Demand Response Cyber Incident

With all of the hullabaloo about hacking the Smart Grid and automated meters, we now have the first public case that I am aware of a cyber incident with demand response.  As in most control system cyber cases, it was not malicious. However, it did have a physical impact and potentially could have caused even more problems given the right circumstances.
CINCINNATI -- About 18,000 Duke Energy customers participating in an energy-saving program saved more energy than expected on Monday evening.  The customers are part of the Power Manager program that installs a box on air conditioning units that cycles the cooling system off for a few minutes during peak usage times.  But Monday night, an incorrect signal was sent to the boxes, a Duke Energy spokeswoman said. Instead of cycling, the boxes shut down the units for three hours.  The utility said it had never had a problem like it before and said human error was to blame. All units were back in operation by 8:30 p.m.

This type of incident can easily be repeated as more and more utilities attempt to remotely control their customers’ air conditioning.  The purpose is to reduce load demand during peak usage periods by raising the air conditioners setpoints to prevent rolling brownouts. The concern is if, by either intentional or unintentional reasons, the setpoints are lowered rather than raised. In that case, instead of preventing rolling brownouts, you can cause blackouts.

 As an aside, I was elected to the RISI Board and this is my first contribution.

Joe Weiss