Skip to main content

A Concordia cryptologist looks at how electric cars can impact power-grid security

Amr Youssef finds that botnets could exploit vulnerabilities in transmission and distribution systems
January 8, 2020

Amr Youssef is thinking ahead — specifically, to the time electric cars become more commonplace.

“When electric vehicles are widespread, and fast-charging stations are plentiful, cyberattackers could create a network of infected electric vehicles and charging stations that create power outages at will,” he warns.

Youssef is a professor and cryptography expert with the Concordia Institute for Information Systems Engineering at the Gina Cody School of Engineering and Computer Science.

He co-authored a study, “Impact of Electric Vehicle Botnets on the Power Grid,” presented at the IEEE Canada Electrical Power and Energy Conference in October. The findings are “a cautionary tale,” he says.

Securing cyberphysical systems

The infected electric vehicles and charging stations Youssef describes make up a potential network of controllable devices, called a botnet, that are remotely controlled by a cyberattacker — the botmaster — to commit cyberattacks.

In this case, the target would be the smart power grid. A smart power grid is just one example of a cyberphysical system, where there’s an integration of computation, networking and physical processes. A fleet of self-driving cars is another example.

Youssef is developing methods and techniques to secure cyberphysical systems.

Together with his collaborators at Concordia’s Security Research Centre and co-authors on the study from outside Concordia, he is investigating different cyberphysical attacks on the electric power grid.

Using data obtained from the Toronto Parking Authority about electric vehicles and fast-charging direct-current stations, the researchers simulated the effect of an electric vehicle’s botnet on the power grid transmission and distribution systems.

“We showed that an attack is possible on both levels — distribution and transmission. Load-altering attacks can cause a power outage when a botnet instructs vehicles to charge at multiple fast-charging stations at the same time, resulting in a voltage limit violation,” says Youssef.

“Moreover, the attacker could increase the load such that the distribution network’s protection system is not triggered, yet the effect of the attack is observed in the transmission network in terms of outages,” he adds.

“If a transmission line trips, that causes a much more serious blackout affecting more people. That makes the security of electric vehicles and fast-charging stations vital for the security of the power grid.”

Cybersecurity of electric vehicles and charging stations plays an important role in their design and integration in the electric grid, he notes.

“The threat isn’t at our doorstep, but it’s imminent. We haven’t yet reached the tipping point in the market for electric cars where we need to panic,” says Youssef. “But it is coming.”

Learn more about the
Gina Cody School of Engineering and Computer Science.

Back to top

© Concordia University