To date, the entire career of Yury Dvorkin, an assistant professor of electrical and computer engineering at the NYU Tandon School of Engineering, has been focused on energy systems.
His latest research on the potential for public electric vehicle (EV) charging stations to become a cyberattack vector for the U.S. energy grid was motivated by his understanding and concern of how complex the interactions between the cyber and physical layers of the energy grid have become.
“We are at a point right now where if we don’t address the emerging vulnerabilities in this area some malicious actor could potentially exploit these areas for gain and slow down the power grid modernization effort that is being undertaken,” said Dvorkin.
A credible demand-side security threat
Dvorkin’s research focused on the potential for a demand-side cyberattack using plug-in EVs and EV high-wattage charging station infrastructure. His analysis showed that it is a credible scenario for multiple charging EVs to be hacked simultaneously, causing a disruption to grid operations or even a blackout by targeting the frequency stability of the grid.
The article based on his findings, “Smart Grid Public Plug-in Electric Vehicles + Grid Data: Is a New Cyberattack Vector Viable?” was published this week in the IEEE Transactions on Smart Grid.
Demand-side cyberattacks are possible, states the article, because many high-wattage appliances have communication and control interfaces forming an Internet of Things (IoT) network. Charging a EV at a public charging station is reported through a smartphone application, such as ChargePoint.
The paper goes on to state that “Although attempts have been made to develop cyber hygiene requirements and protocols for charging EVs (e.g., the 2017 report by European Network for Cyber Security ), there is no established consensus among manufacturers, consumer advocates, utilities, as well as national and international authorities.”
Dvorkin, a member of the Center for Urban Science and Progress (CUSP) at NYU Tandon, hopes his research, which was co-sponsored by the NSF and the NYU Center for Cybersecurity, will get the attention of the Federal Government and agencies like Homeland Security who can make grid cybersecurity issues like this a priority.
Data, data everywhere
To support his analysis, Dvorkin scraped grid data—ranging from network configuration data to transformer line and load parameters-- from publicly available sources in Manhattan, including power grid data from the US Energy Information Administration, New York Independent System Operator, and the local utility in New York City. He also acquired publicly available data on charging stations from ChargePoint smartphone apps.
Dvorkin was, frankly, surprised at the amount of data readily available.
“The state of New York pushes for transparency through public reporting and hearings, for example. And New York is a competitive wholesale electricity markets, so there is a need in market transparency to make sure both buyers and sellers are satisfied with and accept market outcomes,” Dvorkin explained. “So, a lot of this information must be released in a form the public can access.”
The good news is that Dvorkin believes there is time before this attack vector becomes an imminent threat. “Our research shows that 1,000 cars would need to be charging simultaneously in a specific location, such as New York,” he explained. “At the time this article is being published, we had about 5,000 EVs in New York City, which are unlikely to be compromised and charged simultaneously.”
As for the future, Dvorkin just won an NSF RAPID grant to study the effect of COVID-19 on the grid. He intends intends to design a model that can represent infrastructure operations under various disease-outbreak scenarios and inform the development of efficient strategies to mitigate these vulnerabilities.
The project will bridge the gap between computational epidemiology and infrastructure modeling, taking into account both infrastructure issues and disease spread.