Get Ready For the Mad Max New World of Hijacked Electric Cars and Downed Power Grids
Colonial and Solar Winds were dress rehearsals for this age of road mayhem
If American motorists behave like typical consumers, they will notice a steep drop in the price of electric vehicles around the middle of the decade, and begin to snap them up. And with that, they will crack open a vast new vulnerability to the world’s cyber criminals, Machiavellian spymasters, malicious actors, and the odd benign voyeur.
A decade and a half into the new age of cyber warfare, the electronic equivalent of hostile forces are crawling through the guts of the most critical computers on the planet, in core companies, energy infrastructure, and government agencies from the U.S. to China, Russia to North Korea, Iran and beyond. Everywhere, these digitally savvy armies are probing for weak spots, observing the behavior of their adversaries, and planting barely perceptible nodes for possible activization later — software bombs with the potential to take down an electric grid, stop a payments system, or release highly sensitive information for the world to see.
But what unfolds next looks likely to be an elevated phase of such intelligent gamesmanship: a free-for-all built around the new world of electrification, in which virtually all the main adversaries on the world stage have the capability to take down small and large parts of the others’ power grid — and who do so, routinely. And who hijack the EVs and other portable connected devices that are fast becoming fixtures of our 21st century lives.
A major 2018 report by the U.S. Transportation Department said hackers could create mayhem of the new EV fleet by flooding Internet connections with messages, blocking the transmission of legitimate, needed traffic. Such “denial of service” attacks could prevent vehicles from charging up and throw the grid off balance, the report said. Vehicles could be commandeered. Chips and systems could be reprogrammed to carry out malicious or just crazy functions.
“Think of the Bonnie and Clyde-era of bank robbers,” said Stuart Madnick, an emeritus professor of information technology at MIT Sloan School of Management. “I see us at a phase somewhat like that.”
The age goes back to the 1980s, the 1990s and the early ‘oughts, when the U.S. pioneered the rudiments of hacking. American computer mavens steamrolled their way inexorably into Russian, Chinese and Iranian systems. The hinge moment was the 2007 “Stuxnet” attack by the U.S. and Israel on Iran’s nuclear system, a stunning assault that set back Tehran’s atomic ambitions but backfired by triggering copycat attacks and a new type of warfare — a kind of silicon war. By 2011 and 2012, China had stolen key cyber tools, Iran had been in U.S. banks, and Russia — in the form of a group dubbed “Energetic Bear” — had infiltrated the U.S. energy infrastructure.
For the purposes of this account, the main theater of action is the electric grid, the organizing center of the new time of advanced batteries and EVs. If someone has implanted nodes that can take down or manipulate when and whether there will be electricity — which Russia, China and others have, U.S. security officials say — they are posing a risk to the coming battery and electric vehicle industries, which rely on the power supply. In a piece last week at the Wall Street Journal, Amy Myers Jaffe, author of “Energy’s Digital Future,” warned of the danger of a coming “hacking arms race” among the U.S. and other countries, centered on the grid. But if anything, this race already seems to have been under way for several years. True, Russia, China and perhaps North Korea and Iran are in the U.S. grid; but the U.S. is in theirs, too. It is as though everyone has a knife to everyone else’s throat.
“They are preparing the battlefield for the attacks of the future — by collecting intelligence, mapping networks, implanting malware that can be activated later,” Richard Fontaine, CEO of the Center for a New American Security, told me.
In this regard, the U.S. may be the most defenseless major country on the planet. It is a function of its richness as a target, and its history of building up potent offensive capability but wearing blinders in terms of understanding that others can play this game, too. “Nations, criminal groups, terrorists, hackers and hacktivists, and insiders pose threats to the bulk power system,” the Government Accountability Office wrote in a March report.
Not that the U.S. has done nothing — since at least 2012, the Department of Energy has issued multiple funding calls for projects to protect the grid and other energy infrastructure. President Biden has issued an executive order to shore up U.S. cyber defenses.
But the Pentagon and U.S. intelligence agencies have been slow. As Americans have seen again and again, the U.S. is an easy mark to cyber hackers. A paradox of this vulnerability is that the U.S. has held back from aggressive offense, fearing retaliation against which it’s thought the U.S. may not be able to protect itself well. But if, as he repeatedly says, the president wants to win the race for the technologies of the future — in this case EVs and batteries — he will have to win cyber first.