Vehicle-Grid Integration Cyber-security of PEVs Authors: Nihan Karali Energy Analysis and Environmental Impacts Division Lawrence Berkeley National Laboratory International Energy Studies Group July 2017 This work was supported by the DOE Office of International Affairs under Lawrence Berkeley National Laboratory Contract No. DE-AC02-05CH11231 and National Renewable Energy Laboratory Contract No. DE-AC36-08GO28308.
Contents Introduction... 3 Security of infrastructure and physical systems... 3 Security of communication... 4 Customer privacy... 4 Smart metering... 4 Conclusion... 5 References... 5 Table of Figures Figure 1. Schematic illustration of smart grid physical layers and communication and control systems.... 3 Acknowledgment The author would like to thank Anand Gopal, Rudy Kahsar, and Cabell Hodge. In addition, the author would like to thank Elizabeth Coleman for her diligence, responsiveness, and attention to detail while editing this report. 2
Introduction Power grids are being transformed from one-way electricity delivery systems, in which a system operator controlled the dispatch of large, centrally located electricity generation resources, to twoway intelligent transmission and distribution systems that connect many devices and infrastructure components, in a continuously monitored and dynamically optimized network (Figure 1). Plug-in electric vehicles (PEVs) can connect and communicate with various electronic devices and interfaces throughout wired and wireless networks. Widespread PEV deployment raises questions regarding cyber security challenges and problems. Many PEV operations rely on information exchange between parties using Information and Communication Technology (ICT) systems, the security of which is of foremost importance. Interception and altering of data and/or control instructions, and malicious software are among the possible cyber security risks. Cyber attacks could cause severe damages to the vehicle, utility, and society. While some PEV cyber threats can be addressed with existing IT solutions, addressing other threats needs adoption and innovation of new security technologies. Figure 1. Schematic illustration of smart grid physical layers and communication and control systems i. Cyber security touches upon many aspects of the power grid and PEVs. Vulnerability of infrastructure and physical systems, communication domain, customer privacy, smart metering, and security of PEVs are some among them. Security of infrastructure and physical systems PEVs rely on an infrastructure of intelligent charging stations, energy generation units, and possibly stations for swapping batteries. A single hacking attack, initiated from PEVs or the charging stations, e.g., EVSE (electric vehicle supply equipment), could have serious physical implications. These type 3
of attacks can spread easily due to communication networks and mobility of PEVs. Malware loaded to a charging unit can compromise a PEV easily and can be carried around as the vehicle travels. Those malware can compromise other equipment in the smart grid, including Phasor Measurement Units (PMUs), line and transformer monitoring and protection equipment, and smart meters. The attackers might also inflict substantial damage to either the grid or to the transportation infrastructure. The impacts of such attacks can be as severe as regional blackouts, or less severe but still undesirable disruption in the electricity supply. Security of communication Communication technologies are used to exchange information between PEVs and charging units such as the state of charge, charging duration, payment amount and type, electricity price, and load control signals. This communication infrastructure, including vehicle-to-grid (V2G) technologies, can be subject to cyber-attacks, especially through vulnerabilities in wireless networks. Such attacks can target charging network availability, data integrity, and information privacy ii. If the energy request, energy usage, price signal, and demand response parameters are subject to hacking, it might lead to the overcharging of batteries and cause severe damage to PEVs ii. In addition, information exchanges over the V2G network controls physical components in the electric distribution grid through a collector or data aggregator. Aggregators will have access to the authentication and communication servers in order to coordinate the charging. Information or network security breaches in the IT systems of aggregators may cause the malfunction and/or damage of critical power infrastructure. Customer privacy Individual information, e.g., identity of customers, payment methods, and their interaction with the operator, must be protected from third parties during and after payment transactions. To protect consumers privacy, power utilities or third parties should be responsible for implementing right to access policies that ensure consumers information is accessed and used only for legitimate utilityrelated purposes. According to IEC 15118-2, the use of transport layer security (TLS) and unilateral authentication (i.e., server side authentication) are mandatory iii. However, unilateral authentication is not considered secure, as it may result in redirection and impersonation attacks iv. Mutual authentication (i.e., both server and vehicle authentication) is recommended in order to ensure that communication happens only among legitimate entities in the network. However, customer identity protection is not a problem limited to PEV cyber-security and hence can be addressed at higher levels of commercial IT security. Smart meter vulnerability Smart meters provide real-time information to the customers and the utilities. The energy flow in charge/discharge process of PEVs might be modified by the attackers and the real time data such as energy usage of customer and charging price from utility might be stolen. In addition, Abedi et al. emphasizes that the charging station would be able to tamper the smart meters, bypass the authentication in metering protocols, overrun the buffer in the AMI firmware, delete or modify files, and manipulate firmware, to cheat both the energy providers and the PEV owners ii. The intrusion might also affect the system operation or control variables, such as market clearing prices, reserve allocations, distribution congestion management, and dispatch of generation units. 4
Hacking of PEVs Life threatening cyber attacks that involve the take-over of a vehicle while in motion are increasingly possible but not restricted just to PEVs. According to Rohde, remote hacking of vehicles are possible in numerous scenarios. He shows that DCFC units can communicate with electric vehicle CAN (Controller Area Network) Bus and send messages to in-vehicle electronic control units v. Similarly, Foster et al. discusses how an attacker may be able to attack telematic control units (TCU) in an effort to gain control over the vehicle, resulting from a combination of bad software architectural decisions (e.g., the design of the update protocol) and particular configuration options (e.g., the use of SMS and debugging features in production deployments and the use of identical keys and passwords among such devices) vi. Conclusion In order to ensure the cyber security of PEVs and connected systems, embedded security technologies and network protection methods are needed. PEVs should be treated not just as loads, but also as demand response or distributed energy resources. Therefore, the security issues involves all parties in the energy system. Cyber security threats need to be analyzed in detail and customized security solutions need to be designed. This is a critical area of research, development and deployment over the next decade. References i Khurana, H., M. Hadley, N. Lu, D. A. Frincke. 2010. Smart-grid security issues. IEEE Security and Privacy 8(1): 81-85. ii Abedi, S., Arvani, A., Jamalzadeh, R. 2015. Cyber Security of Plug-in Electric Vehicles in Smart Grids: Application of Intrusion Detection Methods. Chapter 5 in Plug In Electric Vehicles in Smart Grids, Power Systems. S. Rajakaruna et al. (eds.), DOI 10.1007/978-981-287-299-9_5. iii R. Schmidt et al. 2012. V2G Interface Specifications between the Electric Vehicle, the Local Smart Meter, and its Service Providers. Proc. 7th Framework Programme, INFSO-ICT 285285. iv Saxena, N., Grijalva, S., Chukwuka, V., Vasilakos, A.V. 2016. Network Security and Privacy Challenges in Smart Vehicle-to-Grid. IEEE Wireless Communications. 10.1109/MWC.2016.1600039WC. v Rohde, K. 2017. Electric Vehicle Cyber Research. Idaho National Laboratory. INL/CON-17-42726. vi Foster, I., Prudhomme, A., Koscher, K., Savage, S. 2015. Fast and Vulnerable: A Story of Telematic Failures. 9th {USENIX} Workshop on Offensive Technologies ({WOOT} 15). https://www.usenix.org/conference/woot15/workshop-program/presentation/foster 5