Securing Electric Vehicles

Kathryn Bunner
January 18, 2017

Submitted as coursework for PH240, Stanford University, Fall 2016

Introduction

Fig. 1: Tesla electric car plugged into the charger. (Source: Wikimedia Commons)

Many Americans have become obsessed with minimizing their carbon footprint, and for good reason. One way people are pursuing this is through the usage of electric cars. While the more common considerations are energy efficiency and price, there is another aspect that is incredibly important to consider: security. The new usage of electricity in charging vehicles is creating a new set of challenges for energy providers - especially cybersecurity and the safety of the electric grids they rely on. Electric cars promote sustainability and renewable energy, but they impose an entirely new range of obstacles for cybersecurity professionals.

Problems and Concerns

From the consumer perspective, the simplicity of plugging in the car to charge is highly appealing because it is convenient and intuitive. But there is much more happening behind the scenes that the designers must take into account. When a car plugs into its charging point, a system of communication is created between the car, the charger, and the utility provider (see Fig. 1). It is important that every electric car on the grid is able to receive the energy and electricity flow it needs, produce any financial transactions associated with charging, and secure the personal data of the user. The car's system must be able to do all this while rejecting any possible attacks. [1] For example, vehicle hacking is when someone attempts to gain unauthorized access to vehicle systems for the purpose of retrieving driver data or manipulating vehicle functionality. NHTSA's Vehicle Cybersecurity Department states that cybersecurity should never be an afterthought. [2] They realize that for the public to accept their vehicle systems and technology, a level of trust and security must first be established.

The National Institute of Standards and Technology's documented Cybersecurity Framework gives a structured approach to cybersecurity, which the vehicle industry should follow. [2] These five principals are identify, protect, detect, respond, and recover. This approach would allow a comprehensive and systematic approach to developing layered cybersecurity to be built for protecting vehicles. It is important for industry designers to constantly test their products and look for breaches. They must also keep extensive reports and documents to create a building block of progress. This leads to collaboration through information sharing. These practices are just the beginning. Hackers are ruthless, so securing electric vehicles will be a constant, on-going process with frequent improvements and adaptions.

Moving Forward

The lack of government-mandated requirements for proper system integrity for this mode of transportation creates a lack of universal information assurance standards related to the charging of EVs. Sure, there might be some monetary incentives coming from the government, but the industry needs more. Many experts in the field are advocating for more transparency and communication between companies and the government to create a set of regulations. Millions of dollars are being invested in electronic vehicle cybersecurity in the coming years making it a growing market. In fact, many start-ups are already focusing on this exact issue. [3] For example, Argus is an automotive cyber security company focused on offering software solutions that shield cars, trucks and commercial vehicles from hacks and attacks. Their software scans messages traveling between a car's electronic control units to see if malicious software has infected any of them. This technology is a cutting edge industry fighting for consumer acceptance; therefore, a lot of thought and effort is being given towards creating the proper systems. Many car manufacturers are examining the software, however, it has not been commercially released yet. There are significant vulnerabilities in the automotive system that must be addressed. A remote system taking control of an automotive is a serious concern, but as technology expands hopefully the possibilities of these exploits will decrease.

© Kathryn Bunner. The author grants permission to copy, distribute and display this work in unaltered form, with attribution to the author, for noncommercial purposes only. All other rights, including commercial rights, are reserved to the author.

References

[1] "Cybersecurity Best Practices for Modern Vehicles," U. S. National Highway Traffic Safety Administration, DOT HS 812 333, October 2016.

[2] "Framework for Improving Critical Infrastructure Cybersecurity," National Institute of Standards and Technology, February 2014.

[3] O. Hirschauge, "Magna, Allianz Back Israeli Automotive Cybersecurity Startup ," Wall Street Journal, 10 Sep 15.