Assessing cyber-physical risks of IoT-based energy devices in grid operations.

The growing number of consumer-grade network-enabled Distributed Energy Resources (DER) installations introduces new attack vectors that could impact grid operations through coordinated attacks. This work presents a cyber-physical model and risk assessment methodology for analyzing the emerging nexus between Internet of Things-based energy devices and the bulk transmission grid. The cyber model replicates the device-level interconnectivity and software components interaction found within these architectures to understand the feasibly of coordinated attacks, while the physical model is used to assess the attack's impacts on the grid. The manuscript questions the validity of previous papers' claims regarding IoT-based grid attacks by addressing key limitations in both the power grid and cyber infrastructure models of those works. The resulting methodology is then evaluated using the Western Electricity Coordinating Council (WECC) electrical model coupled with DER's operational statistics from California. The results suggest that current DER penetration rates are not yet significant enough to present serious risk, but continued DER growth may be problematic. Furthermore, the work identifies policies that mitigate these risks through increased device diversity and cybersecurity requirements.