It’s been a little over a year since I reported on grid attacks, mainly of the physical type but also of the cyber attack stripe. Every connected device, including distributed energy resources, adds surface area for an attack. The Wall Street Journal recently provided details targeting “green energy,” warning that the Chinese Communist Party (CCP), which makes many of our solar panels, electric vehicle batteries, and components, is a likely attacker.
Indeed, inverter-based resources (IBRs) that regulate frequency and voltage from solar panels, wind turbines, and batteries to match grid needs present reliability and security challenges. Utility Dive recently reported that owners of IBRs connected to the bulk power system still need to register with the NERC (North American Electric Reliability Corporation) or adhere to its reliability standards. Whoa! Try accessing a utility’s customer relationship management system without $10 million in cyber insurance and a hundred pages of security requirements and protocols.
In January, the DOE announced a $30 million funding opportunity to “support the research, development, and demonstration (RD&D) of next-generation tools to protect clean energy delivery infrastructure from cyber-attacks.” The grid, integrated with IDRs, seems to be operating on borrowed time without a safety net. This is interesting because, on another site, the DOE warns, “As more solar is installed and inverters become more advanced, [the] risk grows. If the inverter’s software isn’t updated and secure, its data could be intercepted and manipulated. An attacker could also embed code in an inverter to spread malware into the larger power system.”
Speaking of Chinese components, The Wall Street Journal reports that Chinese companies, including Huawei, whose telecom equipment is not allowed in the U.S. for security reasons, dominate the global solar inverter market. The CCP is cunningly ingenious, planting distributed energy threats throughout our power grid.
Automobiles
Automobiles, not just electric vehicles, deliver another universe of safety and cyber risks. Hacking automobiles is not new. In 2015, hackers were able to remotely manipulate a Jeep Cherokee’s climate control, entertainment system, and speed by disabling the transmission from a remote laptop. Those hackers claimed to release their findings to keep drivers safe from cyber-attacks. They declined to release other findings to prevent copycatters from creating havoc and chaos on the roads – in 2015!
Seven years ago, I wrote that smartphone adoption and EV adoption are two different things because scientists have not found a way of “packing 10,000 people onto a microchip.” In other words, they can pack a lot of computing power into a small handheld device, but the purpose of an EV is to haul people, which do not shrink and cannot be condensed. However, EVs, and today’s ICE cars for that matter, are smart devices with drivetrains and passenger cabins included. They automatically slow down when tailing another vehicle in cruise control and slam on the brakes when I merge “too soon” behind a vehicle in another lane. After having my car totaled by a driver who blew through a stop sign last February, those kinds of sudden surprises give me a little PTSD – like the big black cat I narrowly missed as it sprinted across Main Street in front of me. A few choice words were shouted after that one. Anyway, algorithmic features that can enhance safety can be reversed by nefarious parties.
The Wall Street Journal reports that China has even more advanced EV controls – “these systems rely on sensors, facial recognition and microphones that can collect sensitive information. Vehicles can record audio and video, as well as gather intel about the driver’s identity, finances, and contacts if his phone is connected via Bluetooth.”
Chinese EVs are not on our roads yet. The Journal says this is because of a 25% tariff on Chinese EV imports. You may have noticed that Chinese EV maker BYD overtook Tesla in quarterly sales for the first time in Q4 of 2023. BYD is second in electric bus sales and first in truck sales (the variety used at seaports ) in California. What could possibly go wrong?
Electric Vehicle Chargers
Electric vehicle chargers can be a weak link, as I learned in this Wall Street Journal video. Gaining physical access hardware and taking it along with Wi-Fi passwords and gaining access to, oh, banking and investment accounts is an easy heist in some cases. The easiest way to gain access to the charging platform is over the internet, says the cyber security expert, that would not be me. This is a good way to take down a neighborhood or the Island of Manhattan by flipping a bunch of chargers on at the same time. “The number one thing you can do for your security, whether it’s your EV, phone, or home computer, is apply software updates.” Except when my computer routinely blocks software updates, making gold withdrawals from Fort Knox comparatively snappy. 🙄🤯 Check it out – there are more knee-slappers in there for cyber-aware dufuses like me.
Autonomous Vehicles
Finally, a recent article by Guidehouse got me up to speed on robotaxi regress. As surviving San Franciscans needed another joy in their lives, the former home of the 49ers is a lab experiment in autonomous taxis that would reduce traffic congestion and improve safety.
Seven years ago, I wrote about the theoretical benefits of driverless cars: cheaper transportation, smaller parking lots, drop-off at the door, and faster traffic. Well, in San Francisco, autonomous vehicles have hit pedestrians and kept moving to cause further harm, hit a bicyclist, and reportedly caused traffic jams and blocked emergency vehicles. “The promise of self-driving cars was to alleviate traffic and increase safety, but in many cases they have done the opposite,” says Guidehouse. One result is that San Franciscans have sometimes taken control, attacking and destroying these cars.
Closing
Cyber security seems to have been chiefly focused on protecting wealth—avoiding identity theft or hacked bank, credit card, insurance, and investment accounts and anything that connects to these accounts, like auto-payments to utilities. Public safety and infrastructure, including energy supply, shipping lanes, and our streets, roads, and highways, can be matters of life and death. Be safe!
