Photo 103769813 © Tero Vesalainen | Dreamstime.com
Dreamstime M 103769813
Dreamstime M 103769813
Dreamstime M 103769813
Dreamstime M 103769813
Dreamstime M 103769813
Photo 169785302 © Bang Oland | Dreamstime.com
Dreamstime M 169785302
Dreamstime M 169785302
Dreamstime M 169785302
Dreamstime M 169785302
Dreamstime M 169785302
Photo 95499419 © Wrightstudio | Dreamstime.com
Dreamstime M 95499419
Dreamstime M 95499419
Dreamstime M 95499419
Dreamstime M 95499419
Dreamstime M 95499419
Photo 129896083 © Peerapong Boriboon | Dreamstime.com
Dreamstime M 129896083
Dreamstime M 129896083
Dreamstime M 129896083
Dreamstime M 129896083
Dreamstime M 129896083

Cyber Attacks on Networks, Utilities and Now EVs

Nov. 23, 2022
CSP networks, utilities and now EV networks are increasingly targeted by hackers. Learn how to stop their efforts.

Leveraging the Right Partners to Thwart Hackers 

With each passing day, the daily operational challenges facing companies become more digitally complex. In 2022, the US Federal Bureau of Investigation determined that several ransomware groups had developed codes to stop critical infrastructure or industrial processes. This threat is constantly evolving, and criminal groups are becoming even more capable.

In the face of a tense Internet landscape, government agencies now allocate much of their time and money to cybersecurity. Cybersecurity functions as a safeguard for networks, devices, and data—protecting them from unauthorized and often malicious access without affecting that infrastructure’s accessibility, integrity, and functionality. Those are its fundamental purposes, and they are critical to the functioning of both the economy and government. Organizations achieve cybersecurity through a distinct and critical combination of tools, equipment, standards, and processes. These need to be in the hands of a professionally trained and experienced workforce. Yet, sometimes, it is necessary to seek additional professional and expert help on these tasks in order to best safeguard this sensitive information.

“Electric vehicle charging stations are also extremely vulnerable to hackers. Last year, US-based Colonial Pipeline fell victim to a foreign-fronted cyber-attack as a result of a single compromised password. This one vulnerability halted fuel supply processes in the Eastern US and cost the company $4.4 million in ransom.”         

A growing number of US companies are aiding the Department of Defense (DoD) and other Federal Government agencies. Their aim is to provide better tools with which they can successfully “self-protect”. This includes creating smarter technology-dependent environments, using advanced Information Technology (IT), Industrial Control Systems (ICS), Cyber-Physical Systems (CPS), and connected devices. These are known, collectively, as the Internet of Things (IoT). Through the integration of these technologies, there is greater interconnectivity created that improves efficiency while hardening the security of power grids, limiting the potential for devastation.

Alarmingly, there has been an increasing amount of public sector cyber-attacks with organizations such as the NYC Fire Department and the Washington DC Police Department falling victim to attacks where their sensitive information was exposed and shared. This caused hundreds of discipline files and intelligence reports to be leaked into the dark web. According to experts who’ve examined those events, it is the worst known ransomware attack ever to hit a United States police department.

The US depends mightily upon the reliable functioning of its critical infrastructure (CI), and should these organizations become compromised, the results can be detrimental. Suppose public or private agencies lose access to or use CI. In that case, it can have a debilitating impact on any combination of national security, economic strength, and public health and safety. The United States Cybersecurity & Infrastructure Security Agency (CISA) reported that 20% of the top routinely exploited cybersecurity vulnerabilities for 2021 were on 2020’s list as well, meaning significant threats are going unaddressed. (Sources: https://www.cisa.gov/uscert/ncas/alerts/aa22-117a and https://www.gao.gov/assets/gao-22-105973.pdf)

IPKeys Cyber Partners is one little-known US company working with DoE. They specialize in highly secure technology integration, cybersecurity, systems and software engineering, and cloud to strengthen the security of organizations at risk. Its primary mission is to provide technology solutions to the complex global challenges faced by our country’s defense forces and government agencies. These challenges include geopolitical risks, cybersecurity threats, and environmental disasters.

Despite these facilities’ significant role in delivering vital electricity and water to communities, public utility employees often have little or no cybersecurity training because they tend to have smaller budgets, fewer security tools, and less cybersecurity expertise—leaving them vulnerable to extortion for money or having their data stolen. It is critical for companies, especially municipal utilities, to ensure the power grid's security by being as prepared as possible with advanced technologies that can harden grid security and limit the potential for devastation.

The public utility grids responsible for administering power to millions of customers have become continuous targets for hackers. New digital tools are available to help municipal utilities improve security and remain compliant with federal regulations as more cybersecurity organizations work closely with compliance organizations to develop more mature and reliable cybersecurity programs. Leveraging an end-to-end intelligent grid technology platform offers grid operators a simple, unified solution for cybersecurity monitoring and compliance requirements. Additionally, a robust platform helps advance and streamline cybersecurity and monitoring requirements for entities through a single solution.

“The United States Cybersecurity & Infrastructure Security Agency (CISA) reported that 20% of the top routinely exploited cybersecurity vulnerabilities for 2021 were on 2020’s list as well, meaning significant threats are going unaddressed.”        

It’s now widely understood that the power grid remaining protected and unharmed is of the utmost importance. The public depends on the grid for powering their homes, offices, and cars. Almost every facet of life revolves around the power grid, it is a critical tool for making life easier. That being said, there have been clear examples of what happens when it is compromised. In the winter of 2021, Texas was practically frozen over by Winter Storm Uri. The ensuing chaos essentially caused a complete shutdown of the state, with over 20 million people left stranded without power. The grid is far too important to be shut down by severe weather, supply chain shortages or hackers. Companies assisting the oftentimes threatened utilities are fast becoming pivotal “guardians” that, when successful, helps ensure that the public has access to power.

The Fast Lane to EV Hacking?

The intersection of the electrical grid and automobiles opens a new arena of utilities. EVs rely on charging stations to build up their batteries before hitting the road. This creates a whole new opportunity for hackers to create trouble. In February 2022, a 19-year-old tech specialist apparently used a backdoor created by a third-party software app to hack into 25 of a leading EV manufacturer’s vehicles in over a dozen countries. If the US wants to successfully integrate EV’s onto the countries’ roads, it must act to protect them from cyber threats.

As more utility sectors continue to embrace the digital transformation, it is imperative that the new digital tools are proactively protected. With many industries undergoing their own digital transformation, they require their own new and fully capable cyber protection.

Electric vehicles are a vital part of the future (and present) of the US auto market. After decades of hope and hype, the rapid adoption of electric vehicles is finally upon us. In 2011, there were only 16,000 battery and plug-in hybrid electric vehicles on the road in the US. By mid-2021 that had grown to over 2 million vehicles. In fact, auto executives expect over 50% of US vehicles to be all-electric by 2030.

But what of the extensive and complicated network needed to service those electric vehicles. It took decades for a hodgepodge network of gas stations to crisscross the nation, with policies and procedures created by individual oil companies before any sort of government oversight or planning ensued. A state or nationwide electric vehicle charging network will take great planning and investment.

The Bipartisan Infrastructure Deal includes $7.5 billion to plan and build robust EV charging stations across the nation. Despite lofty goals and plans to boost electric vehicles, one crucial challenge isn’t being discussed: cybersecurity.

Fortunately, some new and well-funded assistance is now heading towards utilities. The Infrastructure Investment and Jobs Act (IIJA) provides $335 million in funding for utilities to support, develop, and implement cyber-security plans, train personnel, and purchase equipment. This investment will help modernize our nation's critical infrastructure while protecting it from cyber threats. This also helps reduce the likelihood of disruptions to essential services. According to Carey Smith, Chairwoman, President, and CEO of Parsons Corporation, “Utilities are taking steps to harden their systems against cyber threats, by investing in security measures and in operations. These changes come as utilities face an evolving threat in the landscape. In recent years, there have been several high-profile cyber-attacks against critical infrastructure, each reminding us that utilities must prepare to defend themselves against sophisticated and well-resourced threats.” This is a vital investment in security and will help protect critical infrastructure from the ever-increasing threat from nation states, terrorists, and criminal actors.

“In 2022, the US Federal Bureau of Investigation determined that several ransomware groups had developed codes to stop critical infrastructure or industrial processes. This threat is constantly evolving, and criminal groups are becoming even more capable.”         

Electric vehicle charging stations are extremely vulnerable to hackers. Last year, US-based Colonial Pipeline fell victim to a foreign-fronted cyber-attack as a result of a single compromised password. This one vulnerability halted fuel supply processes in the Eastern US and cost the company $4.4 million in ransom. Now think of a hack crippling EV charging stations across California. More open doors provide more opportunities for hackers to break into, and potentially control, sophisticated EVs.

With the rapid adoption of electric vehicles and EV charging stations increasing our vulnerability, we cannot afford to disregard proper cybersecurity implementation.

About the Author

Gordon Feller

Gordon Feller advises government and industry leaders working to improve physical and digital infrastructure. His expertise is used by utilities, cyber-companies, Federal agencies, foundations, and universities. He brings 40+ years of experience helping large complex projects led by HP, IBM, Lockheed, Chevron, Cisco, World Bank, UN, S&P, World Economic Forum, and dozens more. For more information, email [email protected] and follow him on Twitter @GordonFeller.