Can IoE become the new cyber sheriff for EVs or will EVs bring new threats for IoE?


December 18, 2020

The global fractions of cyber-attacks on the energy sector have always been significantly higher than those for other sectors. Oddly, most of the research focused mainly on energy efficiency than the security issues in this sector. With electric vehicles (EVs) in the energy ecosystem dynamics, there are new threats and challenges imposed on the whole energy infrastructure. For instance, attackers can now use their expertise to cause erroneous decisions, concealment of failures, alter billing in smart meter, and power outages, and blackouts. Most importantly, an EV is also a part of a more significant distributed storage resource when plugged in the charging stations that need proper management. These new vulnerabilities show a growing demand for extensive security analysis of EV charging services considering physical, cybernetics, human behavior, and regulatory policies. But how can this be done?

The Internet of Energy (IoE) is the new term for upgrading and automating electric infrastructures over the Internet, including embedded systems, ubiquitous charging, smart communication grid, and energy storage systems to provide more security control, privacy, safety, and dependability. A whole security layer in the IoE architecture is dedicated to secure network elements and components for different IoE security applications. The possibilities are immense, mainly in the era of machine learning/artificial intelligence. For example, an activity-based mobility model can be generated over time and communicated on the IoE network to detect anomalies. IoE can also forward security instructions over the Internet to defend against possible threats. To sum up, more control and automated security may become a reality for EVs soon by adopting the IoE potentials.   

Conversely, cyberattacks on the EVs can pose new threats and challenges for the IoE itself. For example, a group of compromised EVs can be leveraged to cause sudden IT infrastructure failures. If the attackers gain root access, they can tamper with the system status display and create a commotion in the energy market. Consequently, consumer devices can also be damaged, which can jeopardize human security and safety. As stated by Professor Gabriel Díaz Orueta in a recent webinar [1], ‘The good news is that we have a solution method, but the bad news is we have a solution method.’ There is currently only one solution method called the Security-Oriented Cyber-Physical State Estimation (SCPSE) that identifies the compromised set of hosts in the network and the maliciously modified set of measurements obtained for power system sensors. However, the question still remains if this existing solution method will suffice for new evolving attack types and scale to identify those.

Written by Nishat Mowla

Related Articles


Black-Hat Hackers caught

Earlier this year in an AutoSec Newsletter it was reported that source code of mobile apps and internal tools developed and used by Nissan North America was circulating the Internet. The data had been shared on Telegram channels and different forums for hackers in the...

read more