TY - JOUR
T1 - Unveiling stealthy man-in-the-middle cyber-attacks on energy performance in grid-interactive smart buildings
AU - Qiao, Yiyuan
AU - Chen, Dongyu
AU - Sun, Qun Zhou
AU - Tian, Guanyu
AU - Wang, Wenyi
N1 - Publisher Copyright:
© 2024
PY - 2024/11/1
Y1 - 2024/11/1
N2 - Grid-interactive smart buildings integrated with building automation systems (BAS) have gained increasing attention in recent years because of their ability to enable timely data communication that links physical and cyber-based control systems. However, the increasing integration has made both buildings and power grids more vulnerable to cyber-attacks. This study highlights the critical importance of cyber security considering negative energy impacts on grid-interactive buildings, which can severely jeopardize the safety and stability of power grids. This paper first proposes a novel man-in-the-middle (MITM) cyber-attack with specific malicious intent to manipulate the building power demand from the heating, ventilation, and air conditioning (HVAC) systems. The model predictive control (MPC) strategy is implemented to maximize power consumption or load ramp rate while simultaneously ensuring optimal building thermal comfort and evading detection by building occupants. Furthermore, the expert rules, i.e., air handling unit performance assessment rules (APAR), are incorporated as critical constraints in the MPC algorithm to bypass the fault detection alarms. The results demonstrate the capabilities of the proposed MITM cyber-attack scenarios in achieving predetermined objectives without triggering any fault detection alarms. In attack Scenario 1, the total power consumption is increased by up to 55%, and in attack Scenario 2, the load ramp rate is increased by 19 times compared with the fault-free BAS. The comparison between DoS (denial of service), FDI (false data injection), and the proposed cyber-attack, which focuses on their impact on the power grid and concealment analysis, is conducted to raise awareness of the severity and stealthiness of the proposed cyber-attacks. This paper is among the first few developing comprehensive MITM cyber-attacks to intelligently manipulate building power consumption exploiting real-time BAS data. It unveils the important risks associated with BAS and provides valuable insights for further assessment of cyber security of grid-interactive smart buildings.
AB - Grid-interactive smart buildings integrated with building automation systems (BAS) have gained increasing attention in recent years because of their ability to enable timely data communication that links physical and cyber-based control systems. However, the increasing integration has made both buildings and power grids more vulnerable to cyber-attacks. This study highlights the critical importance of cyber security considering negative energy impacts on grid-interactive buildings, which can severely jeopardize the safety and stability of power grids. This paper first proposes a novel man-in-the-middle (MITM) cyber-attack with specific malicious intent to manipulate the building power demand from the heating, ventilation, and air conditioning (HVAC) systems. The model predictive control (MPC) strategy is implemented to maximize power consumption or load ramp rate while simultaneously ensuring optimal building thermal comfort and evading detection by building occupants. Furthermore, the expert rules, i.e., air handling unit performance assessment rules (APAR), are incorporated as critical constraints in the MPC algorithm to bypass the fault detection alarms. The results demonstrate the capabilities of the proposed MITM cyber-attack scenarios in achieving predetermined objectives without triggering any fault detection alarms. In attack Scenario 1, the total power consumption is increased by up to 55%, and in attack Scenario 2, the load ramp rate is increased by 19 times compared with the fault-free BAS. The comparison between DoS (denial of service), FDI (false data injection), and the proposed cyber-attack, which focuses on their impact on the power grid and concealment analysis, is conducted to raise awareness of the severity and stealthiness of the proposed cyber-attacks. This paper is among the first few developing comprehensive MITM cyber-attacks to intelligently manipulate building power consumption exploiting real-time BAS data. It unveils the important risks associated with BAS and provides valuable insights for further assessment of cyber security of grid-interactive smart buildings.
KW - Building power demand
KW - Energy impact
KW - Grid-interactive BAS
KW - Man-in-the-middle cyber-attack
KW - Model predictive control
UR - https://www.scopus.com/pages/publications/85201753157
U2 - 10.1016/j.enconman.2024.118949
DO - 10.1016/j.enconman.2024.118949
M3 - Article
AN - SCOPUS:85201753157
SN - 0196-8904
VL - 319
JO - Energy Conversion and Management
JF - Energy Conversion and Management
M1 - 118949
ER -