Cuffe, PaulPaulCuffeGowing, HughHughGowing2020-11-112020-11-112020 The I2020-07-06IET Cyber-Physical Systems: Theory & Applicationshttp://hdl.handle.net/10197/11685Internet-connected devices will represent an increasing proportion of the load served by electric power systems. As these devices could conceivably be hijacked and controlled remotely by a malicious actor, they could represent a new threat vector against the dynamic security of a power system. Such attack strategies have not been considered in the existing literature on power system cybersecurity. As an initial scoping exercise, the present case study explores whether such devices could be remotely hijacked and then maliciously power-cycled at particular frequencies to deliberately provoke harmful oscillations in an electrical grid. To gauge the broad feasibility of this novel style of attack, dynamic simulations are performed on two representative test power systems, at differing levels of attacker and defender resources. These simulations show that power-cycling just 1% of consumer loads at a system's resonant frequency may sometimes provoke harmful electromechanical oscillations throughout a national grid. This novel simulation exercise therefore implies that cybersecurity vulnerabilities at the consumer side could jeopardise the physical integrity of a nation's entire electricity supply.enThis paper is a postprint of a paper submitted to and accepted for publication in IET Cyber-Physical Systems: Theory & Applications and is subject to Institution of Engineering and Technology Copyright. The copy of record is available at the IET Digital Library.Computer network securityInternetPower gridsPower system securityPower system simulationPower system stabilityJournal Article5222623110.1049/iet-cps.2019.00122020-02-1015/SPP/E3125https://creativecommons.org/licenses/by-nc-nd/3.0/ie/