Page 38 - 23_EETE_03
P. 38

38 EE|Times EUROPE



         EVs
        The Thin Ice of Green Energy Infrastructure


        By David Stroud, NanoLock Security



                  ith governments and manufacturers setting ambitious   2019 and 2022, including exploitations on EV charging stations that
                  green energy goals that are reliant on the mass rollout of   can easily be manipulated remotely and don’t require a high level of
                  electric-vehicle charging stations to support sustainable   skill on the part of the attacker. For individual consumers contemplat-
        Wmobility, the vulnerability of these endpoints must be   ing buying an EV, this is obviously disconcerting.
        part of the conversation. Hackers could knock out an entire network of   The risks with public charging stations are potentially even scarier,
        charging hubs—resulting in major disruption to the road network—by   however, as those chargers are connected to the public power grid.
        taking advantage of just one vulnerability in one device.   Researchers at the University of Georgia found that an attack on an EV
                                                              through a charging station could affect not only the charging station
        EVs’ ROLE IN NET ZERO                                 itself but also the vehicle control system as well as any infrastructure
        One of the chief goals that emerged from the Paris Climate Agreement   connected to it. A hacker who breached a swath of connected EV char-
        was to achieve net-zero emissions by 2050. While transportation is   gers could conceivably turn them all on at once, spiking power demand
        essential, it is also resource-intensive, and finding more energy-   and potentially crashing sections of the local power grid unequipped to
        efficient means is therefore crucial. In pursuit of this objective, national   deal with large, unscheduled swings in usage.
        governments have issued orders for the automotive industry. As part of
        the U.K.’s net-zero strategy, the government decreed that car manu-  LAG IN CYBER REQUIREMENTS AND STANDARDS
        facturers increase their offerings of zero-emission cars and established   While various support policies to promote EV deployments were
        benchmarks on EV sales. It also announced an investment of    instituted over the past several years, cybersecurity requirements and
        £582 million  into the market to combat the potential EV sticker price   standards are lagging. This is cause for concern because EV charger
                 1
        spikes that may result from the accelerated scale and sales mandates.   technology will surely face increased hacker interest as EV adoption
        Further, the government will be transitioning its full, 40,000-vehicle   rates rise.
        fleet to ultra-low–emissions vehicles in the next decade.   One obvious reason that EV charging stations—both public and
                                                              private—are eminently hackable is that in most cases, they are phys-
        CYBERSECURITY CONCERNS FOR EV CHARGE POINTS           ically accessible to bad actors. The data collected by the EV charging
        Because EV charging stations are connected to both the internet and   station, if compromised, can also be used to find patterns of users’ daily
        the vehicle, they pose an enormous opportunity for hackers to breach   routines, location data and private information.
        vehicles, homes, businesses and even the power grid—potentially creat-  To support the goals of increasing the number of EVs on the road
        ing a blackout in an entire city.                     while strengthening cybersecurity measures, government agencies like
          In 2021, U.K. cybersecurity company Pen Test Partners  identified   the U.S. National Highway Traffic Safety Administration (NHTSA) and
                                                 2
        more than a half-dozen vulnerabilities in private-use EV chargers   the U.K. Office for Product Safety and Standards have published guide-
        and one public-use charger. In addition to giving hackers the ability   lines that outline how manufacturers should build and test software
        to affect the chargers’ operations, some of the flaws discovered could   systems before releasing them into production models so they can
        even have been used to gain backdoor access into an owner’s own home   prevent hacking or theft attempts on their vehicles. These guidelines
        network.                                              include a way for consumers to report any potential security vulnera-
          Research published by Nasr et al.  in 2021 found seven vulnerabil-  bilities in their EV software.
                                 3
        ities affecting Schneider Electric’s EVlink charger product line. Other   The general principle relating to device-level security in the guide-
        experts have also issued warnings. The Critical Infrastructure Security   lines is that EV charging points must protect against the risk of harm to
        Agency (CISA), the U.S. federal reporting agency responsible for secu-  the charge point or disruption of its operation.
        rity disclosures, issued several security alerts on EV systems between   Existing approaches focus on preventing attacks. For this to succeed,
















                                                                                                                   IMAGE: SHUTTERSTOCK










        MARCH 2023 | www.eetimes.eu
   33   34   35   36   37   38   39   40   41   42   43