Demonstration of Man in the Middle Attack on a Commercial Photovoltaic Inverter Providing Ancillary Services

Abstract

Rapid modernisation of distribution power systems aims to improve system efficiency and reliability while increasing photovoltaic (PV) penetration levels. However, ensuring the cyber security of such smart distribution grids has emerged as major challenge. Cyber-attacks on key equipment of distribution power systems may lead to inefficient operation of the grid, breach private smart meter data or cause intentional false tripping of feeders. In this paper, a man in the middle attack on a commercial solar PV inverter, which provides ancillary services to the grid, is demonstrated to cause an intentional false tripping of the entire feeder leading to a regional blackout. The successful experimental implementation of the attack reveals the effectiveness and the risk of this attack. Detailed risk analysis is conducted to asses the influence of different factors, such as feeder loading and PV inverter capacity, on the effectiveness of the proposed attack.