Hacking EVs could threaten the power grid
In mid-June last summer, cybersecurity researchers warned that the growing popularity of electric vehicles could introduce new hacking vulnerabilities in the power grid. Even though this might be a not-so-recent piece of news it is, at a guess, still of interest for this community.
The warning from the experts is about the so-called electric vehicle supply equipment (EVSE) used for recharging plug-in electric vehicles (EV) as an infrastructure element. As the spread of EVs is increasing all over the U.S. it connects two critical infrastructures; the energy sector and the transportation sector, forcing them to unite their needs in this matter.
If a lot of such EVSEs were hacked simultaneously, controlled and manipulated it could cause power system problems on the grid. This is particularly true for medium and heavy-duty EVs, whose high-voltage chargers could do more damage if hacked, according to the National Motor Freight Traffic Association. For example, power outages could ultimately be caused by hacking multiple EVSEs by rapidly switching them on and off, causing extreme power fluctuations on the grid through load cycling. The effect could be devastating as, for example, gas stations would not be able to provide gas, grocery stores would not be able to provide goods, clean water could potentially become unavailable in larger cities, and so on. A team at the Sandia National Laboratories are exploring ways to prevent such a grid attack, which will be both difficult to pull off and to coordinate. Another concern is the lack of comprehensive cybersecurity guidelines related to the EVSE. Of course, both the electricity sector and the transportation sector are heavily regulated, but their safety focuses differ a bit. For example, the transportation sector rules cover “safety, anti-pollution, and energy consumption,” while the energy sector focuses on “safety and reliability.” In a symposium on EV cybersecurity hosted by the National Institute of Standards and Technology (NIST) last September, NIST concluded that the two sectors lacked coordination and had “very little understanding of each other’s concerns and approaches to cybersecurity.” Clearly, the two different regulatory frameworks were “not developed with each other’s operations in mind,” which could lead to “confusion and conflict over cybersecurity,” NIST said.
Matthew Carpenter, a senior principal security researcher at the cybersecurity and engineering consultancy GRIMM, states:
“That cooperation doesn’t mean there aren’t learning curves and struggles to achieving functionality, stability and security, but the parties involved seem to be paddling in the same direction, albeit from different yachts.”
“EVs represent an interesting and fresh attack surface. Once a vulnerability in a charger is found, it can be exploited to compromise the grid, other EVSE or even the vehicles themselves. New attacks for EVs are still being discovered: Batteries can be damaged and possibly explode. Electric motors can be individually driven in whatever direction and torque the programming tells them to.”
It should be taken into consideration that EVSE is still a new technology, and in tandem there is a lot of research on the potential cyberthreats. Next steps should be to turn this into practical defences.
Read more about the Symposium on Federally Funded Research on Cybersecurity of EVSE at:
Written by Joakim Rosell
ChatGPT got quite much attention in the last months. The release of GPT4 demonstrated once more the potential of foundation models. There have been many discussions and proposals on how natural language processing (NLP) can be used, e.g., the chat-bot functionality in...
Last summer a technical report from a project that intended to provide the power, security, and automotive industry a strong technical basis for securing the EV charging infrastructure by developing threat models, determining technology gaps, and identifying or...
The registration to the AutoSec Final Conference 2023 is now open via this link. Where? KTH, Stockholm or Online When? Wednesday, 29th March 2023 Please register your participation latest March 24th Agenda 09.30 Coffee & mingle 10.00 Start and welcome to...