Can IoE become the new cyber sheriff for EVs or will EVs bring new threats for IoE?
The global fractions of cyber-attacks on the energy sector have always been significantly higher than those for other sectors. Oddly, most of the research focused mainly on energy efficiency than the security issues in this sector. With electric vehicles (EVs) in the energy ecosystem dynamics, there are new threats and challenges imposed on the whole energy infrastructure. For instance, attackers can now use their expertise to cause erroneous decisions, concealment of failures, alter billing in smart meter, and power outages, and blackouts. Most importantly, an EV is also a part of a more significant distributed storage resource when plugged in the charging stations that need proper management. These new vulnerabilities show a growing demand for extensive security analysis of EV charging services considering physical, cybernetics, human behavior, and regulatory policies. But how can this be done?
The Internet of Energy (IoE) is the new term for upgrading and automating electric infrastructures over the Internet, including embedded systems, ubiquitous charging, smart communication grid, and energy storage systems to provide more security control, privacy, safety, and dependability. A whole security layer in the IoE architecture is dedicated to secure network elements and components for different IoE security applications. The possibilities are immense, mainly in the era of machine learning/artificial intelligence. For example, an activity-based mobility model can be generated over time and communicated on the IoE network to detect anomalies. IoE can also forward security instructions over the Internet to defend against possible threats. To sum up, more control and automated security may become a reality for EVs soon by adopting the IoE potentials.
Conversely, cyberattacks on the EVs can pose new threats and challenges for the IoE itself. For example, a group of compromised EVs can be leveraged to cause sudden IT infrastructure failures. If the attackers gain root access, they can tamper with the system status display and create a commotion in the energy market. Consequently, consumer devices can also be damaged, which can jeopardize human security and safety. As stated by Professor Gabriel Díaz Orueta in a recent webinar , ‘The good news is that we have a solution method, but the bad news is we have a solution method.’ There is currently only one solution method called the Security-Oriented Cyber-Physical State Estimation (SCPSE) that identifies the compromised set of hosts in the network and the maliciously modified set of measurements obtained for power system sensors. However, the question still remains if this existing solution method will suffice for new evolving attack types and scale to identify those.
Written by Nishat Mowla
Open Web Applications and Security Project (OWASP) and AutoSec came together once again on December 12, 2020, over an online lunch seminar on the Zoom platform. The day's agenda included welcome notes by AUTOSEC and OWASP followed by two timely presentations by Tomas...
Last week, Reportlinker.com announced the release of "OEM Cyber Security Layout Report, 2020", written by “Research In China”. The report highlights that the most important attack vectors in automotive cybersecurity are mainly towards servers and digital keys. But...
Once again, we are approaching the end of the year, so what could be more convenient than an end-of-the-year-list of cyber incidents within automotive cybersecurity. The list is taken from Upstream’s 2021 Automotive Cybersecurity Report, and the incidents are just...