Power and Tension: The Cyber Security Problems of Military Electrification
What would it take for someone to hack a tank? Modern Western militaries may well be about to find out. The militaries of the United States, Germany, France, the United Kingdom, Australia, and other powers are contemplating the gradual introduction of electric vehicles into their motorized fleets. These initiatives are linked to national decarbonization strategies and are also meant to modernize these fleets for the future of warfare. However, electrification also entails an important and underestimated challenge: cyber security.
Indeed, future electric military vehicles are likely to include numerous computerized onboard systems and will be dependent on a charging infrastructure that is likely to be highly connected. This revolution in the making creates new possibilities for adversaries, who may soon attempt to compromise modern vehicles to gather strategically sensitive information or to undermine operational effectiveness. How could such situations materialize? What impact could they have on a state’s defense apparatus? And how can armed forces be better prepared to meet this challenge? Cyber attacks targeting “smart vehicles” could ultimately put lives at risk or destabilize power grids, among other realistic scenarios. Various measures are already available to modern militaries to tackle such challenges, which include the adoption of a secure-by-design approach, securing the cyber supply chain, and increasing the protection of data flows.
What We Mean by Electrification
Electricity as a source of mobility for armed forces is bound to soon become a reality. With a value of $5.8 billion in 2023, the global market for military electric vehicles is expected to double by 2027. There are generally three main areas of innovation that can be currently observed in the field of military mobility, each raising distinct cyber security issues.
The first area pertains to the adoption of all-electric vehicles by military organizations. Currently, this transition is focused on fleets of “rear” vehicles — in other words, support vehicles used on bases and certain light transport vehicles. This is what some countries, such as Canada, are currently prioritizing. Nevertheless, a small number of projects aimed at developing electric combat vehicles are also being conducted for specific weight classes. In the United States, General Motors Defense is currently developing an all-electric infantry squad vehicle, while the U.S. Army contemplates the adoption of an electric light reconnaissance vehicle. In addition to reducing the carbon footprint of militaries, these initiatives also offer the opportunity to partially reduce dependence on a global oil market whose flows and prices remain largely subjected to the turmoil of geopolitics.
A second area of innovation pertains to the progressive hybridization of heavier combat vehicles. For now, this mainly involves converting existing platforms to a “full hybrid” type of drivetrain (although the adoption of plug-in hybrid vehicles is also in consideration). The U.S. Army, for example, is currently working on a hybrid version of the Stryker armored vehicle and even, in the longer term, of the Abrams main battle tank. In addition to the expected gains in energy efficiency, these innovations may offer a number of tactical advantages: The reduced thermal and noise footprint induced by a partially electric motorization could increase the stealth (and hence survivability) of troops on the battlefield. The high-performance batteries specific to hybrid vehicles could also contribute to increasing the endurance of units dedicated to “silent watch” missions, which mobilize surveillance equipment over long periods of time but at a standstill.
Finally, a third major development, which partially overlaps with the previous two, pertains to the growing connectivity of military vehicles, whether electric, hybrid, or entirely fuel-powered. This includes the introduction of civilian electric vehicles into rear fleets that, by design, are highly computerized and connected (notably to the internet). At the same time, there is a growing number of programs aimed at developing “smart,” optionally manned, or even autonomous military vehicles, many of which are destined to include an electric motorization. In the United States, the infantry fighting vehicle destined to replace the Bradley will reportedly be both optionally manned and hybrid-motorized. It is important for the United States and allies to consider how these major changes in military mobility may raise cyber security issues.
Cyber-Sensitive Vehicles
Vulnerability to cyber threats is not unique to electric vehicles. Combustion-powered vehicles can also be hacked — as a number of experiments conducted over the past few years have shown — but this largely depends on the degree of computerization and digitization. Onboard electronics and their connectivity underpin the fragility of a vehicle. As the average road vehicle today includes up to 100 million lines of code in its onboard software, cars are increasingly resembling four-wheeled computers.
The expansion of onboard electronics has also increased the complexity of the automotive supply chain. Connected vehicles now incorporate a large amount of software that frequently requires updates and is designed by a variety of suppliers. In 2020, Volkswagen estimated that 90 percent of the code integrated into its vehicles had been developed by up to 50 third-party companies. The cyber supply chain for connected vehicles, in other words, is extended and represents a possible threat vector. By attacking a small software supplier, hackers could, for example, booby-trap an update destined to be injected into thousands of vehicles. Added to this is the inherent dependence of electric vehicles on a charging infrastructure that is also increasingly computerized and “smart,” thus introducing an additional vector for infection.
These various shifts adopted by the automotive industry thus create “cyber-sensitive” vehicles with two types of vulnerabilities. The first vulnerability is generated by an overall increase in onboard electronics. The second vulnerability is the dependency of electric vehicles on increasingly connected charging infrastructure.
Data Circulation
There are a number of risks that stem from the overlap between electrification and connectivity of vehicles. Whether electric and connected vehicles at the rear, or future “smart” weapon systems potentially deployed on the frontline, many military vehicles are called upon to collect and exchange more and more data. Indeed, modern vehicles incorporate an increasing number of sensors whose transmitted signals, if intercepted, could deliver valuable intelligence to an adversary. This information could include a vehicle’s position and movement patterns through geolocation, messages exchanged via its onboard devices, conversations held through handsfree car kit, images filmed by rear-view cameras, and so on.
Hacking into connected military vehicles could be used to spy on senior officers, track unit movements, or locate and monitor sensitive installations. While such threats may appear hypothetical, they are taken very seriously by some militaries — since 2021, the People’s Liberation Army has banned Tesla vehicles from its installations, fearing that their onboard cameras could be hacked for espionage purposes.
Although this issue appears limited to commercially available vehicles at the moment, it may soon extend to military-grade vehicles. In the United States, some have called for the adoption of electrically powered and highly connected Tesla-like combat vehicles. Such a development would raise major operational security challenges. However, it is important to note that there is increasing interest in using vehicle sensors as data farms to feed and train AI models for the military.
Intruders Aboard
Another threat to consider is the integrity of onboard systems. In addition to generating data flows, onboard electronics also fulfill various tasks, some of which extend to the physical control of the vehicle itself. These may include turning headlights on or off depending on visibility, emergency braking when an obstacle is detected, etc. Unsurprisingly, this expansion of vehicle telematics creates various potential channels for hackers to gain access. In 2015, American hackers made headlines when they managed to hack into a Jeep Cherokee and remotely control its transmission, steering wheel, and brakes.
Such scenarios suggest that hackers could endanger the lives of passengers or inflict damage to a vehicle. However, they are not the most likely, because such operations require considerable time, expertise, and the existence of specific computer vulnerabilities. Other variations of this kind of hacking appear easier to conduct and could thus prove more likely — for example, blocking a vehicle’s ignition system in order to reduce the availability of a military’s motorized fleet. Such scenarios are considered plausible, so much so that in early 2024 French units simulated the neutralization of a forward-deployed Griffon armored vehicle after a cyber attack disabled its onboard systems, as part of the DEFNET national exercise.
The susceptibility of military vehicles to these kinds of threats will depend on their level of digitalization. Currently, these threats apply first and foremost to electric/connected vehicles of the rear, whose operational value is less critical. Yet, it is important to consider that cyber vulnerabilities already exist in commercialized vehicles and could be exploited against militaries equipped with tactical vehicles inspired by civilian models (such as the electric Hummer developed by General Motors Defense for the U.S. Army). The growing military interest for “smart” and optionally manned vehicles will also inevitably increase this threat. For example, in 2011, Iran took possession of an American surveillance drone by remotely hacking its GPS guidance system, tricking the drone into landing on an Iranian base. Although there are differences in the operation, tactics, and details of electronic and cyber warfare — and we provide many examples of both in the context of connected, hybrid, and electric military vehicles — the bottom line is that future ground vehicles based on similar technologies will be vulnerable. Technologies that are remotely operated are generally connected — and what is connected is hackable. Similarly, the increase in the number of plugged-in devices has resulted in more electromagnetic signatures and interference. Connected and potentially vulnerable is not a reassuring concept for militaries, automakers, and civilian users alike.
Charging Overload
There are also vulnerabilities associated to vehicle charging infrastructures, whether electric or plug-in hybrid. Highly computerized and frequently connected to the internet, charging stations represent another potential vector for cyber attacks. For instance, in early 2022, pro-Ukraine hackers compromised charging stations in Russia, rendering them unusable.
Various studies have shown that compromised charging stations could be used to extract sensitive data or inject malware into a vehicle as it charges. Furthermore, hacking into charging stations could also be used to interrupt or prevent a charging cycle, or even to alter the charger’s voltage in order to damage the vehicle. Malicious actors could therefore use the charging infrastructure to engage in espionage or undermine the availability of an army’s fleet of vehicles.
To be sure, militaries will aim to adopt charging infrastructures that have high security standards, however this may not be the case outside of the military base. In 2021, researchers found that civilian charging systems on the market had significant information technology vulnerabilities. These vulnerabilities may raise concerns when and if military vehicles are allowed to use civilian charging stations (at home or abroad) in certain contexts. Although one of the great benefits of electrification is the possibility to make the military logistical chain shorter and lighter, the issue of properly organizing and managing charging infrastructures has its own share of complexities.
Various studies have shown that a cyber attack designed to suddenly activate (or deactivate) a large number of charging points in a coordinated manner could destabilize the power grid and possibly lead to catastrophic consequences. Compromised charging infrastructures could thus also be used to destabilize or damage an entire power grid. In addition to the risks to the vehicles themselves, cyber attacks on charging systems could therefore also enable an adversary to partially disrupt or even sabotage the electrical supply of targeted states. Thus, it is important to consider that a military’s charging systems will be just as sensitive as selecting the electric vehicles themselves.
Secure, Test, and Encrypt
These various threats need not discourage armies from adopting electric vehicles in the future. They should, however, prompt serious reflection as to how best secure future connected military vehicles and their charging infrastructure. There are at least three main axes of risk prevention open to actors investing in electrification.
The first pertains to “security by design,” meaning that it is important to integrate cyber security imperatives and best practices into the design and development process of vehicles and charging systems. This can be achieved by proactively imposing strict standards and controls on manufacturers, for example by requiring the presence of onboard systems designed to detect cyber intrusion. This was one of the major lessons learned from the Jeep Cherokee experiment in 2015, during which researchers were able to tamper with and test their alterations of the vehicle’s software code without the system reacting to a highly atypical (and therefore detectable) activity. This approach may also include conducting thorough threat assessments in the beginning stages of vehicle or component design and ensuring that all software components are rigorously tested for vulnerabilities before deployment. Mandatory regular audits and updates may also help pre-emptively identify and mitigate potential vulnerabilities in software. A secure-by-design approach should be integrated at every stage of vehicle development and can help avoid such a scenario for future connected vehicles. Paired with encryption protocols, rigorous cyber security standards in design and manufacturing, and supplemented by mandatory update mechanisms, these procedures may offer protection to vehicles against threats throughout their lifecycles.
The “by design” approach also involves securing the cyber supply chain, to ensure that components and software for future vehicles are not only reliable but also come from trusted suppliers. In recent years, the United States has been hunting down Chinese-manufactured technologies that have surreptitiously integrated their weapons systems throughout the globalization of supply chains. A framework for secure cyber supply chains should include vendor vetting, continuous supply chain monitoring, and the promotion of collaboration with trusted vendors. Potential third-party vendors and suppliers of software and hardware components should be vetted. This could include background checks, security certification systems, and compliance with international cybersecurity standards. The U.S. Department of Defense’s Cybersecurity Maturity Model Certification 2.0 program may provide a useful framework to cater to enhancing secure cyber supply chains for defense vehicle-specific needs.
A second axis of prevention involves red teaming — that is, the use of “ethical” hackers to actively test the vulnerabilities of a system, in this case a vehicle. Penetration testing, for instance, mobilizes external hackers who are already well versed in a certain type of systems, to emulate the behavior of a potential attacker. The goal is to understand how to compromise a vehicle and help the designer remedy the identified flaws. Additionally, software updates or design modifications offer the opportunity to reassess a system’s security throughout its lifecycle. Red teaming can also include bug bounty programs, whereby a company commits to reward hackers who come forth and disclose (through a formalized process) software flaws discovered in its products. Bug bounties programs have spread to the automotive industry — for example, the Pwn2Own Automotive competition, held for the first time in Japan in January 2024, saw various teams of hackers present vulnerabilities discovered in Tesla or Ubiquiti and Emporia charging stations (for bounties up to $100,000). Adapted to the confidentiality requirements of the defense industry, these red teaming practices could greatly help secure future electric vehicles. On this front, the United States seems somewhat ahead of the curve. Although systems being researched in existing military bug bounty programs (such as Hack the Army) do not yet include vehicles, the Department of Defense already employs certified cyber security researchers to carry out penetration testing on certain weapons systems. These are good practices certainly worth expanding.
Finally, a third axis of prevention involves securing the massive data flows that connected vehicles are expected to transmit — reportedly up to 25 GB per hour for a civilian vehicle. In addition to the vehicles, the entire networked infrastructure is also a source of risk, including connected objects, remote update systems, and so on. The use of encryption technologies, in particular, is increasing in the automotive industry to ensure the confidentiality and integrity of data exchanged between the various nodes that constitute the network of a connected vehicle. To address these encryption-related challenges, it is important that states — and their cooperating allies — adopt advanced encryption and data protection measures. This may include, for instance, ensuring that data transmitted between vehicles is protected by end-to-end encryption.
The challenge, however, is maintaining encryption standards adapted to the constant progress made by hackers in this field. This could prove a challenge for military vehicles, whose operational lifecycle extends over 20 or 30 years. For example, the F-35 (the archetype of a protracted weapon program) is now facing cyber vulnerabilities that its original designers could not even have imagined. In this regard, data could be protected by quantum-resistant algorithms and dynamic encryption keys. A secure quantum-resistant environment will ensure that old and new data is protected through advanced encryption techniques. This year, the U.S. National Institute of Standards and Technology plans to release new post-quantum cryptographic algorithms and federal contractors will need to strengthen encryption through updated cryptographic standards. Another challenge will be to ensure the compatibility of encryption systems with those of allied platforms — or simply those of other services — with which an army will cooperate. Standardization and harmonization of systems will be a pervasive challenge in the military electrification process. The protection of data includes more than encryption alone. Data collection, curation, and sharing are an important part of modern conflict. As such, additional protection measures are needed to ensure that the people behind the data points remain safe. This could include anonymizing data or minimizing data collection to information that is directly relevant to the task or delivery of a service. These measures may reduce the risk posed by the exploitation of sensitive information.
Work With, Train Without
Other measures may also focus on risk mitigation at the more human and operational level, in order to maintain a certain cyber resilience within the armed forces. This may involve the preparation of contingency plans in the event of major cyber attacks on the fleet of electric/connected vehicles or their charging infrastructure. Armed forces need to define in advance the procedure to be followed in the event, for instance, of hackers neutralizing a unit’s GPS systems. This means making sure that reserves of topographical maps have been maintained, can be rapidly delivered to frontline units, and so on. Ideally, troops should also have been minimally prepared to navigate such contingencies. Based on this example, this would mean ensuring that soldiers are still able to read and use a paper map.
In this respect, the U.S. armed forces increasingly conduct exercises in digitally degraded environments, simulating the compromise of GPS or wireless communication systems. However, this practice should not just stimulate the reaction of mechanically switching back to “low-tech” methods and equipment. Indeed, one of the particularly pernicious characteristics of cyber attacks is their psychological effect. By simply instilling doubt about the integrity of a system, they can dissuade troops from using a wider range of capabilities, thus producing a result disproportionate to the actual effects of the hacking. Exercises in degraded conditions should ideally also seek to train units to identify and judge, quickly and with a high degree of confidence, which systems remain reliable and usable, which are actually compromised, and how fast can they be remedied. Although not focused on a cyber attack situation, a recent exercise conducted by U.S. Central Command mobilized software engineers who were embedded with operational personnel with the mission of modifying and adjusting the code of combat systems “on the fly” throughout the exercise. As cyber defense specialists and “conventional” troops do not always share the same background and work culture, practicing such cooperation is of utmost importance.
Setting the Bar High
This quest for resilience is ultimately rooted in an inconvenient yet inescapable truth — that electric vehicles simply cannot be rendered digitally unassailable. Cyber security is an intrinsically dynamic process, in which defenders and attackers perpetually develop responses to each other’s moves. Future electric/connected military vehicles, as well as their charging infrastructures, will therefore inevitably be subject to a constant updating process to remain secure.
The challenge for the defender, however, is to set the bar high enough from the outset to restrict the adversary’s freedom of maneuver as much as possible. As militaries find themselves in the global planning phase of electrification, now is the time to meaningfully consider the cyber security of future military vehicles.
This is not only about minimizing the number of actors capable of posing a threat (including non-state armed groups), but also about forcing the most capable adversaries to allocate significant resources to a potential attack — ideally, to such a degree that it presents an unattractive cost/benefit ratio. In other words, all the investments a country makes today to secure its military vehicles are probably all the investments an adversary will be unwilling to make tomorrow to try and compromise them.
Kristen Csenkey is a Ph.D. Candidate at the Balsillie School of International Affairs in Waterloo, Canada. She studies cyber governance and the management of emerging technologies.
Alexis Rapin is a research fellow at the Raoul-Dandurand Chair of Strategic and Diplomatic Studies, affiliated with the University of Quebec in Montreal. His research focuses on cyber security issues and the transformation of warfare.
This work was supported by a Department of National Defence Mobilizing Insights in Defence and Security Targeted Engagement Grant awarded to Csenkey. The authors would like to thank the anonymous reviewers for their feedback.
Image: ChatGPT
Comments are closed.