It’s aggravating to have your social media account hacked. A credit card account being hacked can be disastrous. It’s possible that having your new electric vehicle hacked will be disastrous. After a century of focusing primarily on engineering issues, automakers are confronted with a new set of challenges. Other industries are dealing with cybersecurity issues, and mobility ecosystem players can look to others for similar solutions, though the specific implementation of those solutions would need to be carefully shaped to fit the automotive industry’s unique needs.
As the transition to self-driving electric vehicles accelerates, protecting the cybersecurity of these vehicles has become critical. That is why University of Georgia researchers are looking for flaws that could jeopardize the safety and efficiency of such vehicles. A UGA-led team provides the first comprehensive study on cyber-physical security of powertrain systems in connected and automated electric vehicles, or CAEVs, in a new paper published in the IEEE Journal of Emerging and Selected Topics in Power Electronics.
University of Georgia researchers are identifying weaknesses that could threaten the safety and efficiency of such vehicles.
“The findings here will help manufacturers develop better anti-cyberattack technologies,” said lead author Jin Ye, assistant professor of electrical engineering and director of the Intelligent Power Electronics and Electric Machines Laboratory. “Manufacturers should consider those aspects as they design better and more secure vehicles.”
Concerns about safety have long been at the forefront of CAEV development. A recent fatal crash in Texas has only added to those worries. The researchers investigated vulnerabilities to cyberattacks aimed at a variety of targets ranging from energy efficiency to safety for this study, and provided an architecture for next-generation power electronics systems.
According to Ye, security studies of internal combustion engine vehicles do not address powertrain systems in CAEVs, which consist of multiple complex and integrated cyber-physical systems that require monitoring and control to ensure safety and efficiency. Furthermore, increasing connectivity between CAEVs, charging stations, and smart grids exposes CAEVs to cyberthreats not present in internal combustion engines.
Although autonomous vehicles (AVs) are regarded as the ultimate solution to future automotive engineering, safety remains a major challenge for the development and commercialization of AVs. Though AI is being implemented at a rapid pace in a variety of sectors, the way it is being used in the automotive industry is currently a hotly debated topic.
While technology such as adaptive cruise control and other auto-assist functions can improve driving safety, comfort, and energy efficiency, embedding such control units into networked infrastructure raises cybersecurity concerns. In-vehicle infotainment systems, which use audio/video interfaces, touch-screen displays, button panels, and voice commands to provide entertainment and useful information to the driver and passengers, are a prime target for attackers, allowing them to hijack both safety-critical and non-safety functions.
Similarly, because electric vehicles use the grid to charge their batteries, they are more vulnerable to cyberattack than traditional internal combustion engine vehicles. An attacker could use a charging station to bypass vehicle control systems, potentially leading to life-threatening consequences such as disabling brakes, turning off headlights, or taking over steering.
“Because electric vehicles will be connected to a variety of infrastructures, cyberattacks will be a problem,” Ye explained. Cyberattacks can also significantly reduce the efficiency of electric vehicles, causing a faster deterioration in power capability and battery life, reducing the time and distance between charging. Highly skilled attackers have the potential to cause severe damage, such as reducing battery capacity and energy by up to 50%, using sophisticated methods that are difficult for the human driver to detect.
“If a cyberattack occurs, you will notice some negative signals: vehicle speed and acceleration will be affected, causing safety and functionality issues,” Ye explained. “Alternatively, it may cause issues in energy management systems. The efficiency of electric vehicles will decrease, and the batteries will most likely die in a short period of time. All of the signals we investigated have a negative impact on safety.”
Safety guidance for electric vehicles
Ye has written a series of articles for the Institute of Electrical and Electronics Engineers on cyber-physical security in electric vehicles, with two already published in the IEEE Transactions journals in April and May. Her new research could help carmakers and engineers create a first-stage cyber-security system. She suggests some basic mitigation techniques to defend modern vehicles against cyber-attacks:
- Secure on-board diagnostics port
- Better firewall
- Reliable hardware
- Secure software updates
- Penetration testing
- Code reviews
Above all, Ye recommends developing a cyber-security monitoring system to detect, locate, diagnose, and mitigate cyberattacks.
“Although vehicle cyber-security research is still in its early stages, and the monitoring system cannot directly recover the system to a safe region, it can alert the driver to react in a timely manner,” Ye explained. “Once a cyberattack has been identified, the driver can stop the vehicle to prevent further damage.”
