Public Plug-in Electric Vehicles + Grid Data: Is a New Cyberattack Vector Viable? (1907.08283v2)

Abstract: High-wattage demand-side appliances such as Plug-in Electric Vehicles (PEVs) are proliferating. As a result, information on the charging patterns of PEVs is becoming accessible via smartphone applications, which aggregate real-time availability and historical usage of public PEV charging stations. Moreover, information on the power grid infrastructure and operations has become increasingly available in technical documents and real-time dashboards of the utilities, affiliates, and the power grid operators. The research question that this study explores is: Can one combine high-wattage demand-side appliances with public information to launch cyberattacks on the power grid? To answer this question and report a proof of concept demonstration, the study scrapes data from public sources for Manhattan, NY using the electric vehicle charging station smartphone application and the power grid data circulated by the US Energy Information Administration, New York Independent System Operator, and the local utility in New York City. It then designs a novel data-driven cyberattack strategy using state-feedback based partial eigenvalue relocation, which targets frequency stability of the power grid. The study establishes that while such an attack is not possible at the current penetration level of PEVs, it will be practical once the number of PEVs increases.

• The paper demonstrates that power grids can be destabilized through demand-side cyberattacks using public PEV and EV charging data.
• A proof-of-concept using Manhattan’s data reveals how partial eigenvalue relocation can induce frequency instability.
• The study underscores the urgent need for unified cybersecurity protocols to protect grid infrastructure as PEV adoption increases.

Viability of Cyberattacks on Power Grids via Plug-in Electric Vehicles

The paper "Public Plug-in Electric Vehicles + Grid Data: Is a New Cyberattack Vector Viable?" explores the potential for cyberattacks on the power grid utilizing Plug-in Electric Vehicles (PEVs) as vectors. The authors, Acharya, Dvorkin, and Karri, present a detailed analysis of how PEVs, along with Electric Vehicle Charging Stations (EVCSs) and publicly accessible grid data, could be leveraged to disrupt grid stability.

Overview

The paper discusses the proliferation of PEVs and emphasizes the unique vulnerabilities they introduce compared to traditional utility-side cyberattacks. These vulnerabilities arise due to several factors: the high number of access points, inadequate continuous monitoring by the grid operators, and the difficulty in distinguishing malicious demand fluctuations from regular demand. Although the current penetration of PEVs may not pose a significant threat, the risk increases as the number of PEVs grows.

Key contributions of the paper include:

1. Evaluation of Power Grid Vulnerability: The paper is the first of its kind to assess the power grid's vulnerability to a demand-side cyberattack strategy developed using publicly available data. The approach is informed by analogous assessments used in nuclear nonproliferation, capturing realistic attack scenarios without assuming omniscient attackers.
2. Proof of Concept Demonstration: Using public data from Manhattan, NY, the authors design a novel attack strategy targeting grid frequency stability. This strategy exploits the available data to remotely alter PEV and EVCS loads, potentially causing frequency instability through a novel model based on partial eigenvalue relocation.
3. Summarization of Cyber Vulnerabilities: Extensive simulations with real-world data highlight vulnerabilities in grid infrastructure that can be exploited by demand-side cyberattacks, leveraging grid-end attack vectors. The research aims to drive awareness regarding the simplicity of devising and executing such attacks, thereby advocating for a unified cybersecurity protocol for high-wattage appliances.

Numerical Results and Implications

The paper's simulations demonstrate that an attacker could achieve power grid destabilization if sufficient numbers of PEVs and EVCSs are compromised. This would involve strategically manipulating the grid's eigenvalues to launch a destabilizing attack. The authors present a detailed methodology for calculating the requisite amount of compromised load and estimate the impact of potential attack vectors.

The implications of this research are significant. As PEVs and associated infrastructures proliferate, they could increasingly become viable vectors for cyberattacks if security measures are not preemptively fortified. The findings highlight the need for rigorous cybersecurity protocols and standards across public EVCS networks and grid operators. Moreover, the paper suggests enhanced monitoring solutions that can discern malicious activities from ordinary power fluctuations.

Future Directions

The demonstrated potential for cyberattacks via PEV infrastructure underscores an urgent call to develop resilient security frameworks. Future work should focus on improving the observability of demand-side operations without infringing on privacy. Additionally, extending the model to incorporate other high-wattage IoT devices could broaden the scope of potential vulnerabilities, necessitating a comprehensive approach to grid cybersecurity.

The paper opens a critical dialogue on grid cybersecurity in the context of emerging smart grid technologies, emphasizing the intersection of increased connectivity and potential risk. The strategic foresight provided in this paper could shape regulatory policies and technical standards designed to safeguard grid stability amid increasing PEV adoption.