Does V2G pose a cyber threat to the grid?
V2G is becoming recognised for its potential to coordinate grid flexibility. However, connecting EVs to the grid might not be all it’s cracked up to be as cyber vulnerabilities could cause this intimate interconnection to backfire – literally and figuratively.
Vehicle-to-Grid (V2G) systems are fast becoming the talk of the town due to their capability in coordinating grid management as more renewables come online.
And with fleets of Electric Vehicles (EVs) mobilising and ‘V2G stabilizes the grid’ becoming a more common headline by the day, the role of V2G grids in our energy system needs to be interrogated. They are becoming intricately connected with the energy transition but with anything that is digitally evolving, cyber threats abound.
Whether the vehicle itself, its charging infrastructure, the communication networks between the EV and assets or the grid to which the EV connects; there are a number of vulnerable touch points potentially open to those with malicious intent.
Have you read:
UK announces £16m in V2X and demand side response projects
Ending the ICE age to put EVs in the fast lane
V2G’s value proposition
A study from Xu et al released earlier this month – Electric vehicle batteries alone could satisfy short-term grid storage demand by as early as 2030 – indicates the immense potential that is offered when looking at EVs as a fix for grid complications.
Electrification and renewables, they state, are both high priorities when it comes to a net zero scenario. But this can, and will, create complications.
For grid situations where there is an influx of renewable energy coming online – for example, think the Dutch grid, currently being at capacity – or where the infrastructure simply can’t withstand the number of electrical assets coming online and the concurrent explosion in demand, V2G provides an interesting value proposition.
A V2G system sees the EV through the lens of a ‘battery-on-wheels’. Bidirectional charging capability within the EV allows for the vehicle to charge during hours of low demand and exorbitant supply. Then during peak hours, excess energy can be discharged back into the grid.
Through this system, consumers can become players in the industry and allies to their utilities by providing a path of demand response management and flexibility.
The potential for renewable integration increases, the intermittency error 404 becomes less of a red flag, and voila – V2G saves the day.
This capability is why V2G has been experiencing a wave of prototypes, projects and even consortiums dedicated to figuring out how we can employ this tech at scale.
So why is cybersecurity a problem for something like an electric vehicle?
According to Roy Fridman, chief executive officer of C2A, an EV-focused cybersecurity company, the problem arises – and becomes exacerbated – as EVs start to transform from not only batteries but actual “computers on wheels”.
Fridman stated that “common knowledge is that the EV is becoming an iPhone, or computer, on wheels. It’s transforming from a hardware into a software creature.
“This has a lot of implications when talking about cybersecurity, because the more connected, the more electric and the more autonomous the vehicle is, there more attack vectors there are. And because of the scale at which this technology is developing, cybersecurity needs to be [more of a priority].”
Also of interest:
Getting EVs on the roads – the role of business
The emobility innovation driving Rotterdam’s energy transition
And as EVs become more digitally managed and connected to the grid, these vectors only increase in scope.
“Infrastructure is a major concern…the electric vehicle has a lot of connected interfaces…and one of the major ones is charging. Communication runs between the vehicle and charging stations that will evolve and become more and more complex in the future.
“[This] is V2G – energy management…between the vehicle and the charger itself. It is an attack vector for suppliers and…can significantly increase the risk for cyber-attacks.”
So, what are the consequences?
The repercussions of a cyberattack on EVs vary.
According to Moghadasi et al (2022) in Trust and security of electric vehicle-to-grid systems and hardware supply chains, while the opportunities presented by bidirectional charging are immense, so too are the consequences.
To illustrate this, the paper cites how in 2019 security experts identified three big cybersecurity flaws in EV charging stations.
The first was identified as critical, tied to a hard-coded credential bug that could enable attackers to gain access to the charging device; the second high-risk, where remote attackers could gain high privilege, unauthorised access; the third medium, where access could be granted to web interfaces with full privileges.
Because these stations are connected to the grid, the threat extends to the power grid, where high-watt devices can be used as an attack.
As per Kuldeep Saini in Automotive cybersecurity: the future of EV charging stations, when it comes to V2G communications infrastructure, attack vectors present across the EV, charging infrastructure and exchanged information – vulnerabilities that were expressed as a major concern by Fridman.
“The electric vehicle itself is connected to the charger through a smart communications interface between the charger and the EV.
“Cyber threat scenarios include overloading the battery management system inside the vehicle, and – in extreme situations – blowing up the car itself…I’m not a big believer in scaring people, but this is something that should be considered when thinking about a Tesla or 10 or more EVs sitting near a shopping mall.”
And as V2G tech and cyber threats continue to evolve at pace, coming up with a fix is no easy task.
According to Fridman, the best approach is for utilities and tier 1 suppliers to take cybersecurity considerations into account at all times.
Fridman stated how, “because of the scale at which this technology is developing, cybersecurity needs to see software managed at scale.
“The full lifecycle of software goes design, development, testing, production and post-production. This is a circular process. And [because of this circularity] when talking about cybersecurity, you need to address all of these stages.”