As the U.S. electrifies the transportation sector, cyberattacks targeting vehicle charging could impact several critical infrastructure sectors including power systems, manufacturing, medical services, and agriculture. This is a growing area of concern as charging stations increase power delivery capabilities and must communicate to authorize charging, sequence the charging process, and manage load (grid operators, vehicles, OEM vendors, charging network operators, etc.). The research challenges are numerous and complicated because there are many end users, stakeholders, and software and equipment vendors interests involved. Poorly implemented electric vehicle supply equipment (EVSE), electric vehicle (EV), or grid operator communication systems could be a significant risk to EV adoption because the political, social, and financial impact of cyberattacks — or public perception of such — would ripple across the industry and produce lasting effects. Unfortunately, there is currently no comprehensive EVSE cybersecurity approach and limited best practices have been adopted by the EV/EVSE industry. There is an incomplete industry understanding of the attack surface, interconnected assets, and unsecured inter faces. Comprehensive cybersecurity recommendations founded on sound research are necessary to secure EV charging infrastructure. This project provided the power, security, and automotive industry with a strong technical basis for securing this infrastructure by developing threat models, determining technology gaps, and identifying or developing effective countermeasures. Specifically, the team created a cybersecurity threat model and performed a technical risk assessment of EVSE assets across multiple manufacturers and vendors, so that automotive, charging, and utility stakeholders could better protect customers, vehicles, and power systems in the face of new cyber threats.
Superstorm Sandy caused a major disruption to passenger-rail and other commuter systems throughout New York and New Jersey. To address this issue, New Jersey Transit (NJT) established the NJ TRANSITGRID project, an effort designed to power bus, ferry, and limited passenger-rail service during natural or man-made disasters. Given the importance of these transportation systems, NJT partnered with Sandia National Laboratories (Sandia) to assess the cyber-resilience of the information systems that monitor and control the electrical systems within the microgrid. The Sandia “tabletop” assessment is based on the most recent 20% design packages. From this assessment, the Sandia team identified several security areas that were undefined or did not implement industry best practices. Finally, the Sandia team presented possible follow-on assessment activities and recommended investigating multiple hardening technologies. Addressing these findings and adding state-of-the-art detection and mitigation technologies will help ensure the NJ TRANSITGRID is built with more comprehensive cyber-resilience features.
The cybersecurity consortium, which was established by DOE/NNSA’s Minority Serving Institutions Partnerships Program (MSIPP), allows students from any of the partner schools (13 HBCUs, two national laboratories, and a public school district) to have all consortia options available to them, to create career paths and to open doors to DOE sites and facilities to student members of the consortium. As a part of this year consortium activities, Sandia National Laboratories and the University of Virgin Islands conducted a week long cyber workshop that consisted of three courses; Digital Forensics and Malware Analysis, Python Programming, and ThunderBird Cup. These courses are designed to enhance cyber defense skills and promote learning within STEM related fields.