Australia prepares for Electric Vehicle cyber risk


Joseph Brookes
Senior Reporter

As Australia embarks on a transition to electric vehicles, the security of millions more devices potentially connecting to the national energy grid presents a new risk. But the industry says it’s not unsolvable and no reason to delay uptake of electric vehicles any longer.

Last month, Climate and Energy minister Chris Bowen launched consultations on Australia’s first national electric vehicle (EV) strategy. It’s aimed at removing the barriers to uptake that have kept new EV sales at just three per cent in Australia.

Mr Bowen said the plan includes EVs eventually feeding back into the grid, and the consultation paper flags the development of smart integrations systems that will allow EVs to provide battery storage for the home and the electricity grid.

But the risk of a cyber-attack that exploits the new connections is not directly mentioned in the Australian government’s early consultation, despite potentially serious consequences and the growing attention on the security of critical infrastructure like energy systems.

Energy minister Chris Bowen with Prime Minister Anthony Albanese and Industry minister Ed Husic

The omission is not necessarily a problem, however, says EV Council of Australia head of energy and infrastructure Ross De Rango. But it will need to be addressed more effectively as supply increases, and the industry group will highlight cyber security concerns in its submission.

“The risk potentially emerges if all of the EV charging is connected and orchestrated,” Mr De Rango told InnovationAus.com. “And if we hit into a future that looks like that, cyber security will need attention.”

Currently there is no comprehensive electric vehicle and infrastructure cybersecurity approach and only “limited best practices,” according to research funded by the US Department of Energy, despite what it describes as a significant risk.

“There is an incomplete industry understanding of the attack surface, interconnected assets, and unsecured interfaces. Comprehensive cybersecurity recommendations founded on sound research are necessary to secure EV charging infrastructure,” the July 2022 paper from Sandia Laboratories says.

The US is one of several jurisdictions much further ahead of Australia on its switch to electric vehicles, along with the UK and Norway, Mr De Rango said.

“Those jurisdictions are just starting to grapple with the idea of scheduling and orchestrating EV charging. From the point of view of managing the energy system, those journeys at a large scale level are only just starting in EV.”

As EV uptake does increase in Australia, the risk of attack will too, according to BlackBerry director of engineering APJ, Jonathon Jackson. Blackberry software is used in 215 million vehicles, including 24 of the 25 top EV manufacturers.

Mr Jackson said there’s been attacks on US and European EVs and infrastructure already and it is a question of “not if but when” for Australia.

“EV charging infrastructure is a target for cyber criminals,” he told InnovationAus.com. “We’ve seen some examples where an attacker is able to take over EV charging infrastructure and change coding within that charging infrastructure which increases coding issues in cars.”

“Or they’re able to bypass authentication controls and be able to take over the ownership of a vehicle basically through a smartphone or an app.”

Mr De Rango said EV cybersecurity is very much “on the agenda” in Australia and he doesn’t think the risk should slow the uptake at this early stage.

The Australian Renewable Energy Agency is facilitating a Distributed Energy Integration Program for a range of government agencies, market authorities and industry and consumer groups, which is considering the integration of EVs and cyber standards among its working groups.

At the same time, the Energy Security Board set up to oversee Australia’s energy transition is seeking feedback on aspects of cybersecurity for EV charging that are specific to Australia.

“The energy security board is already paying attention to this,” Mr De Rango said. “It’s a question of making sure that we are paying attention to it sufficiently as EV uptake scales.”

To do that, Australia needs to first secure a greater supply of EVs. Mr De Rang said the most effective way to do this is for the government to introduce ambitious fuel efficiency standards.

“We need it to be ambitious. Because if we don’t have that, we will not get sufficient supply of the vehicles to meet our climate targets,” he said.

“Matters like managing the energy system and managing cybersecurity aspects come after securing enough supply of the vehicle that there is a meaningful impact on energy and cybersecurity.”

On Friday the Electric Vehicle Council released figures showing the sale of EVs has increased 22 per cent in the last year.

Do you know more? Contact James Riley via Email.

4 Comments
  1. Digital Koolaid 2 months ago
    Reply

    I’ve been worried about this for years and it’s about time someone did something. My hair dryer is connected to the National Grid. My toothbrush charger is too, and my toaster. The risk of cyber attack is clear and the potentially serious consequences to the security of critical infrastructure like clean teeth. The baddies could come out of the power outlet and take over the ownership of my toaster. No need for a smartphone or an app. All the power outlets in my house are a cyber risk and I need MFA on my switches. The “attack surface” is massive and my espresso machine is at risk too. Sorry guys, I’d laugh at the stupidity of these insane fears if I wasn’t shocked at the ignorance of people who should know about electricity. (Could someone please tell Chris, politely, that my Nissan Leaf already has the ability to provide battery storage for my home. No consultation paper needed. Save the cash and just email Nissan about V2G. Nice that the three amigos were standing in front of a Leaf.)

    • Reads before commenting 2 months ago
      Reply

      Or you could read the article and, perhaps, learn something.

      I quote: ““The risk potentially emerges if all of the EV charging is connected and orchestrated,” Mr De Rango told InnovationAus.com. “And if we hit into a future that looks like that, cyber security will need attention.””

      Your offline Leaf isn’t a problem. Thousands of networked, centrally regulated EVs managed remotely to optimise the grid are.

      • Digital Koolaid 2 months ago
        Reply

        Dear Replies Before Thinking. You drive a Leaf too? That’s great! Ours is dong brilliantly and we’re really pleased. The funny thing is – it didn’t come with “networked, centrally regulated, managed remotely to optimise the grid” features. That’s some sort of optional extra from your imagination – stuff that Nissan doesn’t make. Great imagination, but not real, along with cyber security for electricity outlets. Regards.

Leave a Comment

Your email address will not be published.

Related stories