You don’t have to bomb the energy grid or sabotage/hack the cell network to put a nation literally out of business. There is a much easier route: Hack the EV chargers. Country particularly exposed? Norway! Also exposed: EU, UK, US, China, … 

The Norwegian EV stats are either incredible or scary depending on your point of view. 80% of all new cars were electric or hybrid in 2022. By the end of the year, 21% of all cars were electric. 2023 is even worse – or better, again depending on viewpoint. Wow. Why? Direct and indirect government subsidies of course. Unsurprisingly, there is little if any climate consciousness involved. When asked, most EV-owners would prefer a car with a traditional combustion engine – for any number of reasons. They may not admit it though – it’s politically incorrect in many social groups to not be an EV fan.

And it’s not just passenger vehicles. Trucks big and small, box trucks, vans are increasingly emission free. Emission free driving that is. The total emission footprint is a different story – for a different time (check the post Is ‘Going All Electric’ Killing the Planet?).

What happens if the charging stations shut down? I know it’s s stupid question but it has to be asked – and don’t tell me home chargers will cut it. They will not – and as we will see, they may be hacked too. So – no charging, no driving. Just like a car or truck running out of gas or diesel. Same thing, right? 

Yes and no. No fuel, no driving – but hacking a gas station is hard, hacking many of them concurrently is even harder. Complete electric shutdown? There are still ways to get the fuel from the underground tanks to the vehicle. EVs and electric chargers – now that’s a different story. They’re natives of the digital age, full of digital technology – computers and networks in many shapes and sizes, which means software which means bugs which means exposure. Integrated digital payment systems, safety controls, data collection, surveillance, operations, updates and more. And while there are many vendors and several brands of equipment, the charging stations have a lot of components in common. Hackable components.

I’m sure you’re getting the drift already: Exposure, vulnerability. Possibly even extreme exposure. Think about it: What if all chargers in a country were hacked? Ok, that’s excessive, what if half of them were hacked and locked? You don’t have to own an EV to know what the ‘electric gas stations’ look like at rush hour or if some of them are out of order. It’s bad – and it’s getting worse, partly because no one saw it coming – which is interesting in itself because everything was politically planned. It’s like planning a city and forgetting the water supply and the sewer. Another tempting line of discussion – for another time and day.

Back to the exposure – is it real? It sure is – as was thoroughly discussed in a Wired Magazine article a few months ago (EV Charger Hacking Poses a ‘Catastrophic’ Risk). There have been cases in Russia, UK, US and other countries – some rather innocuous, others of more serious character – including vehicle (and owner) data being stolen from the cars while charging, or blocking the chargers and displaying political messages on the screen. And it’s not just about charging stations, it’s about the charging units we use at home too: All networked, smart and – as it turns out – not very secure.

The Wired article is quoting Ken Munro from security company Pen Test Partners:

“It’s not about your charger, it’s about everyone’s charger at the same time,” he [Munro] says. Many home users leave their cars connected to chargers even if they aren’t drawing power. They might, for example, plug in after work and schedule the vehicle to charge overnight when prices are lower. If a hacker were to switch thousands, or millions, of chargers on or off simultaneously, it could destabilize and even bring down entire electricity networks. 
“We’ve inadvertently created a weapon that nation-states can use against our power grid,” Munro says.

That got my attention – and yours too, I suspect. One of many easy targets for both terrorists and nation-state hackers – and one that until recently received minimal attention. 

It sounds bad because it is bad, but the picture has good news too: US, UK and (presumably) EU authorities are ‘on’ the issue, demanding improved and documented security, more robust interfaces and standardized test/certification procedures. Hopefully they are fast-lining the processes or we’ll have some interesting stories to tell in a week or a few months. That’s how exposed we are.

For once, the UK seems to be taking the lead. Again from the Wired article:

Last year [2022] … the United Kingdom rolled out a host of requirements for EV chargers, such as enhanced encryption and authentication standards, tamper detection alerts, and randomized delay functionality.

Expect ‘certified charging station’ and ‘approved charger’ to become visible marketing terms soon, maybe in 2024. Is that good enough? Not at all. The risk is here and now, the threat is real and immediate, and the technical issues are known and understood. What are we waiting for?

Ah, oh yes, businesses and regulators need time to adapt to a new situation. But wait, this is war, how can anyone in their right mind suggest (or accept) delaying defensive/protective action because ‘fast’ is inconvenient? Actually, the mechanisms are already in place if we want to use them. The car industry is used to ‘recalls’ – get dangerous products off the streets and fix them. Lawmakers can stop/block dangerous products immediately if they want to. If that’s too harsh, they can make subsidies and tax breaks – even vehicle registration – dependent on compliance. Customers – you and I – can demand documented security. 

The list goes on, and the quote above says it all: “We’ve inadvertently created a weapon that nation-states can use against our power grid.” ‘No action’ is unacceptable. The threat is real and immediate. Stopping a nation isn’t easy but it’s doable – with limited resources.