Skip to Main Content

Strategic Business Insights (SBI) logo

Internet of Things September 2018 Viewpoints

Technology Analyst: Guy Garrud

IoT Risk to Power Grids

Why is this topic significant?

Energy grids are attractive targets for state-level cyberattacks, and domestic IoT security vulnerabilities could present a potent attack vector.

Description

In August 2018, cybersecurity company McAfee revealed that it had discovered a vulnerability in Wemo Insight smartplugs, which are manufactured by Belkin. The vulnerability (a buffer overflow) meant that the cybersecurity researchers not only were able to assume control of the smartplug (controlling when the plug switches off and on) but also could use the plug as an entry point for infiltrating a user's wireless network.

Even if a security vulnerability in a smart plug or smart power outlet doesn't enable an attacker to infiltrate a user's network, the vulnerability could still have major consequences beyond those of an individual compromised IoT device. Also in August 2018, Princeton University researchers presented their look into whether a cyberattack could use high-wattage IoT-connected devices to damage power grids. The team developed simulations of grids that experience manipulation of demand through the Internet of Things (MaDIoT) and inferred that an adversary could disrupt service by taking control of "60–90 thousand" IoT-connected heaters, cookers, air conditioners, and similar appliances.

The researchers describe three potential end results from attacks. Frequency instability resulting from a sudden spike in demand could lower the frequency across a grid and trigger generators to shut down. Alternatively, attacks that focus on disrupting the balance of supply across a grid (creating high demand in only some areas) could result in power-line failures. Last, even without causing physical damage, an attack that dramatically increases energy demand could force power companies to buy additional power from external providers, increasing the cost to the power company.

Implications

Smart power outlets or smart plugs are popular options for users to add a level of IoT functionality to some domestic appliances. Users could potentially operate lamps, heaters, and air conditioners by switching a power socket on or off. In practice, many of these devices have additional controls such as timers and thermostats that also control when a device is drawing power.

Switching domestic devices off and on is unlikely to be of interest to many cybercriminals (users can simply remove or replace infected power outlets or smart plugs, unlike ransomware that encrypts a user's computer), but energy grids are an attractive target for state-level cyberattacks. December 2015 saw the first such attack, which disrupted the supply to about 230,000 people in Ukraine. More recently, in March 2018, the US government cited cyberattacks against US power grids as part of the reasoning behind imposing new sanctions against Russia.

Impacts/Disruptions

MaDIoT attacks could present a major issue for power companies and governments. At the heart of the problem is that consumer smart power sockets and smart plugs lie outside the control of energy companies.

One potential solution could be to use future generations of smart energy meters to disconnect properties remotely when an energy company detects suspicious behavior. However, that approach assumes that the energy company would be able to determine accurately when an attack is taking place and effect the disconnections before any physical damage to the grid infrastructure occurs.

Scale of Impact

  • Low
  • Medium
  • High
The scale of impact for this topic is: High

Time of Impact

  • Now
  • 5 Years
  • 10 Years
  • 15 Years
The time of impact for this topic is: 5 Years

Opportunities in the following industry areas:

Energy generation and supply, infrastructure maintenance, smart metering, connected appliance design, cybersecurity

Relevant to the following Explorer Technology Areas:

Progress in Connected Retailing

By David Strachan-Olson
Strachan-Olson is a consultant with Strategic Business Insights.

Why is this topic significant?

Connection and digitalization of retail locations could improve customer experiences and operational efficiencies of stores. The continued growth of e-commerce will force brick-and-mortar retailers to innovate.

Description

The Internet of Things and machine learning have potential to revolutionize the way retailers operate stores. Connected technologies offer methods to optimize retail operations and provide insights into how customers shop. Candidate technologies come in a wide variety—including radio-frequency-identification (RFID) tags, smart cameras, smartphone beacons, floor sensors, and robots. Numerous companies are making progress to create connected retail environments.

  • BingoBox operates over 300 unattended convenience stores in China, using app-controlled store access and self-checkout with RFID-tagged goods. Amazon.com uses cameras and shelf sensors for checkout-free shopping at one Amazon Go store in Seattle, Washington, and intends to open similar stores in Chicago, Illinois, and San Francisco, California.
  • Microsoft and Walmart agreed to a partnership that includes collaborative projects that focus on machine learning, artificial intelligence, and data platforms and a five-year agreement for Walmart to use Microsoft Azure and Microsoft 365 cloud services. In advance of the partnership, Microsoft reportedly demonstrated technology that aims to rival that of Amazon Go.
  • Numerous other companies—including AVA retail, Pilot AI, and Horizon Robotics—are developing data-collection and -analysis tools for the retail industry using cameras and machine learning.
  • A number of robotics companies—including Bossa Nova Robotics, Simbe Robotics, and Fellow Robotics—are developing shelf-scanning robots for retail stores. Such robots maneuver autonomously along aisles and use sensors to count inventories, identify misplaced items, check price labels, and perform other tasks.

Implications

Many connected retail technologies focus on data collection and analysis of store operations and customer behavior. Extensive data collection is already common with e-commerce sites, which use shopping data to build recommendation algorithms to encourage customers to purchase more items. In-store sensors could collect a wealth of data about customer behavior, such as shopping frequency, length of visit, products customers interact with, and how customers move through a store. Such data about shoppers could provide retailers with new insights to help them redesign stores to promote certain products better and encourage more purchases. Sensing technology could also allow stores to implement dynamic advertising. When a customer interacts with a product, a nearby display could begin to show an advertisement for that product. Sensors and robots can also help stores keep track of store inventory. Maintaining an accurate inventory helps to ensure that customers can find items quickly and helps to prevent missed sales that occur when an item is out of stock.

Impacts/Disruptions

The continued growth of e-commerce will force brick-and-mortar retailers to innovate, which will likely include the adoption of connected technologies. Sensing systems and robotics could potentially reduce staffing requirements for checkouts, inventory accounting, and loss prevention. Staff could instead focus on customer service and selling products. Connectivity could also help integrate stores as part of large retailers' e-commerce initiatives. Precise inventory tracking can allow retailers to offer new capabilities, such as online ordering for same-day in-store pickup, which helps brick-and-mortar retailers better compete with e-commerce-only sites. Likely, large retailers will be the most able to adopt new technologies to lower operation costs and improve efficiency, further exacerbating the challenges faced by small retailers. However, as retail locations adopt more invasive tracking technologies and especially if they implement profile-based customer tracking, customers could become concerned with invasions of privacy.

Scale of Impact

  • Low
  • Medium
  • High
The scale of impact for this topic is: High

Time of Impact

  • Now
  • 5 Years
  • 10 Years
  • 15 Years
The time of impact for this topic is: Now to 5 Years

Opportunities in the following industry areas:

Retail, sensors, computer vision, service robots, digital advertising, e-commerce

Relevant to the following Explorer Technology Areas: