The effect of SMiShing attack on security of demand response programs

Demand response (DR) is a vital element for a reliable and sustainable power grid. Consumer behavior is a key factor in the success of DR programs. In this study, we focus on how consumer reaction to Short Messaging Service (SMS) messages can disturb the demand response. We present a new type of threat to DR programs using SMS phishing attacks. We follow a holistic approach starting from a risk assessment focusing on DR programs' notification message security following the Smart Grid Information Security (SGIS) risk methodology. We identify threats, conduct impact analysis, and estimate the likelihood of the attacks for various attacker types and motivations. We implemented deterministic and randomized attack scenarios to demonstrate the success of the attack using a state-of-the-art simulator on the IEEE European Low Voltage Feeder Test System. Simulations show that the attack results in local outages, which may lead to large-scale blackouts with the cascading effect on the power system. We conclude that this is a new type of threat that has been overlooked, and it deserves more attention as mobile devices will continually be part of our lives.