LAUSR

More and more thermostatic loads in power systems are transformed into thermostatically controlled loads (TCLs) through the heterogeneous Internet of Things (IoT) devices. The proportion of TCLs exposed to the Internet has also further increased. Considering TCLs’ response characteristics and the network security vulnerability of their associated IoT devices, it is possible to form a new threat to power systems, manipulation of demand (MAD) attacks. In this article, we reveal a potential attack scenario of this threat in the electricity market and propose a highly concealable and destructive cross-domain MAD attack strategy based on compromised TCLs, causing a tremendous economic loss for the power retailer (PR) and end-use consumers (EUCs). Finally, the effectiveness of the proposed MAD attack strategy is verified by simulation cases, highlighting the endanger of large-scale compromised TCLs in power systems and the importance of their associated IoT devices’ network security.