerned with remote execution of code that causes a hot water to overheat and either explode, or catch a house on fire?

      If you haven't seen it I recommend tracking down the Mythbusters episode on exploding water heaters. Essentially, they have a physical pressure release value that even if the heater is overheated then eventually steam would come out of that valve; assuming it hasn't been plugged or rusted shut. The steam could cause a problem because of the moisture but probably not a fire. However, if it does explode, as seen in that episode, it's far more devastating then you would think.

      • On-demand water heaters don't have relief valve, as they don't have tanks. They're either electric based or gas based heaters that heat a sink of pipes that water moves through when you turn on the faucet. So, if you over-ride and crank up the heating element without water movement, you have a heating element that isn't disappating, and that's boiling water inside your pipes.

        Tank-based water heaters are being phased out by law in most places in the US.

  • by Thomas Charron ( 1485 ) <twaffleNO@SPAMgmail.com> on Monday August 13, 2018 @02:15PM (#57117874) Homepage

    Sorry, but they where able to induce a bad problem when fed into software unpublished software models based on Polands energy grid from 12 years ago. The article infers that power companies cannot tolerate a 1% unpredictability, and that is simply inherently false.

    • by xeoron ( 639412 )
      1% more does not add up. Didn't more efficient lights and electronics bring down the total usage of energy throughout the whole US by 2 to 3 percent for the last several years?
      • Exactly. In my opinion, they found a singular instance where they where able to cause a cascading failure, which I totally buy. Cascading failures have happened in the past, such as the entire east coast going dark in what, the early 2000's? But this is not very representative of a real world, repeatable scenario.

  • by bobbied ( 2522392 ) on Monday August 13, 2018 @02:18PM (#57117894)

    I worked as a professional stage hand in college. It was an interesting job and a lot of fun. Got to meet a lot of interesting people, even a celebrity or two.

    One night, when working in a small town in western North Carolina, we didn't have much to do that night so we decided to play. We took every last light fixture we could, wired them up to the dimmers to "play" with them. The idea was to come up with a crazy rock and roll type light show to amuse ourselves and maybe learn some stuff by playing with the control board. It took hours to wire it all up and it was the wee hours of the morning when we where ready.

    Of course, we wanted the maximum effect when we turned all this on, so after a brief discussion, we agreed we'd turn every fixture we had wired on, all at once, or a "bump to full" and enjoy the blaze of glory we had created. The electrics op configured the scene on the old analog board by running all the channels to full and punched up the scene onto the main fader to await the queue that we where all ready to witness the spectacle of every light in the place going to full at the same instant.

    I'm sitting in the middle of the house with my co-workers and dramatically the house lights dim slowly. We all wait in anticipation of what we all know is coming. Then it happens, every light in the place begins to flash on in a blinding display as the "bump to full" and just as quickly the whole place goes black. We all thought the electrics op had bumped to black for effect, but eventually we hear him yell "What happened?" Looking around we realize that NOTHING is on except for the battery operated exit lights, nothing. The power was out.

    Walking out side you could see most of the town and it was also totally black. It stayed out for about half an hour, then popped back up.

    My guess is that we tricked the electric provider into shutting down the town by massively increasing the load in the dead of night and tripping protection systems, designed to avoid power surges and the voltage excursions that come with them. We thought about trying it again, but figured that knowingly doing something like that might be frowned on if we kept doing it. Besides, it was 2AM and time to get to bed, even for us stage hands.

  • by Gravis Zero ( 934156 ) on Monday August 13, 2018 @02:19PM (#57117904)

    Step one is to isolate as much of the power grid as possible by decentralizing power generation and storage. Solar and battery for most even home would drastically reduce the potential fallout for any attack.

    Step two is to STOP FUCKING HOOKING SHIT UP TO THE INTERNET. Anything connected to the internet should be considered to be both unreliable and a liability.

  • by aaarrrgggh ( 9205 ) on Monday August 13, 2018 @02:22PM (#57117930)

    A 1% spike would not be likely to cause problems, but (specific to California) 3% would safely cause curtailment calls. Even for that though, you would need to go 3% below nominal first and then turn everything on at once.

    The real vulnerability is in being able to game sub ~5-minute demand before the current systems can comfortably accommodate it. As we get more batteries on the grid, that risk dissipates pretty quickly.

    If it could be done with 1% load variation, the markets would have figured out how to game it already.

  • Yes, yes, yes, yes, and what if the Core is made of cheese?

  • be connected to the Internet? Also, there is no way in hell even 10% of water heaters are ever going to connect to the internet. Most are in apartments (since those have the densest populations) and as somebody who lives in an apartment I can tell you they use the cheapest ones you can buy.
  • by WillAffleckUW ( 858324 ) on Monday August 13, 2018 @02:48PM (#57118098) Homepage Journal

    We just need to install a fourth unnecessary level, using the WaterChain, to encrypt our water heaters and home furnaces from remote hacking. Then we can put all the credentials files on a laptop and lose it in an airport, exposing all of our national water infrastructure.

    Cold showers in January are a good thing, right?

    (caveat: passive solar water heaters will still work, as will disconnected PV water heaters running off grid)

  • I can believe that all the utilities in California may be well interconnected, but Canada is 20 times the land area and there is no real nationwide grid. Some provinces have more interconnects than others, but there are probably as many interconnects to US states as there are domestic ones.

  • All this has, I don't know, been known for 5-10 years, maybe longer?

  • by pointybits ( 818856 ) on Monday August 13, 2018 @07:42PM (#57119664)
    Electric cars plugged in to high-current outlets waiting to charge off-peak, which also have remote controls to run the heater from the mains to pre-heat the car, would be another very high-demand load, though hopefully harder to exploit.
  • tl;dr: hackers taking over millions of anything is bad.

  • The cost of electricity in most places people live in the USA will vary between -$0.02 and $7.00 per KWh. Some places even more. The utility really hates it when they have to pay $7/KWh and you should too because the price will be passed on to you eventually. So it would be nice if you shut off your electric water heater or your pool pump or turned up your thermostat when this happens. Most of your meters run a protocol called ZigBee Smart Energy. It's a low power, low bandwidth protocol. It contains
  • Comment removed based on user account deletion

It was kinda like stuffing the wrong card in a computer, when you're stickin' those artificial stimulants in your arm. -- Dion, noted computer scientist

Working...