Blog: Automotive Security
Are Vehicle to Grid spikes coming?
If you didn’t already know, I’m a massive fan of electric vehicles. One of the aspects that intrigues me is Vehicle to Grid (V2G), the potential for our car batteries to store and release electricity to and from the grid, providing balance for the peaks and troughs of demand.
It’s a part of what is known as Demand Side Response or DSR. This is where the power network operators request power back from consumers, or automatically cause enabled consumer devices to reduce load.
V2G is some way off, as it requires open and interoperable communications standards. It also requires auto manufacturers and charge point vendors to collaborate to enable power generators and network operators to call for power from car batteries en masse.
IEC 15118 and the proposed ISO 15118 cover security standards that will enable V2G, but there are plenty of issues to overcome both with the standard and implementation. Already issues have been noted in similar standards, such as the example given around weak MAC based authentication in DIN Spec 70121 with CCS. There’s a mountain to climb for all involved to implement secure authentication in a manner that’s effectively invisible to the user
Given our research in to electric vehicle charge point security, it alarms me that potential security flaws in V2G protocols and (more likely) in their implementation could make the potential for grid spikes worse.
Fortunately, individual domestic EV chargers are not powerful enough to cause significant spikes by themselves. However, aggregation of large numbers of chargers pulling or pushing power on to the grid at times of high or low demand does create potential for over- and under loads.
At some point in the future, it may also be possible for high capacity public chargers to receive much higher V2G inputs per vehicle. Already we have 350kW public chargers, so if the commercial incentives are attractive enough, drivers may be prepared to make their cars available for much larger inputs to help balance the grid. This also increases the potential for power spikes though poorly implemented security.
There is some speculation that the Tesla Cybertruck may launch shortly with V2G, or at least Vehicle to Home, capability.
Leasing companies and battery wear
Allowing DSR from car batteries has huge potential to store and release power at times of under- and over supply. However, much of the value of an EV is in the condition of its battery. Manufacturers have designed in expected life of that battery for normal use by the driver.
Additional wear from increased charging and discharging due to DSR could affect the value of the vehicle. This is of particular concern to the leasing companies that own roughly 30% of the new cars manufactured each year.
Even driver-owned vehicles will have issues with DSR – the value of their car may decrease if battery wear is deemed to be excessive.
A car isn’t enough
Consumer batteries can already offer useful energy storage and savings in the home, taking advantage of cheap tariffs overnight. However, most batteries in the home are comparatively small; a 10kWh battery is an expensive investment. But energy companies need plenty more storage than this to balance the power grid.
Cars typically have much larger batteries, say 40-100kWh or so. Even then, most homes will have a single phase, 7kW charger. That significantly limits the ability of the battery to pump power into the grid.
Hence the power companies need to be able to call on large number of vehicles concurrently to be able to meet the needs of grid demand.
Cheap tariffs cause problems too
Charging ending is also a problem – current power tariffs structures are often in half-hourly pricing segments, meaning there are cliff edges when pricing changes cause smart chargers to stop. The simplest of overnight cheap tariffs in the UK ends at 7am, meaning that large numbers of chargers may stop charging at exactly that time.
The cliff edge of chargers turning on has partly been addressed in the UK by a random 120 second delay being introduced before charging starts, but nothing has been done to prevent the cliff edge of chargers turning off.
Privacy and security
In order to successfully request power from a vehicle, the energy network operator is likely to need to know the state of charge of your battery. How much power can they pull for how long?
You’re also likely to have set a minimum charge level, so that you have enough juice for your planned journeys.
This requires a degree of interaction between the network operator, the charger, and your vehicle. There is potential for this to go wrong, if security isn’t fully thought through.
From our work on EV chargers and creation of power surges as a result of poor security, we can clearly see the need to get car battery DSR right in terms of cyber security. Get it wrong and we may see large numbers of car batteries being commanded by nefarious individuals to push power to the grid at times of oversupply. Blackouts will ensue.
Car manufacturers
All of this requires a willing OEM. Given that many manufacturers are looking for new revenue streams as margins from manufacture are eroded, the potential for the OEM to take control of the battery and broker the DSR themselves is significant.
The ethics of this need consideration, let alone the potential security and privacy impacts. There was widespread concern when, for example BMW fitted heated seats to all vehicles but then charged a fee to enable them. How will the public respond if the manufacturer has a degree of control over the EV battery and potentially profits from its use?
Conclusion
When I first learned about DSR and the potential to balance the power grid and reduce CO₂ emissions, it seemed like a no-brainer to me. Digging deeper, we discover that the commercial realities and complexity of pushing power back to the grid at the right time in sufficient quantities are significant.
Notwithstanding the commercial challenges, we must also ensure that these protocols are implemented safely and securely. From bitter personal experience, mistakes may be made, resulting in consumer data exposure, discharged EV batteries and potentially power blackouts.
I strongly urge all involved in the ecosystem that will enable DSR from EVs to ensure that design and implementation is rigorously validated for security. I, for one, want to know that my EV battery is charged as I expect it to be every morning!