Hacking EVs could threaten the power grid
In mid-June last summer, cybersecurity researchers warned that the growing popularity of electric vehicles could introduce new hacking vulnerabilities in the power grid. Even though this might be a not-so-recent piece of news it is, at a guess, still of interest for this community.
The warning from the experts is about the so-called electric vehicle supply equipment (EVSE) used for recharging plug-in electric vehicles (EV) as an infrastructure element. As the spread of EVs is increasing all over the U.S. it connects two critical infrastructures; the energy sector and the transportation sector, forcing them to unite their needs in this matter.
If a lot of such EVSEs were hacked simultaneously, controlled and manipulated it could cause power system problems on the grid. This is particularly true for medium and heavy-duty EVs, whose high-voltage chargers could do more damage if hacked, according to the National Motor Freight Traffic Association. For example, power outages could ultimately be caused by hacking multiple EVSEs by rapidly switching them on and off, causing extreme power fluctuations on the grid through load cycling. The effect could be devastating as, for example, gas stations would not be able to provide gas, grocery stores would not be able to provide goods, clean water could potentially become unavailable in larger cities, and so on. A team at the Sandia National Laboratories are exploring ways to prevent such a grid attack, which will be both difficult to pull off and to coordinate. Another concern is the lack of comprehensive cybersecurity guidelines related to the EVSE. Of course, both the electricity sector and the transportation sector are heavily regulated, but their safety focuses differ a bit. For example, the transportation sector rules cover “safety, anti-pollution, and energy consumption,” while the energy sector focuses on “safety and reliability.” In a symposium on EV cybersecurity hosted by the National Institute of Standards and Technology (NIST) last September, NIST concluded that the two sectors lacked coordination and had “very little understanding of each other’s concerns and approaches to cybersecurity.” Clearly, the two different regulatory frameworks were “not developed with each other’s operations in mind,” which could lead to “confusion and conflict over cybersecurity,” NIST said.
Matthew Carpenter, a senior principal security researcher at the cybersecurity and engineering consultancy GRIMM, states:
“That cooperation doesn’t mean there aren’t learning curves and struggles to achieving functionality, stability and security, but the parties involved seem to be paddling in the same direction, albeit from different yachts.”
“EVs represent an interesting and fresh attack surface. Once a vulnerability in a charger is found, it can be exploited to compromise the grid, other EVSE or even the vehicles themselves. New attacks for EVs are still being discovered: Batteries can be damaged and possibly explode. Electric motors can be individually driven in whatever direction and torque the programming tells them to.”
It should be taken into consideration that EVSE is still a new technology, and in tandem there is a lot of research on the potential cyberthreats. Next steps should be to turn this into practical defences.
Read more about the Symposium on Federally Funded Research on Cybersecurity of EVSE at:
Written by Joakim Rosell
The fifth-generation (5G) network is rapidly deployed around the world, after which artificial intelligence-enabled next-generation (6G) will be in line with the future evolution of network intelligentization . Proceedings of the IEEE's invited paper "Future...
Earlier this year in an AutoSec Newsletter it was reported that source code of mobile apps and internal tools developed and used by Nissan North America was circulating the Internet. The data had been shared on Telegram channels and different forums for hackers in the...
Tracker Network (UK) Ltd is a company that provides vehicle systems used for recovering stolen vehicles in the UK, and its stolen vehicle systems operate in all 52 police forces in UK. Tracker’s tracking solution combines GSM, VHF and GPS which available localisation...