Automated electric vehicles exposed to cyber threats. Researchers from the University of Georgia have identified cybersecurity weaknesses that could threaten the safety of connected and automated electric vehicles (CAEVs).

While technology such as adaptive cruise control and other auto-assist functions enhance driving safety, comfort and energy efficiency, the networked infrastructure of these vehicles opens the door to cybersecurity concerns. The researchers said in-vehicle infotainment systems—used to deliver entertainment and useful information through audio/video interfaces, touch-screen displays, button panels and voice commands—are a prime target for attackers.

Electric vehicles are also vulnerable when they plug into charging stations. Hackers could use this recharge time to circumvent the vehicle control systems, which would allow them to disable brakes, turn off headlights or take over steering.

Highly skilled attackers can also reduce the efficiency of electric vehicles, decreasing battery capacity and energy by up to 50 percent.

Source: “How to keep automated electric vehicles safe,” University of Georgia, April 27, 2021; study, “Cyber-Physical Security of Powertrain Systems in Modern Electric Vehicles: Vulnerabilities, Challenges and Future Visions,” IEEE Journal of Emerging and Selected Topics in Power Electronics, Dec. 17, 2020

***

Major U.S. pipeline hit with cyber attack. Colonial Pipeline, the operator of one of the largest fuel pipelinesin the U.S., remains largely shut down after being hit with a ransomware attack on May 7. The pipeline provides nearly half of the supply of gas, diesel and jet fuel to the East Coast.

The cyber attack underscores the vulnerabilities of U.S. infrastructure, warns a cybersecurity expert from the University of Notre Dame, who is also a former computer scientist with the National Security Agency. “The fact that this attack compromised systems that control pipeline infrastructure indicates that either the attack was extremely sophisticated, or the systems were not well secured.”

He noted, “Standard practice for this type of critical systems is to place them on their own isolated networks precisely to prevent this type of attack. These systems shouldn’t be connected to the internet, making it very difficult for an outsider to gain control of them.”

The FBI has confirmed the culprit is DarkSide, a strain of ransomware believed to be operated by Russian cybercriminals. DarkSide claims their motives are purely money-related and not political.

Source: “Colonial Pipeline cyberattack reveals national infrastructure vulnerabilities, Notre Dame expert says,” University of Notre Dame release, May 11, 2021