Electric Cars, Are They Safe from Hackers?

Looks like the electric car is here to stay, especially in the US. The vast spending power of the US federal government is unmatched and so when it decides to do something, it can move markets and shape the economy.

The best, and by far biggest, example of this was the decision in 1961 to send a man to the moon by the end of the 1960s; the resulting flood of spending spawned waves of innovation and technological breakthroughs. It literally rocketed America’s post-World War II economy into the space age.[1]

Current US President Biden wants to make a big move of his own, witness his announcement that the entire gasoline-powered fleet of government vehicles will switch to electric-powered ones. It is not exactly the Apollo program, which at its height spent the 2019 equivalent of $700 billion a year [about the size of last year’s entire US defense budget] but it is still a potentially market-making move that could give the growing but still-smallish electric vehicle industry a giant boost. It also reflects the US President’s view that climate change is here and real, and that the window to deal with it is narrow.

Says Biden: “The federal government … owns an enormous fleet of vehicles, which we’re going to replace with clean electric vehicles made right here in America, by American workers.” The US is talking big numbers here. According to the US government’s General Services Administration (GSA), there are some 245,000 vehicles in various federal agencies. The US Postal Service has another 225,000, and the military another 173,000. So the US has some 643,000 cars, vans, and trucks.

Most people have already heard of Tesla TSLA and its millionaire-making stock surge of the last year. Lesser-known are shares of companies that would benefit from a federal push into electric vehicles. They have been going up as well. Loveland, Ohio-based Workhorse Group WKHS, -4.60%, for example, is up over 10-fold in the past year, nearly 50% faster than Tesla. Workhorse has a non-disclosure agreement with the US Postal Service, so its Chief Financial Officer has to keep somewhat mum, but he did say that the USPS will make an announcement on its vehicle fleet by the end of the first quarter. Sources indicate USPS is hopeful that Workhorse can capture a sizable share of the USPS’s order. The other two bidders are Wisconsin-based Oshkosh Corp. OSK, +5.76%, and Turkish electric-vehicle maker Karsan, which is teaming up with long-time USPS supplier Morgan Olson of Michigan. For the US Postal Service, the efficiencies appear to be big. The average age of those little vans that putter up and down your street delivering your mail is nearly 29 years, and their constant stopping and going means they get terrible gas mileage. This is one example of possible USPS savings, which is inferred from a recent USPS contract. Given that the US Postal Service ‘plans’ to buy about 180,000 vehicles over the next five to seven years, that’s big money. A Postal Service spokesperson declined to comment.

An electric vehicle analyst from CleanTechnica predicts US sales of electric vehicles will total about 585,375 units in 2021. The encouraging news: That is up 70% from last year. But given that total - vehicle sales in the US have averaged about 16.8 million in recent years, that’s still only about 3.4% of the market.

OK, electric vehicles are inevitable - But are electric cars and trucks safe?? E-cars (specifically a Jeep) have been taken over in cyber tests and some continue to be leery of a hackers taking control of an electric/cyber car. In Israel, the CEO of cyber-security company GuardKnox (GK) points out that these e-automotive sectors have become important parts of a nation state’s core infrastructure. GK, in common with many of Israel’s current technology innovators, draws on its roots working for the nation’s advanced military capability.[2] The CEO is a veteran of the Israeli Air Force, who prospered from early insights into how military aircraft were the pioneers of connectivity and the first to be aware of the threats to cyber-security. The CEO is quoted as saying recently at a trade show, “Here’s something we have pitched for the past three or four years, that cyber-security cannot be patched in, it should be cyber-security by design. Israeli fighter jets have been connected for 40 or more years and, while no-one will say it, they would have been targets for cyber-attacks. However, they were not hacked because they were designed to be connected not just because someone decided to put in an ECU with a SIM card.”

GK says this is the core problem that the automotive sector has yet to successfully master, leaving it prey to malicious attacks on a massive scale. The CEO explained, “There are economic forces behind these things (e-cars). Imagine those fleets of vehicles that are doing deliveries all over Europe and the US right now, will get hacked (like the proposed US Postal e-vehicles). Then it is going to affect the entire economy. Right now these fleets are not treated as a part of the national infrastructure but the Internet is. When those trucking companies are connected to the Internet there is a huge risk.” And they will be.

However, an even greater potential risk lies within the growing adoption of electrified vehicles, where full BEVs or plug-in hybrids. Both rely on frequent use of electric energy drawn from the grid or, in the case the more advanced V2G compatible vehicle such as the latest Nissan Leaf cars, able to return excess electricity back into the grid. This may not be very desirable, in GK’s opinion. He said: “Another threat is that electric vehicles are going to be connected through the charging stations, eventually through the grid to the power plants. Can someone assure me that those vehicles are not going to be the loophole in the system where a hacker will not be able to hack into the power plant? I’m willing to have a bet with you, no one would be able to tell me that.”

Yes, electric cars and trucks are here to stay……but we hope researchers and government officials take heed of GK’s warnings.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com

Weekly Cyber Intelligence Briefings: https://attendee.gotowebinar.com/register/3702558539639477516