Electric mobility requires an improvement in cyber security
Electric mobility will not only revolutionize the energy market and energy infrastructure but also the way of moving, as it will be completely digital enabling a complex integration of automotive products within the internet of things; this clearly presents new targets for cyber criminals to exploit. Just like any other machine on the network, everything on the portfolio of electric mobility, from charging stations to electric vehicles, can present security vulnerabilities.
It has been shown by computer science experts at UTSA [1] that it is possible to hack electric scooters, for example the miniPro Segway and other models such as the Xiaomi M365 scooter, which provide an application that can be used by mobile which is combined with the use of the electric scooter: it is used to move around the city through GPS tracking, it offers a social connection in real time and it allows you to switch the scooter on or off remotely. Attackers with a good knowledge of Assembly language can bypass the functionality of the App and, at the same time, overcome the safety protections of the hoverboard, thus taking control of the device, so that they can stop the race or decide where to take people, for example in the heart of the city or in traffic jam.
Since e-mobility is still perceived as a young industry, the level of IT security investment for each product varies by individual manufacturer and supplier. “Electric mobility is a bit of a wild West when it comes to cybersecurity” [2], says Andrew Barratt, British CEO of Coalfire, a cybersecurity consultancy. Currently most of the vulnerabilities in vehicles reside in battery management and in the main digital interface, however, if we consider that the near future foresees the production of autonomous cars, the threat is greater because the vehicles would be connected to each other and they would also be connected to networked road systems. “A nation state or serious organized crime group could induce a range of vehicles to crash at high speeds. Attackers wishing to harm critical national infrastructure without direct loss of life could force all traffic to attempt to go through certain areas, creating large localized traffic jams”, says Vic Harkness of F-Secure Consulting.
Numerous experts have requested the introduction of security in the design phase: that is, making sure that security is not an afterthought following a problem, but is integrated into the products from the beginning. Furthermore, if a supplier discovers a vulnerability to within one of its systems, a framework should be set up in which this information can be shared with other suppliers, so that overall security increases more quickly thanks to cooperation between manufacturing companies. In conclusion, it is clear that electric mobility is not limited to the product, the vehicle, but also includes the complex issue of the necessary infrastructure, which is why it is necessary to structure a national or even better international network to achieve the security goal.
During PHOENIX project, three components that will help increase cyber security will be developed and implemented: Privacy Protection Enforcement (PPE), Situation Awareness, Perception and Comprehension (SAPC) and Incidents Mitigation and Enforcement Countermeasures (IMEC). Six electric vehicles and three charging stations were deployed at one of the PHOENIX pilot sites to test the aforementioned components with the aim to improve electric mobility cyber security.