How green energy makes us vulnerable to cyberattack

An academic study last November modeled a case in which a remote attacker commandeered public EV chargers to create electric frequency distortions that led to a systemwide blackout in Manhattan.. (Image: Pixabay)
An academic study last November modeled a case in which a remote attacker commandeered public EV chargers to create electric frequency distortions that led to a systemwide blackout in Manhattan.. (Image: Pixabay)

Summary

EVs and other digital-controlled products open extra access to the grid, which enemies can exploit.

China launches an amphibious attack on Taiwan. The U.S. responds with a missile attack to sink Chinese ships. Within minutes, California is plunged into darkness, followed by New York and Washington. Electric trucks around America start crashing into other vehicles.

This may seem far-fetched, but government climate policies are making it easier for the Chinese Communist Party to wage a multifront cyberattack. Even the Biden administration is raising alarms about how malign actors could exploit electric vehicles, chargers and rooftop solar systems to wreak havoc on the homeland.

So-called distributed energy systems provide an increasing number of entry points to the grid. An academic study last November modeled a case in which a remote attacker commandeered public EV chargers to create electric frequency distortions that led to a systemwide blackout in Manhattan.

“Such attacks will become feasible by 2030 with increased EV adoption," the authors warned. President Biden hopes to install 500,000 public EV chargers by 2030. That’s 500,000 potential bots America’s enemies could turn into weapons to take down the grid.

Rooftop solar and renewable generators are similarly vulnerable. A 2022 Energy Department cybersecurity briefing noted that distributed renewable generators could be more vulnerable than fossil-fuel and nuclear plants to cyberattacks because “their output is highly configurable in unique and powerful ways" and “software-driven and digital-controlled."

“As more solar is installed and inverters become more advanced, this risk grows," the Energy Department warns. If a solar inverter’s “software isn’t updated and secure, its data could be intercepted and manipulated. An attacker could also embed code in an inverter that could spread malware into the larger power system." Notably, Chinese companies including Huawei—whose telecom equipment the U.S. has blacklisted for national-security reasons—dominate the global solar-inverter market.

EVs present their own risks. New cars are equipped with high-tech software that improves navigation, fuel efficiency and safety. EVs additionally connect to the grid when they charge and are controlled by software systems that can be updated remotely. Tesla has been able to increase a vehicle’s battery range and power input simply with a remote software update.

Many Chinese EVs are even more advanced than those coming off U.S. assembly lines. They can alert drivers when a traffic light is about to turn green and trigger flashing lights or audible warnings if a driver appears to be getting drowsy.

But these systems rely on sensors, facial recognition and microphones that can collect sensitive information. Vehicles can record audio and video, as well as gather intel about the driver’s identity, finances and contacts if his phone is connected by Bluetooth. If the idea of the government using “smart cars" to surveil and control society sounds Orwellian, welcome to the People’s Republic of China.

The Associated Press reported in 2018 that China was requiring automakers operating in the country, including foreign-owned companies like Tesla, to transmit real-time data on drivers of “alternative energy vehicles" to government monitoring centers. Here’s betting Chinese mandarins don’t want this data only to nab speeders.

Enter the Commerce Department, which in March launched a national-security investigation into vehicles that connect to the grid and other critical infrastructure and that are designed, developed or manufactured by foreign adversaries. “Connected vehicles from China could collect sensitive data about our citizens and our infrastructure and send this data back to the People’s Republic of China," Mr. Biden warned as he ordered the probe. “These vehicles could be remotely accessed or disabled."

Pervasive data sharing of sensitive information, the Commerce Department warns, reflects the Chinese government’s “broader approach to co-opting private companies—one that raises significant concerns about how the PRC government might exploit the growing presence" of Chinese-made vehicles in foreign markets.

Chinese electric passenger cars haven’t penetrated the U.S. market in part because of 25% tariffs. American consumers also haven’t warmed to EVs. But businesses and governments are spending hundreds of millions of dollars to electrify their fleets to meet their CO2 emissions goals. Many are now turning to Chinese EV manufacturer BYD.

BYD ranked as California’s top seller of electric trucks in 2022 and second in buses, mostly used by public-transit agencies, ports and airports. A congressional investigation this year revealed suspicious cellular modems in Chinese cranes at U.S. ports. Don’t think Chinese electric trucks pose the same risks?

You don’t have to be paranoid to wonder whether Beijing has egged on the West’s climate obsession because Chinese leaders view green technology as a tool they can exploit. Some of the technology’s national-security risks can probably be mitigated, but not when the government is putting the pedal to the metal.

Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
more

MINT SPECIALS