Connecting electric vehicles to the national power grid could open the door to cyber attacks and widespread power outages unless regulators get the security settings right early, experts warn.
Despite a national consultation paper on Australia's transition to electric vehicles, energy experts said the cyber security implications of the move had yet to be flagged in the discussion and needed to be prioritised.
Before speaking at the Australian Cyber Conference in Melbourne on Thursday, Electric Vehicle Council energy and infrastructure head Ross De Rango told AAP tackling the issue was vital to preventing costly or damaging outcomes.
Australians would use roughly 40 per cent more electricity after wide adoption of electric vehicles, Mr De Rango said, and charging them at once and during peak times could be calamitous.
While energy companies could schedule or "orchestrate" vehicle charging, like hot water systems, he said connecting this technology to the national grid could introduce new security threats.
A hacker could, for example, exploit security flaws to force all vehicles to charge at the wrong times to create power outages.
"What happens if we are building a system where all of the EV charging normally happens at the right time and a malicious actor gets involved and all of a sudden the EV charging happens at the wrong time?" he said.
"That's where cyber security comes into it."
Mr De Rango said security holes could be exploited in software by vehicle manufacturers, charging equipment, software providers, or energy companies, unlike traditional power connections.
"If you want to spoof (the current) signal then you need to climb a power pole with a set of alligator clips," Mr De Rango said. "The likelihood of an external malicious actor being able to do that is negligible.
"If we have a future where the means of connection and control is via the internet, there is a threat surface there that doesn't exist right now."
In addition, BlackBerry Asia Pacific and Japan engineering director Jonathan Jackson said security flaws had already been identified in electric vehicle charging equipment overseas.
A study conducted by Carlos Alvarez College of Business in the US identified "significant" security holes in 13 out of 16 EV charging stations, including missing authentication standards.
"The vulnerabilities just in the software alone on EVs is showing we've got a long way to go at a global level, not just in Australia, to ensure the security of the energy system," Mr Jackson said.
"We don't actually have a choice here. If we've got the stated gain of EVs helping us to drive to net zero (emissions), we are absolutely going to need to tackle this head-on. It's a matter of if, not when."
Mr Jackson also pointed to recent ransomware attacks on energy suppliers, including Queensland's CS Energy in November 2021 and America's Colonial Pipeline in May, as proof the national grid could be targeted.
But protecting Australia's power network was achievable, he said, if regulators acted early.
"This is an addressable issue but we do need to talk about it now," he said.
"Once all the buildings have got smart EV orchestrated, it's going to be incredibly costly for everyone to bolt (security) on afterwards."
The Australian government's National Electric Vehicle Strategy consultation paper will accept submissions until October 31.
