The federal government has selected the National Cybersecurity Consortium to head up its four-year, $160-million Cyber Security Innovation Network, with a focus that includes critical infrastructure and networks — two areas with implications for EV security and adoption
The federal government is pushing forward with plans to strengthen Canada’s cybersecurity ecosystem, announcing last week that it has selected the National Cybersecurity Consortium (NCC) to run the new pan-Canadian Cyber Security Innovation Network (CSIN) program it originally announced last year.
The NCC, founded in 2020 by five Canadian universities (Concordia University, Ryerson University, University of Calgary, University of New Brunswick, and the University of Waterloo), is a not-for-profit organization that aims to lead cybersecurity innovation and talent development in Canada.
“We are thrilled that the Government of Canada has appointed the NCC to lead the CSIN program. We believe that under the NCC’s leadership, CSIN will become a major force for the advancement of cybersecurity innovation…and we are looking forward to working closely with all stakeholders as we build CSIN over the months ahead,” said the NCC’s executive group in a press statement.
In putting together its application to run the CSIN program last year, the NCC says it collaborated with more than 140 researchers from 35 post-secondary institutions, 16 large firms, 30 small- and medium-sized firms, 26 not-for-profit organizations and eight governments and governmental organizations across Canada.
The federal government, through the Ministry of Innovation, Science and Industry, is providing NCC with up to $80 million over four years to fund research on cybersecurity under CSIN. The not-for-profit organization is required to raise a matching amount, which it says it plans to achieve with the help of partners from the private sector, provincial, territorial, and municipal governments, not-for-profits, and academic institutions.
Focus on five areas of cybersecurity research
According to the NCC website, the research conducted by the network will focus on five areas of cybersecurity: critical infrastructure protection, network security, privacy and privacy-enhancing technologies, software security and human-centric cybersecurity.
While the NCC’s initial outline doesn’t specifically mention connected vehicles, EV chargers or any other connected EV infrastructure, there is obvious potential for multiple tie-ins to these areas of research. The need for continued development of security measures to protect connected vehicles and electric vehicle charging infrastructure from hacking is widely recognized in parts of the industry and related research communities.
In fact, in a paper published last month, researchers at Concordia (one of the NCC’s founding institutions) presented a thorough assessment of the security systems present in EV charging stations and found serious cause for concern.
Specifically, the study looked at 16 EV charging station management systems and discovered several ways hackers could jeopardize the cybersecurity of networks. Some of these actions included turning the charging process on or off at will; deploying malware to access user data; controlling multiple charging stations and using them to launch denial-of-service attacks against other connected devices, and having the ability to overload or underload the power grid which could cause a blackout.
The authors of the report, led by supervising author Chadi Assi, a professor at the Concordia Institute for Information Systems Engineering, found that charging operators and manufacturers are aware of these security weaknesses, but have not yet addressed them.
“We believe that such insecure design/implementation could be linked to several factors. For instance, EV technologies are relatively new yet rapidly growing,” the paper states. ‘Therefore, vendors might be prioritizing production to keep up with the competition and the significant market demands while overlooking some security requirements by investing less time and effort to conduct in-depth security analysis and evaluation.”
National network of expertise
Whether CSIN researchers will take up this particular topic remains to be seen. When the federal government announced its plan in 2021, its stated aim for the CSIN was to “create a national network to be led by Canadian centres of expertise in cybersecurity” that would support cybersecurity research and development, increase commercialization, develop skills and talent training and help expand the country’s leadership in cybersecurity innovation through government, industry and academic collaboration.
- Address businesses and citizens’ growing demand for cybersecurity solutions which accelerated during the COVID-19 pandemic due to remote work and rapid digitization;
- Support research and development in cybersecurity by encouraging collaboration between Canada’s post-secondary institutions, the private sector and other partners in order to accelerate the development of innovative cybersecurity products, processes and/or services;
- Accelerate the commercialization of cybersecurity products, services and/or processes;
- Diversify, deepen and expand Canada’s cybersecurity pipeline of talent through the recruitment and retention of faculty, trainers, and instructors; and
- Provide more resources to curriculum development, training, reskilling and upskilling of the cybersecurity workforce through initiatives designed and delivered in collaboration with industry partners.
“Demands on the digital economy continue to rapidly grow, and cybersecurity is an ever-increasing concern for Canadians and Canadian businesses,” said François-Philippe Champagne, Canada’s minister of innovation, science and industry in a press statement.
“That’s why it is vital to support and invest in a strong, secure and resilient Canadian cyber ecosystem. “
Concerns may hinder EV adoption
Looking at the list of planned CSIN activities, the point about providing solutions to concerns from business and citizens could have direct relevance to EV-related cybersecurity. For example, according to Concordia’s Assi, such concerns have the potential to discourage people from adopting electric vehicles.
“Researchers understand that there is nothing that is 100 per cent security proof — there is always going to be ways for bad actors to exploit a vulnerability…But look, Microsoft has been around for over 40 years and even up until today, they tell you that they found a new vulnerability and send a patch to fix that vulnerability. So [charging] vendors have to continue doing the same. They will have to continue monitoring their products and they have to keep strengthening the security,” says Assi in an interview with Electric Autonomy.
Moving forward, Assi adds that Concordia will be part of a holistic three-year study funded by Hydro Québec and the federal government to research the security of the EV charging ecosystem.
“In the next 10 years, we will be expecting a huge rise in the number of electric vehicles and we need to prepare, otherwise we cannot wait until the security problem occurs and then start looking for solutions,” says Assi.