DLT benefits on electric mobility cyber security improvement
Electric mobility security vulnerabilities
Electric mobility will not only revolutionize the energy market and energy infrastructure but also the way of moving, as it will be completely digital enabling a complex integration of automotive products within the internet of things; this clearly presents new targets for cyber criminals to exploit. Just like any other machine on the network, everything on the portfolio of electric mobility, from charging stations to electric vehicles, can present security vulnerabilities. It has been shown by computer science experts at UTSA [1] that it is possible to hack electric scooters, for example the miniPro Segway and other models such as the Xiaomi M365 scooter, which provide an application that can be used by mobile which is combined with the use of the electric scooter: it is used to move around the city through GPS tracking, it offers a social connection in real time and it allows you to switch the scooter on or off remotely. Attackers with a good knowledge of Assembly language can bypass the functionality of the App and, at the same time, overcome the safety protections of the hoverboard, thus taking control of the device, so that they can stop the race or decide where to take people, for example in the heart of the city or in traffic jam.
Electric mobility designed without cyber security view
Since e-mobility is still perceived as a young industry, the level of IT security investment for each product varies by individual manufacturer and supplier. "Electric mobility is a bit of a wild West when it comes to cybersecurity" [2], says Andrew Barratt, British CEO of Coalfire, a cybersecurity consultancy. Currently most of the vulnerabilities in vehicles reside in battery management and in the main digital interface, however, if we consider that the near future foresees the production of autonomous cars, the threat is greater because the vehicles would be connected to each other and they would also be connected to networked road systems. “A nation state or serious organized crime group could induce a range of vehicles to crash at high speeds. Attackers wishing to harm critical national infrastructure without direct loss of life could force all traffic to attempt to go through certain areas, creating large localized traffic jams", says Vic Harkness of F-Secure Consulting.
Creation of an international framework for threat sharing exploiting DLT
Numerous experts have requested the introduction of security in the design phase, making sure that security is not an afterthought following a problem, but is integrated into the products from the beginning. Furthermore, if a supplier discovers a vulnerability to within one of its systems, a framework should be set up in which this information can be shared with other suppliers, so that overall security increases more quickly thanks to cooperation between manufacturing companies. In conclusion, it is clear that electric mobility is not limited to the product, the vehicle, but also includes the complex issue of the necessary infrastructure, which is why it is necessary to structure a national or even better international network to achieve the security goal. Distributed ledger model, in particular the sharing among all participants of a consistent copy of the database, the absence of a central server, peer-to-peer network connections, ledger rules, transaction rules and digital signatures, accommodate the needs of an international framework, making DLT the enabling technology to achieve such essential collaboration. In this context, the work carried out in SOFIE project will be of great help, as the secure open federation guarantees an exchange of information between different actors even when they utilize different distributed ledger technologies.
References:
[1] M. Nazir, 23 January 2020. [Online].
[2] S. Shah, Financial Times, 20 July 2020. [Online].
Photo by Jeremy Banks on Unsplash.