Like Dominoes Falling Over
Photovoltaic system disconnect.
For ease, they used a Flipper Zero device they had configured to send the proper telegram to the photovoltaic system. They did this after discovering that the Flipper Zero’s RFID reading mode could be used to send signals modulated with frequency-shift keying to receivers within a one-meter distance.
Credit: Positive Security
With confidence that an attacker could send unauthorized Radio Ripple Control telegrams that instructed real electrical systems connected to the grid, the researchers got to wondering: What’s the maximum amount of damage a malicious actor—most likely one working for a nation-state—could inflict?
The Maximum Amount of Damage
The researchers surveyed the grid to measure the capacity of power that small- and medium-sized renewable facilities could feed into the grid. They arrived at the estimate of 40 GW. Combined with the 20 GW of load they theoretically can add, that amounted to an unbalanced capacity of 60 GW, enough to power roughly all of Germany. They posited that a sudden change that added or ditched that amount of electricity from the grid all at once could create enough instability to take it down entirely.
Like Dominoes Falling Over
In a published summary of last month’s presentation, the researchers explained their thinking behind the estimate:
To understand, we need to look at the grid frequency. It’s 50 hertz, and it should always stay there.
- If it reaches 50.2 hertz or more, interventions are triggered to reduce the supply. For example, using the technology we’re discussing today to turn off solar parks.
- If the frequency drops below 49.8 hertz, other interventions occur, such as activating energy reserves or disconnecting industries that have contractually agreed to this happening. Also, the first hardware fails as it happened at Vienna airport.
- If the frequency reaches 49 Hz or less, automated stepwise load shedding begins, up to 50% at 48.5 Hz. That might sound a bit technical and sober, but what it means for the European grid is over 200 million people without power.
- At 47.5 Hz, power plants disconnect from the grid to protect themselves from damage. At that point, the grid needs to be rebuilt from scratch.
In theory, with a fully loaded grid at 300 GW, creating a 1 Hz change to reach this private load-shedding threshold requires an imbalance of 18 GW. However, such a large imbalance—though not even that massive compared to the 60 GW estimate—has never been seen.
In practice, one of the most recent incidents was in 2021, when approximately 3 GW of power were unexpectedly lost in Poland, causing the grid frequency to drop by 0.16 hertz. What this demonstrates is that the grid hasn’t yet faced such a significant imbalance.
Power Transfer
But if we start talking about imbalances of 18 GW, or 60 GW, or even more when considering other countries, there’s an additional issue besides the theoretical effect on grid frequency. That issue is power transfer.
If a significant amount of power is missing in one region, it must be transferred there over power lines that could become overloaded. These lines might then shut off to prevent damage, which could overload other lines, causing them to shut off too.
Such a domino effect—or cascade—happened in 2006, when a power line was shut off to accommodate a cruise ship transport. The planning wasn’t thorough, and a cascade of failures followed. So, the theoretical limits of the grid don’t fully capture the potential for much larger disruptions.
Send Malicious Telegrams to Select FREs
There are enough obstacles to make triggering such a catastrophic disruption challenging at best (Bräunlein’s and Melette’s assessment) or doubtful to unlikely (the assessment of an outside grid expert). The researchers noted three key requirements for such an attack.
Conclusion
Taking all of that into account, it’s clear there is enough power under radio control to cause serious trouble.
FAQs
Q: What is Radio Ripple Control?
A: Radio Ripple Control is a technology used to control and manage renewable energy sources connected to the grid.
Q: How can malicious actors use Radio Ripple Control?
A: Malicious actors can use Radio Ripple Control to send unauthorized telegrams to select FREs (Frequency Response Elements) that control real electric systems in their lab.
Q: What is the maximum amount of damage a malicious actor could inflict?
A: The researchers estimate that a malicious actor could create an imbalance of 60 GW, enough to power roughly all of Germany, and potentially cause widespread disruptions to the grid.
Q: Is it possible to trigger such a catastrophic disruption?
A: The researchers note that there are enough obstacles to make triggering such a disruption challenging at best, or doubtful to unlikely.
