Attack Design for Maximum Malware Spread Through EVs Commute and Charge in Power-Transportation Systems

The growing number of electric vehicles (EVs) on the roads led to a wide deployment of public EV charging stations (EVCSs). Recent reports revealed that both EVs and EVCSs are targets of cyber-attacks. In this context, a malware attack on vehicle-to-grid (V2G) communications increases the risk of malware spread among EVs and public EVCSs. However, the existing literature lacks practical studies on malware spread in power-transportation systems. Hence, this article demonstrates malicious traffic injection and proposes strategies to identify target EVCSs that can maximize physical malware spread within power-transportation systems. We first show the feasibility of injecting malicious traffic into the front-end V2G communication. Next, we establish a model that reflects the logical connectivity among the EVCSs, based on a realistic framework for large-scale EV commute and charge simulation. The logical connectivity is then translated into a malware spread probability, which we use to design an optimal attack strategy that identifies the locations of target EVCSs that maximize the malware spread. We compare malware spread due to random, cluster-based, and optimal attack strategies in both urban (Nashville) and rural (Cookeville) U.S. cities. Our results reveal that optimal attack strategies can accelerate malware spread by $10\%$ – $33\%$ .