Energy experts are warning Australian regulators that connecting electric cars to the national power grid could open the door to a cyber security breach and widespread power outages unless the security settings are gotten right early.
Despite a national consultation paper on Australia’s transition to electric vehicles, energy experts said the cyber security implications of the move had yet to be flagged in the discussion and needed to be prioritised.
Electric Vehicle Council energy and infrastructure head Ross De Rango said tackling the issue was vital to preventing costly or damaging outcomes.
According to Mr De Rango, connecting vehicle charging technology to the national grid could introduce new security threats, as a hacker could exploit security flaws to force all vehicles to charge at the wrong times and create power outages.
“What happens if we are building a system where all of the EV charging normally happens at the right time and a malicious actor gets involved and all of a sudden the EV charging happens at the wrong time?” he said.
“That’s where cyber security comes into it.”
Unlike traditional power connections, security holes could be exploited in software by vehicle manufacturers, charging equipment, software providers, or energy companies.
“If you want to spoof (the current) signal then you need to climb a power pole with a set of alligator clips,” Mr De Rango said.
“The likelihood of an external malicious actor being able to do that is negligible. If we have a future where the means of connection and control is via the internet, there is a threat surface there that doesn’t exist right now.”
BlackBerry Asia Pacific and Japan engineering director Jonathan Jackson said security flaws had already been identified in electric vehicle charging equipment overseas.
A study conducted by Carlos Alvarez College of Business in the US identified “significant” security holes in 13 out of 16 EV charging stations, including missing authentication standards.
“The vulnerabilities just in the software alone on EVs is showing we’ve got a long way to go at a global level, not just in Australia, to ensure the security of the energy system,” Mr Jackson said.
“We don’t actually have a choice here. If we’ve got the stated gain of EVs helping us to drive to net zero (emissions), we are absolutely going to need to tackle this head-on. It’s a matter of if, not when.”
He also pointed to recent ransomware attacks on energy suppliers, including Queensland’s CS Energy in November 2021 and America’s Colonial Pipeline in May, as proof the national grid could be targeted.
But protecting Australia’s power network was achievable if regulators acted early.
“This is an addressable issue but we do need to talk about it now,” Mr Jackson said.
“Once all the buildings have got smart EV orchestrated, it’s going to be incredibly costly for everyone to bolt (security) on afterwards.”
With AAP