Officials blamed a power surge for the blackout on Dec. 28th that left LaGuardia airport in the dark for about 45 minutes, grounding flights. A look at the trend of power outages at American airports shows a disturbing pattern and possibly sinister cause.\nBackground\nAttacking an adversary\u2019s infrastructure is asymmetrical warfare. It causes a lot of damage for a very small cost. Cyberattacks are an ideal weapon as they disguise who might be behind them, making retaliation much harder.\u00a0 Attacks on the power grid for airports are especially devastating as they ground flights, stranding passengers and disrupting business nationwide. Just take a look at recent power outages:\n\nDec 28, 2018: New York sky turns bright blue after transformer explosion.\nJun 13, 2018: Power outages at Las Vegas airport cause delays\nAug 16, 2018: Power restored at Reagan National after \u2018airport wide\u2019 outage\nNov 15, 2018: Power restored at Bradley International Airport following multiple outages\nDec 27, 2017: Power restored at Disneyland after outage halts rides\nDec 18, 2017: Atlanta's Hartsfield-Jackson airport restores power after crippling outage\n\nThe New York Times reported in March 2018 of possible Russian cyberattacks on US power plants.\u201cForensic analysis suggested that Russian spies were looking for inroads \u2014 although it was not clear whether the goal was to conduct espionage or sabotage, or to trigger an explosion of some kind.\u201d\nA Symantec report noted that a Russian hacking unit \u201cappears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems.\u201d\nBlackIoT: How to disrupt the power grid with an IoT appliance botnet\nPrinceton University researchers Saleh Soltan, Prateek Mittal, and H. Vincent Poor explained at the 27th USENIX Security Symposium\u00a0how a botnet of high wattage appliances could do this. They explain how hackers could cause compromised appliances to turn on and off, creating an artificial demand for power, tripping generators and causing blackouts. What\u2019s terrifying about this is that the attack vector is low-security home appliances rather than more secure power infrastructure.\nPower grid operators typically assume that power demands are predictable. Consumers collectively behave similarly to how they did in the past and under similar conditions. However, with the proliferation of IoT devices and their poor security measures this isn\u2019t a safe assumption. An IoT botnet of high wattage devices (such as air conditioners and heaters) lets adversaries launch large-scale coordinated attacks on the power grid. Such Manipulation of Demand via IoT (MadIoT) attacks use botnets to manipulate the power demand in the grid.\nMany of these devices are controlled with mobile apps and home assistants such as Amazon Echo or Google Home. Hacker can manipulate the power demand and cause large scale black outs by compromising these home assistants. These MadIoT attacks manipulate power loads generated by devices that are much less well protected than the power grid\u2019s Supervisory Control and Data Acquisitions (SCADA) system.\nEven a small increase in demand may result in line overloads and failures. These initial line failures may consequently result in further line failures or as it is called, a cascading failure. An abrupt increase or decrease in the power demands by simultaneously switching on or off many high wattage IoT devices results in an imbalance between the supply and demand. This imbalance instantly results in a sudden drop in the system\u2019s frequency. Generators trip and can causes a large-scale blackout if the imbalance is greater than the system\u2019s threshold.\nIoT security standards\nThe Princeton research paper explains that MadIoT attacks are hard to protect against because:\n\nThe power grid operator only sees demand in aggregate from millions of users. This makes it hard to detect and disconnect the compromised appliances that are causing the artificial demand.\nAn adversary can easily repeat the attack when the power is restarted. This could cause persistent blackouts.\nMadIoT is a \u2018black box\u2019 attack where detailed knowledge of a power grid isn\u2019t needed. Just faking the demand is enough to cause overload situations.\n\nOne would expect the government to act quickly on IoT security guidelines in the face of such persistent and devastating cyberattacks. That isn\u2019t the case. Matt Leonard reports in FCW how \u201cSenators Mark Warner and Cory Gardner introduced the Internet of Things Cybersecurity Improvement Act of 2017. The bill prohibits agencies from acquiring IoT devices and sensors that aren't patchable and that don't have changeable passwords. So far, the bill hasn't received a hearing or a vote in the Senate Homeland Security and Government Affairs Committee, which has jurisdiction over federal procurement and cybersecurity\u201d.\nThe security recommendations from the IoT Security Foundation are a good framework for such guidelines. They advocate for a Hub-based security which factors in new IoT devices being installed. \u201cThe Hub device acts as a central point for trust and IoT environment management. It also makes use of existing security features \u2013 such as update mechanisms \u2013 and adds an additional layer of security to the IoT environment \u2013 such as traffic monitoring and lifecycle management. The Hub device achieves this by communicating with network elements such as routers, protocol bridges and IoT devices, aggregating information to offer support to home IoT administrators. It may also act as a gateway, enabling information sharing between the home IoT environment and other networks or entities, such as the IoT solution provider\u201d.\nThis would potentially protect high wattage devices from being compromised by hackers to manipulate power demands and cause blackouts.\nSo, bringing down our essential electric grid may be made easier with all of our new interconnected devices. That's how asymmetrical warfare works in the first place.