...
Malicious Firmware
Supply Chain Attack
Unpatched Components
Compromised Vendor
Compromised Employee Workstation
Compromised Management System
Vulnerable Network Interface
Poor Programming Practices
Inadequate Testing
Unpatched Components
Supply Chain Attack
Broken Firmware
Poor Programming Practices
Incorrect Logic
Inadequate Testing
Unpatched Components
Side Channel Attacks
Malicious Inputs
Forged data from Smart Inverters
Forged data from EVSE
Attack on the Provisioning Interface
Privilege Escalation
Isolation Escape
Attacker is able to escape isolation mechanism and access core environment
Direct Hardware Attack
Decap Chip
Access to programming interfaces
Replace Firmware
Retrieve and decompile firmware
Swap out the chip
Resource Exhaustion
CPU
Memory
Storage
HAN Communications
LAN Communications
Denial of Service
HAN Communications
LAN Communications
Peer-to-Peer Attacks
Potential Attacker Objectives
Access to the Utility Internal Network
Controlling the Remote Service Switch (or other actuator)
Attacking devices within the Home
Coordinated attacks across Homes
Note: there are papers which demonstrate that coordinated attacks on as little as 1% of the load can cause grid instability.
Manipulating readings (typically for theft)
Steal data (privacy, spying on customers etc.)