Power companies are increasingly upgrading to smart grids—national or state-based intelligent computer systems that collect information from consumers and suppliers in order to automatically improve the grid’s efficiency and reliability. The National Institute of Standards and Technology in the United States has produced a set of cybersecurity guidelines, called NISTIR 7628, for smart grid programmers across the globe. However, Aldar Chan and Jianying Zhou at the A*STAR Institute for Infocomm Research in Singapore point out that, although the guidelines are comprehensive, they lack standardized instructions for scenarios that may arise with new technologies such as electric vehicles. Chan and Zhou have also identified two key weaknesses within NISTIR 7628.
When people plug in and charge electric vehicles, the security risks bridge the ‘cyberworld’ and the real world. “If there is no binding of identities between the cyber and physical domains, how can we be sure the information provided by the smart grid accurately reflects what is happening in the real world?” asks Chan. “We have little knowledge about cross-domain vulnerabilities, not to mention security mechanisms to withstand coordinated cyber–physical attacks.”
Chan and Zhou examined the NISTIR 7628 framework using the scenario of a person charging an electric vehicle on a smart power grid. This framework is designed to provide a very secure system because as well as requiring a user login to pay for electricity, the car itself also needs device authentication when plugged in. In this way, a car reported as stolen would be barred from charging. Nevertheless, there may be ways of altering plug-in systems that would allow stolen vehicles to charge.
Read more at: Phys.org