Download Report

zjvwpunG{olGjohsslunlSGlunpullypunG{olGylzwvuzlaGjp}ps
j GGaG
SGGG
G
Like the rest of society, transportation is now facing new
cyberthreats. Simon Michell reviews the vulnerabilities within
the transport sector and looks at how, with a little help from
cybersecurity, electric vehicles can boost national grid supplies
T
hat the internet has morphed
from its origin as an experiment
on powering academic research
into something that may have the
ability to bring society to its knees
is an uncomfortable yet plausible irony. Today,
with the developed world connecting almost
all of its electronic systems to the internet,
very little seems safe from cyberthreats.
Threats within the railway network
Transportation is a particularly vulnerable area.
While those in control of aviation, the railroads
and the highways will tell you that the threats
are exaggerated and that there are fail-safe
and fall-back systems, the transportation
community has already faced multiple attacks.
Each transportation sector has its own
vulnerabilities related, among other things,
to their customer-facing websites and the
digital systems they use to control their
ﬂeets. Although the railway system has so
far remained relatively free of cyberattack,
there is concern over the latest GSM-Railway
(GSM-R) wireless standard that is being
adopted in Africa, Asia and Europe to enable
communications between controllers and
drivers and control of track-switching systems.
The GSM-R system is more secure than
the 2G set-up it is starting to replace, but
according to a leading expert from Germany’s
Technische Universität Darmstadt, Professor
Stefan Katzenbeisser, there is a theoretical
vulnerability in the way in which encryption
codes are distributed. The codes are generated
by computer and distributed via USB sticks;
if an unauthorised person got hold of one of
these sticks, the potential for a cyberattack
16 — Securing the Cybersphere | Preview Edition
is clear. Such an attack would not necessarily
lead to a crash, but it could certainly create
the conditions for gridlock.
For some years now, commercial aviation
has been in the process of upgrading its
networks, particularly in the US under the
NextGen programme and in Europe as part
of the SESAR project. In both cases, the aim
is to expand capacity and increase efﬁciency
so that more aircraft can use the network on
routes that burn less fuel.
A backbone of both of these new systems
is digital technology, which is already being
introduced worldwide. Ever more aircraft
are replacing elements of their voice
communications between the cockpit and
ground-based trafﬁc controllers with digital
messaging protocols akin to emails. In addition,
aircraft over a certain size have been ﬁtted
with an electronic system, known as ADS-B
(automatic dependents surveillance –
broadcast), which automatically sends out
information about an aircraft’s identity and
position in the sky. Signiﬁcantly, a similar
system, AIS (automatic identiﬁcation system),
has been adopted by commercial shipping
for vessels over a certain tonnage.
The theoretical vulnerability for digital
messaging is that a hacker might be able to
get into the system and alter messages or send
bogus instructions to and from pilots and the
air-trafﬁc controllers using the controller-pilot
data link communications (CPDLC). Another
possibility, although much more technically
challenging, would be to create a virtual
aircraft with an ADS-B signal and ‘ﬂy’ it close
enough to other aircraft to force them to
change their position quickly. The danger is
that any rapid change of position by an aircraft,
particularly in congested airspace, such as an
airport approach lane, could lead to disaster.
The power of electric vehicles
The cyber vulnerabilities of automobiles,
however, are far more complex. Electric
vehicles – family cars in particular – will, in
a matter of years not decades, be integrated
into the energy grid so that they can charge
themselves and be used as a potential
electricity storehouse that can help to balance
supply and demand in the overall grid system.
Today, an average electric vehicle such
as the Nissan Leaf has a battery that holds
approximately 25 kWh of power. This, of
course, is not a great amount, but the
potential to aggregate the power of 10,000
or maybe one million electric vehicles makes
it a possible game-changer for regional
and even national power providers.
One of the biggest challenges in electricity
supply is being able to balance the amount
ALVEY & TOWERS PICTURE LIBRARY/ALAMY
zjvwpunG{olGjohsslunlSGlunpullypunG{olGylzwvuzlaGjp}ps
Railway systems worldwide are
vulnerable to cyberattacks,
particularly as the tendency
to use wireless technology
operationally increases
of power being produced in the grid with the
demand for that power. Most, if not all, of
the time, this is out of kilter. The difﬁculties
for the utility independent-system operators
(ISOs), which control the amount of energy in
the grid, is that there is only ever a segment
of that supply that is a constant baseline –
from nuclear power stations and other regular
sources, such as hydropower. The bulk of the
electricity is created by the ISOs asking gas-,
oil- and coal-power stations to switch on their
systems in order to feed it into the grid. There
is regularly a long lead time in this transaction.
This represents one of the biggest inefﬁciencies
in the supply chain. If it could be solved, or at
least improved, then the consequences would
be huge – particularly for the reduction of
household energy bills.
Syracuse University cyber experts have
been aware of this implication for many years,
and are working on developing systems that
secure the network between the cars, their
electric-vehicle service equipment (EVSE)
charging systems, the middlemen – the thirdparty aggregators (TPAs) that will implement
the charging contracts and facilitate the
electricity supply – and the ISOs that will make
the decisions to be able to meet demand.
Protecting privacy
The security along the entire line of
transactions has to be assured in a way that
not only mitigates cyber vulnerabilities, but
also meets a range of other social, legal and
regulatory factors. One of the key elements is
the interface between the cars and the EVSE.
Drivers will want to be able to charge their cars
when they are out and about – at a restaurant,
a cinema, a hotel – as well as when the car
is parked in the home garage. To do this, a
foolproof identiﬁcation-authentication protocol
will have to be implemented.
This is where a major hurdle comes into
play. The distribution agents, who will switch
on the electricity for the cars to be charged via
a grid-to-vehicle transaction, will want to know
that the owner will pay for that electricity.
The obvious way to do this is by identifying
the car and the billpayer.
However, with the increasing alarm over
the expansion of the ‘big brother’ society,
many car owners are likely to be reluctant
for their names to appear against a charger
that is not their home EVSE. In other words,
they will not want their movements to be
traceable according to the locations they
have charged their cars. Some anonymous
system has to be agreed before a large-scale
charging infrastructure can be implemented
and accepted by enough users to achieve the
grid-power balancing end goal.
Another factor, especially in the US, is that
some states, such as Maryland, have enacted
laws dictating that electricity cannot be sold at
a higher price than it was purchased for. Again,
this is a game stopper. The whole concept
of the electric vehicle as a regional/national
storage facility hinges on car owners being able
to buy electricity when it is cheap (at night)
Securing the Cybersphere | Preview Edition — 17
zjvwpunG{olGjohsslunlSGlunpullypunG{olGylzwvuzlaGjp}ps
JIM WEST/ALAMY
Electric vehicles, such as the
Nissan Leaf, have the potential
to transform the energy grid
and sell it when demand and therefore price
is highest (during the peak hours of the day).
The electric vehicle community itself will
want assurances that the system cannot be
penetrated and bills destined for one car
owner diverted to another. For their part,
the electricity suppliers will want guarantees
that the system is not vulnerable to theft
of the electricity itself – a problem that is
endemic in many parts of the world.
Moreover, the network of cars that are
plugged into this new smart grid must be
protected against hackers to prevent a
malicious penetration that can bring the grid
down. For electric vehicles to be used as a
storage facility that can help balance the grid’s
supply/demand challenge, there has to be a
mechanism that controls the EVSE network
in order to time the charging/discharging.
This way, it can balance the electricity-grid
supply in line with the charging requests
of the vehicle owners; this is the so-called
vehicle-to-grid transaction.
The nightmare scenario might be that,
during the night, when the majority of the cars
are plugged into the grid via their home EVSEs,
somebody hacks into the system and reverses
the electricity ﬂow so that instead of the cars
being charged, they dump their electricity back
into the grid, causing an overload that might
create an outage. Of course, the reverse is
also possible. Getting all of the plugged-in cars
to suddenly start charging at the same time
18 — Securing the Cybersphere | Preview Edition
during daytime/evening peak demand period
could also create blackouts. These blackouts
could spread rapidly across the grid.
Most developed countries’ electricity
infrastructure of power lines and substations
is ageing and relatively prone to the occasional
shutdown – some of which, while traceable
to a very small incident, can be massive in
their impact. The 2003 blackout that affected
more than 55 million people in the north-east
of the US and Canada’s Ontario was due to
an overload that caused a power line to heat
up and sag onto some foliage beneath it. The
grid’s automatic attempt to reroute electricity
only exacerbated the problem, sending surges
of power and blackouts from state to state and
then to Canada, before returning to the US.
Syracuse’s preSAGE group
According to Steve Chapin, Associate
Professor at the Syracuse University College
of Engineering and Computer Science,
“Time is running out to get this right”. Many
countries in Asia, Europe and the Middle East
have already started installing the smartgrid electric-vehicle infrastructure to enable
the mass electric-vehicle market. Professor
Chapin warns: “If we don’t get the security
aspect solved in time, we might ﬁnd ourselves
in the same situation as the PC industry,
where the vulnerabilities in the system are so
widespread that the cost of retroﬁtting the
security measures becomes too expensive.”
Indeed, producing the economic model before
putting the required protection in place is
what produced much of the current internet
vulnerability in the ﬁrst place.
To ensure that this does not happen –
in the US, at least – the preSAGE (Privacy,
Regulation & Economics in a Smart Assured
Grid Ecosystem) group has been formed at
Syracuse University. The group highlights the
holistic approach that the university adopts
when dealing with cyber issues. PreSAGE was
created by a cross-disciplinary team from
the College of Engineering and Computer
Science in which Steve Chapin teaches, the
Maxwell School of Citizenship and Public
Affairs and the Institute for National Security
and Counterterrorism, all of which are within
a short walk of each other on the university
campus. The multi-dimensional, ﬁve-person
team that forms the group’s engine applies
four key perspectives to the problem:
technology, security, economics and law. As
Steve Chapin says: “Only by looking at all sides
of the issue can a workable solution that covers
all aspects of the challenge hope to be found.”
The revolution in the electric-vehicle
sector that could provide massive beneﬁts
to society will depend on cybersecurity to
enable its public acceptance. However, also
involving elements of government regulation,
commercial practice, public opinion, legislation
and law enforcement, is far more than simply
an IT challenge.