Sunday, July 10, 2022

An Aging National Power Grid + The Explosion Of EVs = A Huge Cyber Nightmare

 


Just wondering, how many of you out there own electrical vehicle (EV)?  To be honest, this is a market I have not paid too much attention to, and in fact, I don’t think I have even seen one where I live at.  The closest I have seen remotely electric are those things that people stand up on and go around on.  They are not too much of a common sight here in the burbs of Chicago, but in the city, I am sure that they are quite a big hit.

So, why am I bringing all of this up, you may be asking?  Well, probably for the first time, I came across an article this morning, which not only gave a glimpse into the EV industry, but the Cybersecurity impacts that these new vehicles can have on our already strained national power grid. 

First, let me paint the picture of just how huge the EV industry really is (it totally blew my mind away):

*There are well over 600,000+ EVs hitting the roads and highways today in the United States;

*It is anticipated that as the production processes for EVs improve over time, there will be about 1 million produced a month;

*70% of Americans would purchase an EV if they could afford it;

*By the year 2026, there will be 26 million EVs on the roads and highways;

*By the year 2030, the state of California will have 4 million EVs;

*By the year of 2040, EVs will account for 60% of all automobile sales across dealerships in the United States.

(SOURCES:  https://www.statista.com/statistics/665823/sales-of-plug-in-light-vehicles-in-the-us/; https://www.bloomberg.com/news/articles/2022-04-08/plug-in-ev-fleet-will-soon-hit-a-20-million-milestone; https://policyadvice.net/insurance/insights/electric-car-statistics/).

Obviously, the world will run of out crude oil one day, so I think it is great to see that we are taking a proactive stance in looking for alternative energy sources to help us get through our every day lives.  But as all good as this sounds, there is a flip side to this. 

These EVs have to be constantly charged, and current research shows that you have to visit a charging station in between every 200 and 400 miles of driving.  The worst part is that EV charging stations are still not a common place like the normal gas station, so if you get stuck, you are literally frozen unless AAA can charge you out.

Because of the limited number of EV stations that are out there, whatever is in existence has to rely upon a power source from somewhere, namely the national power grid.  But here in lies one of the problems – it is close to 70 years old, and it was not designed to handle the huge influx of EVs.  Of course, nobody back then even conceived of an EV. 

Right now in the US, there are some 9,200 national gird generators, over 600,000 miles of electrical lines that generate well over 1 million megawatts of electricity.  This kind of configuration served well back in the day, when our needs were simple, and not what they are like today. There have been talks in DC about creating what is known as a “Smart Grid”.  This is where all of the electricity that is depleted from the national grid can be put back into it, thus making it more responsive to the needs of Americans.

For example, electricity that is generated from wind solar panels.  But once again, keep in mind the age of the national grid.  One cannot simply rip out the old infrastructure and put a brand new one in.  In fact, it’s like the SCADA and Industrial Control (ICS) that we have in place also.  But there is yet another fear to the national power grid, and that is the Cyberattacker. 

Once again because of its age, there have not been too many security updates made to it,  thus leaving many backdoors open for easy penetration.  In fact, we have already witnessed some disruption to our power grid because of a security breach, but luckily, yet nothing cataclysmic has happened yet.

Now you throw in the demand from the power grid from the EVs as well as other technologically advanced devices, and now you have what is called a huge Internet of Things, or IoT that has a huge attack surface that has grown exponentially overnight. 

This is in turn will leave many points of entry that will remain unprotected for long periods of time to come. And it could be one lucky shot by a Cyberattacker that will finally bring the entire national grid down in just a matter of minutes.

My Thoughts On This:

Although I just painted a very sad picture, the bottom line is that it is real, even if EVs were not existent.  The national power grid is weak in terms of security, and as I have described, there is really not much one can do about it. 

The best that this nation can do is simply add on any security layers that are possible, but one has to make sure that all components work together.  Its not like at all downloading Windows patches onto your laptop.

We are talking about mixing the latest technologies with tools that are ancient, by comparison.  You may even be asking how did we even get into this hole to begin with?  Well back when the national electrical grid was being conceived of nobody gave a thought to Cybersecurity, because it was totally unheard of. 

Everybody was concerned about the physical security components, such as only letting authorized individuals having access to strategic points along the grid.

Heck even the EVs themselves can also bring their own Cyber risks as well.  As it was nicely summed up in this quote: "An electric vehicle has far more hardware chips and software components than an internal combustion engine. More complexity means we need to be more careful around security in general."

(SOURCE:  https://www.darkreading.com/attacks-breaches/how-to-keep-evs-from-taking-down-the-electrical-grid).

My point is that it is quite easy people to say that “we need to do this or that” to shore up the defenses of the national power grid.  But the truth of the matter is that we need the support of our political leaders in DC to make it all happen. 

We need new money to be put into research and development in order to come up with new ways to help protect the grid.  Even the states cannot do this by themselves.

It really needs to be a national effort in the end.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...