Social media are a coordination device and coordinated behavior has many advantages. Social media was used to motivate, organize and coordinate movements like the Arab Spring and Black Lives Matter. Of course, coordination can also lead to conspiracy theories like QAnon, twitter mobs that police political correctness and riots that lead to death and destruction. For better or worse, coordinated behavior is likely to increase, creating more and more quickly moving mobs. The use and abuse of such mobs is only just beginning. One insidiously clever prospect is the use of seemingly benign coordination to bring down a power grid. What if everyone turns on their air conditioner and lights at the same time? In How weaponizing disinformation can bring down a city’s power grid, Raman et al. discuss how such a scenario could be generate by something seemingly as simple as sending fake coupons!
Social media has made it possible to manipulate the masses via disinformation and fake news at an unprecedented scale. This is particularly alarming from a security perspective, as humans have proven to be one of the weakest links when protecting critical infrastructure in general, and the power grid in particular. Here, we consider an attack in which an adversary attempts to manipulate the behavior of energy consumers by sending fake discount notifications encouraging them to shift their consumption into the peak-demand period. Using Greater London as a case study, we show that such disinformation can indeed lead to unwitting consumers synchronizing their energy-usage patterns, and result in blackouts on a city-scale if the grid is heavily loaded. We then conduct surveys to assess the propensity of people to follow-through on such notifications and forward them to their friends. This allows us to model how the disinformation may propagate through social networks, potentially amplifying the attack impact. These findings demonstrate that in an era when disinformation can be weaponized, system vulnerabilities arise not only from the hardware and software of critical infrastructure, but also from the behavior of the consumers.
Hat tip: Kevin Lewis.
Addendum: California is once again issuing rolling blackouts. Welcome to the future.