Safeguarding battery systems and data in the age of EVs

As EVs continue to proliferate and strain the power grid, two critical challenges need to be overcome: safeguarding the functionality of battery arrays and their generated data, explains Hebberly Ahatlan of Intertrust.

EVs continue to gain traction worldwide, however concerns regarding the strain they pose on existing power grids are mounting. The transition to widespread EV adoption brings with it not just opportunities for cleaner transportation, but also significant challenges for the stability and security of energy infrastructures.

Among these challenges, two of the most critical ones are safeguarding the functionality of battery arrays dedicated to support the power hungry EVs that siphon electricity erratically from outdated grid infrastructures, and the data generated by such arrays – which could contain personal identifiable information (PII), telemetry data, or sensitive information about the state of the grid.

Moreover, such battery systems can be entry points for sophisticated cyberattacks that could render a city into a blackout.

More specifically, the proliferation of electric vehicles presents both opportunities and challenges for the European utilities and energy industry that entail not only technical issues, but bureaucratic and scalability roadblocks as well. While EVs promise a cleaner and more sustainable mode of transportation, their widespread adoption raises environmental and public policy questions.

For instance, does building more charging stations impact green space areas?

How can public policy strike a balance between environmental concerns and the need to expand EV charging networks rapidly? Widespread adoption also exposes the deficiencies in the current grid infrastructure to support exponential EV fabric expansion.

Currently, worldwide, most electric power infrastructures are inadequate to support widespread battery arrays and charging stations. The European Union plans to increase its inter-border grid transmission capabilities by adding 23 GW by 2025, and it has plans to continually expand its GW output thereafter, but this is clearly not enough to support a full transition from fossil fuel vehicles to electric ones.

The unprecedented strain on existing power grids necessitates a concerted effort to prepare battery systems and its associated data against possible blackouts due to poor energy distribution across neighbourhoods and commercial areas and cyber threats originating from local and foreign entities.

Have you read?
Report: Utilities aren’t ready for EV growth
Norgesnett and Volue partner on ‘grid aware’ EV charging programme

The interplay between EVs, battery systems and the broader energy ecosystem, requires modern digital energy supervisory platforms that can mitigate data vulnerabilities inherent in the process of managing IT and OT environments, and that can balance the energy consumption across the grid. 

Bolstering the digital security of battery systems involves implementing robust measures to protect against data tampering and theft. Cyber surveillance systems can deter unauthorised access and mitigate the risk of malicious interference. Additionally, deploying advanced encryption and authentication mechanisms within battery management systems (BMS) can fortify defenses against cyber intrusions targeting critical components.

Specifically, decentralised cybersecurity schemes must be implemented within battery management systems. These systems serve as the central nervous system of battery installations, regulating charging and discharging processes while monitoring key operational parameters.

Decentralised cybersecurity spreads the monitoring of data and devices across the entire energy fabric, thereby allowing cybersecurity frameworks to decide locally and in real time how to protect data and devices without necessarily contacting a main operating centre for instructions.

To safeguard against cyber threats, encryption and authentication mechanisms must be integrated into BMS architectures. Encryption algorithms ensure the confidentiality and integrity of data transmitted within the system, protecting against interception or manipulation by malicious entities – thereby preventing events such as Man-in-the-Middle attacks (MitM).

Moreover, robust device and user authentication that goes beyond standard Public Key Infrastructure (PKI) measures would deliver the necessary shift in the energy data fabric to prevent attacks where cybercriminals camouflage the identity of users and devices.

Data transmitted to and from battery arrays moves across vast and complex IoT fabrics, and disparate modern and legacy communication networks, such as Zigbee, Bluetooth and 5G. In particular, in the energy sector, communication protocols such as IEC 60870-5 and device control protocols such as SCADA are the standard.

These specific protocols need to integrate to larger data fabrics. For instance wind farm turbines rely on SCADA control to turn them off and on depending on the weather conditions. SCADA commands could traverse several network nodes, such as servers, cell towers and routers before reaching their destination.

In this diverse agglomeration of technologies to manage energy infrastructures, it is important to note that a truly bilateral data protection process is indispensable to keep the grid working reliably, meaning that, for instance, it is equally critical to protect data sourced from OT fabrics going to IT analytics tools as it is to protect data commands generated at the IT level to actuate OT devices. Employing end-to-end encryption protocols ensures that sensitive information remains protected from interception or manipulation by unauthorised entities.

In parallel, enhancing the resilience of the power grid itself is essential for mitigating the impact of potential cyberattacks on the EV charging infrastructure. Smart grid technologies, such as advanced metering infrastructure (AMI) and distributed energy resources (DERs) – which can include new energy balancing topologies, such as microgrids and virtual power plants (VPPs), enable real-time monitoring and control of energy flows and localized power stabilisation, enhancing the grid's ability to detect and respond to electric surges or to data anomalies or malicious activities promptly.

Moreover, the integration of artificial intelligence and machine learning algorithms can augment predictive analytics capabilities, enabling proactive identification of potential cyber threats before they escalate into full-fledged attacks.

AI goes even further, by indicating in real time where a grid has been damaged due to a blackout or when grid components require maintenance or replacement. However, AI can deliver trustable proactive or reactive insights only if the telemetry is tamper free. Hence, it is fundamental to enable a full trust stack cybersecurity framework across the entire OSI model in the energy industry.

To tackle some of the bureaucratic and scalability roadblocks, collaboration across industry stakeholders is also crucial in addressing the complex challenges posed by the intersection of EVs, battery systems, and cybersecurity. Public-private partnerships can facilitate information sharing and coordination efforts, fostering a collective response to emerging threats and vulnerabilities.

Moreover, engaging with regulatory bodies to establish stringent cybersecurity standards and compliance requirements ensures that all stakeholders adhere to best practices in data governance and security, but that’s not all, in order to maximise collaborations across public and private entities – as well as to effectively enforce compliance requirements – it would be advantageous to hinge grid infrastructure and policy modernisation efforts around open standards that can mitigate data and communication vulnerabilities across IT and OT fabrics, and that can make it easier for entities to enforce strict data governance guidelines.

In the present time, we face disparate collections of devices, communication protocols, and software platforms that do not always speak the same language, making it impossible to apply seamless cybersecurity and policy across the totality of the energy infrastructure.

On the other hand, if all devices, communication protocols, and software platforms followed an open unified standard to interoperate, we could orchestrate a digital energy framework reliably. Additionally, investing in research and development initiatives aimed at advancing cybersecurity technologies specific to the energy sector is essential for staying ahead of evolving threats.

This includes the development of intrusion detection systems, anomaly detection algorithms, and security protocols tailored to the unique characteristics of EV charging infrastructure and battery systems. Finally, fostering a culture of cybersecurity awareness and education is critical for building a resilient energy ecosystem.

Training personnel on cybersecurity best practices and promoting a proactive approach to threat mitigation empowers individuals at all levels to play a role in safeguarding critical infrastructure against cyber threats.

As electric vehicles continue to reshape the energy landscape, ensuring the safety and security of battery arrays and their associated data is essential to keep our grid functional and safe.

By adopting a comprehensive approach encompassing digital security measures, robust encryption protocols, grid resilience enhancements, collaborative partnerships, open standards, technological innovation, and cybersecurity education, we can mitigate the risks posed by cyberattacks and erratic energy surges, thereby preventing serious blackouts.

About the author:

Hebberly Ahatlan is Intertrust's director of product marketing, with 15 years of experience in the tech industry developing go to market strategies. Early in his Silicon Valley career, he played key roles in promoting new generations of power management devices that fueled the miniaturisation of portable devices such as mobile phones.