As Bryan Tepper, Hawaii Electric’s CISO and Information Assurance Manager circa 2018, pointed out to me in an interview some years back: “the more advanced the system, the larger the attack surface becomes.” Our grid’s attack surface area has been getting steadily bigger over the past two decades, and it will continue to do so.
We aren’t just making our attack surface area bigger for the heck of it—these technologies provide our societies with profound benefits over older systems. Smart meters, for example, give us accurate energy consumption monitoring, time-based pricing, improved outage detection, and integration of renewable energy sources. They enable consumers to make informed decisions about their energy usage, shift consumption to off-peak hours, and support the grid’s stability with clean energy integration.
Electric cars have even more potential to transform our world for the better. They provide environmental advantages by emitting zero tailpipe emissions and reducing greenhouse gas emissions. They offer energy efficiency, energy diversification through vehicle-to-grid technology, and reduce dependency on fossil fuels. When combined with smart meters, these advantages are further enhanced, promoting optimized energy usage, grid stability, and efficient charging infrastructure planning. Together, smart meters and electric cars might be the bedrock of a new energy system that allows humans to mitigate climate change without sacrificing any quality of life.
Most people in the know, like the members of Energy Central, understand that we can and should tolerate an increased security risk in exchange for the benefits I listed above. The danger, however, is that people who are not in the know, ie the masses, spook and lobby legislators to scale back these transformative new technologies. I’m bringing this up now because in the past couple weeks I’ve come across an alarming number of articles in the mainstream press about the cyber risks posed by EVs and smart meters.
First there was this article in Grist last week that used real prank hacks of ev stations to predict more sinister acts in the future. The article quotes a Sandia Labs researcher whose done research on the potential security issues related to EVs and supporting infrastructure:
“They found everything from the possibility of hackers being able to track users to vulnerabilities that “may expose home and corporate [Wi-Fi] networks to a breach.” Another study, led by Concordia University and published last year in the journal Computers & Security, highlighted more than a dozen classes of “severe vulnerabilities,” including the ability to turn chargers on and off remotely as well as deploy malware.”
Alright. It’s a short article in the Grist. No big deal right? But then today, I come across this much more substantial piece of the same tone in the Wall Street Journal. Here are some excerpts:
“In the worst of cases, hackers could engineer blackouts and do damage to entire electric grids by infiltrating charging stations and networks, officials and security analysts warn.”
‘“If you have hundreds of thousands of chargers, you are a target,” said Harm van den Brink, a cybersecurity specialist at ElaadNL, a research organization in the Netherlands focused on testing EV charging.”
And now, just before writing this post, this story at CBS Texas about the security risks related to smart meters pops up in my feed.
To be clear, I don’t refute any of the points brought up in these three articles. My worry, however, is that we lose the big picture as public discourse on the subject comes to be dominated by talk of risks of these technologies. This is what happened to nuclear power in the 20th century. A couple of very unfortunate disasters sparked off a generation of anti-nuclear fear mongering that probably set us back decades in the fight against climate change. Let’s hope that history doesn’t repeat itself.
