EVs receive regular ‘over the air’ updates, making them vulnerable to unauthorized access and control. This is an unacceptable risk where these vehicles are being used by those who own and operate our Critical Infrastructure.
The movie “Leave the World Behind,” offers a sobering reminder of how deeply reliant we are on technology. In a thought-provoking scene, hundreds of self-driving EVs – remotely controlled and externally programmed – home in on the same location and smash into one another, creating danger and shutting down roads. But could such a scenario really unfold? Sadly, the answer is yes.
We inhabit an increasingly unstable world. Conflicts rage in Ukraine, Gaza, and the wider Middle East to name a few. A new Cold War simmers between the United States and China, marked by economic sanctions and digital warfare. Unlike the Cold War of the 1950s-80s, today’s conflicts leverage malware, cyber espionage, ransomware, and AI-driven cyber-attacks.
An effective cyber-attack on Critical Infrastructure can cause significant disruption and harm – however control is generally quickly regained after an attack. But what if bad actors could actually remotely control a machine operating within Critical Infrastructure facilities – like cars?
We should applaud the efforts of Critical Infrastructure owners and operators to decarbonise, including by investing in new fleets of electric vehicles. But we must ask: How can we ensure local control of an EV remains complete and inviolate? How can we be certain there is no “digital back door” which enables the vehicle maker to take control of an EV operating within Australia’s Critical Infrastructure assets? Unfortunately, we cannot be certain.
The question then comes down to the owners and operators of Australia’s Critical Infrastructure deciding which international supply chains they can ultimately trust. Consider connected vehicles receiving over-the-air software updates. Often, users are unaware of these updates, their content or impact. This creates an unacceptable risk where Critical Infrastructure is involved.
Imagine EVs being remotely controlled to act as self-guided missiles at an airport, port, or power plant. I hope we never face a conflict like the one depicted in “Leave the World Behind,” or worse, a clash between nations with different forms of government and different values. However, if such a nightmare did unfold, the first line of attack will likely be a coordinated disruption of civil infrastructure. Disabling an opponent’s ability to sustain itself is crucial in modern conflict.
Directing connected electric vehicles by remote control to cause havoc in Critical Infrastructure facilities could become a new battlefield tactic. We must address this risk now, before it becomes an unmanageable reality
