A Review of Cybersecurity Concerns for Transactive Energy Markets

Round 1

Reviewer 1 Report

 

 

 

1. ·       While providing an overview of cybersecurity gaps in TE markets, the review lacks in-depth analysis and discussion of existing solutions and research efforts. Include a critical evaluation of proposed solutions and their effectiveness in mitigating vulnerabilities.

   ·       Strengthen the review by integrating relevant related work. Incorporate references to surveys or studies addressing similar topics to provide a broader research landscape perspective.

   ·       The conclusion section briefly touches upon the importance of addressing gaps but lacks concrete recommendations or future research directions. Provide specific suggestions for researchers and practitioners to explore and mitigate cybersecurity challenges in TE markets.

   ·       Incorporating additional related papers has the potential to enhance the comprehensiveness and scope of your research. Therefore, I would like to propose the following papers for your review and potential inclusion in your study:

   o   https://mesopotamian.press/journals/index.php/CyberSecurity/article/view/44

   o   https://journals.mesopotamian.press/index.php/CyberSecurity/article/view/90

   ·       Ensure specific citations are included within the text to attribute ideas and findings to their respective sources. Maintain accuracy and consistency in the citation style throughout the paper. 

The language and style of the review are clear and concise overall. Improve sentence structures for better clarity and coherence where necessary, enhancing readability.

Author Response

Please find below our answers to the comments from the three reviewers. The main changes/additions to the PDF file are also tracked in blue. Many thanks for these useful suggestions and comments.

Reviewer #1

Concern #1

While providing an overview of cybersecurity gaps in TE markets, the review lacks in-depth analysis and discussion of existing solutions and research efforts. Include a critical evaluation of proposed solutions and their effectiveness in mitigating vulnerabilities.

Author response: This is a systematic review of academic literature, including its challenges and proposed solutions. This is not a critical evaluation of the proposed solutions and related effectiveness, which would require us to actually use them. Such evaluation would go well beyond the purposes of a literature review. Please note that several of the original papers surveyed do provide an analysis of their proposed solution.

Author action: In order to better manage expectations of the reader, we have added this sentence to the introduction: 

Note also that although several solutions addressing the surveyed cybersecurity concerns are also mentioned in this paper, it is beyond the scope of this literature review to evaluate the effectiveness of these solutions. Some of the surveyed papers further provide their own self-reported analyses and evaluations.

 

Concern #2

Strengthen the review by integrating relevant related work. Incorporate references to surveys or studies addressing similar topics to provide a broader research landscape perspective.

Author response: 

As this is a literature review, this paper already systematically covers the papers relevant for answering the research questions. If by “relevant related work” related surveys are meant here, then the introduction already positions this review against existing ones on transactive energy [1], on the use of blockchain and smart contracts in energy systems [3, 7], on power grid faults [8], and on security threats in legacy power grids [9,10]. 

We have however added eight new references to answer concerns raised by other reviewers, for a total of 64 references.

Author action:

We added and discussed new references (from outside our SLR) on security/legal issues in autonomous vehicles [40, 57] and control systems [58], on blockchain for DER management and integration [59] , on the integration of hardware security into blockchain-based TE platforms [60], on quantum security [42,61], and on microgrid energy markets [41].

 

Concern #3

The conclusion section briefly touches upon the importance of addressing gaps but lacks concrete recommendations or future research directions. Provide specific suggestions for researchers and practitioners to explore and mitigate cybersecurity challenges in TE markets.

Author response:

This section was originally written to be terse, so as not to run on too long with examples given the number of high-priority threats found. However, upon revisiting with your comment in mind, it is clear that this decision resulted in an overall lack of detail with regards to our recommendations. This comment was appreciated, and the section has been adjusted to include further detail about research directions for each high-priority threat.

Author action: We have updated the conclusion as follows:

For market attacks, we believe proactive attack detection and mitigation measures within the TE market / application layer should be researched. Existing literature on network security could likely be mined for techniques that identify malicious nodes and handle them in a more sophisticated manner than with access blocking. It is also possible that new techniques will have to be designed due to the ethical considerations related to power access, which could present an interesting research opportunity. 

Considering FDI, existing solutions are themselves vulnerable to additional threats, such as algorithm divergence. Efforts should be made to design FDIA countermeasures that are robust to such attacks.

SPOF is a critical structural threat and should be avoided with great effort, both to protect data as well as the availability of a vital utility. Improving this factor will require researchers to find ways around operations that have traditionally relied on centralized computation or trusted entities. This might include designing new power management protocols that are tailored to the distributed nature of TE, or discovering algorithms to decentralize existing operations (as was done with OPF [5]), both of which present exciting research opportunities.

Energy usage data is often ignored as a privacy element within the TE literature. However, we found it to be one of the most dangerous potential data leaks and feel that more robust solutions need to be crafted. Data anonymization techniques are insufficient due to the network topology; as such, future research should focus on methods of obfuscating or encrypting the data while maintaining its usefulness to relevant parties. This could be via improved aggregation techniques, which we discuss in Section 6.3, noising methods that preserve statistical qualities of the data, or some novel technique that suits the limited computing power and sensitive nature of the domain.

Finally, privacy research is found to be lacking overall in the TE literature. Additionally, many solutions that address privacy ignore practical outcomes of total anonymity and introduce their own problems with security and trust. Balance must be sought between anonymity and trust in order to establish a legitimate and fair market. Future work should focus on creating systems within TE markets that maximize consumer privacy without sacrificing traceability, an ideal that has not yet been met in our view

Concern #4

Ensure specific citations are included within the text to attribute ideas and findings to their respective sources. Maintain accuracy and consistency in the citation style throughout the paper.

Author response: We are using the MDPI template for citations (including \citet{} when authors are mentioned), so the style should be consistent and the author information precise.

Author action:

We added many more attributions. The paper now has 281 citations to 64 bibliographic items.

Reviewer 2 Report

I have recently completed my review of the manuscript, "A Review of Cybersecurity Concerns for Transactive Energy Markets," which was submitted for my consideration. This paper is a comprehensive exploration of the myriad cybersecurity issues that exist within the rapidly evolving domain of transactive energy markets. The authors delve into an array of potential threats and articulate a series of potential solutions. The timeliness of this research, particularly in the digital age we live in, is both commendable and vital. Nonetheless, there are several aspects which I believe would benefit from considerable revisions to amplify its overall quality, readability, and practical implications for the readers. My main points of concern are:

 

1.       The discussion on privacy in Section 7.5, while important, is currently quite broad. It might be beneficial to delve into specifics for a more nuanced understanding.

2.       Section 7.6 discusses market attacks but lacks details. It would be valuable to provide a more comprehensive description of these attacks and illustrate why they are uniquely pertinent to transactive energy markets.

3.       Non-Fungible Tokens (NFTs) are mentioned in Section 7.6, but the relevance to the discussion is unclear. It would be beneficial to clarify why this example was chosen and how it connects to the overall discussion.

4.       There is a reliance on potential attack vectors to assume various security issues. Unfortunately, empirical data to substantiate these assumptions are lacking. Including real-world examples or case studies would lend more weight to the arguments.

5.       Edge nodes are classified as a medium-level threat in Section 7.8, but the reasoning behind this classification could be clearer. Further elaboration on why edge nodes are deemed a medium-level threat would be beneficial.

6.       Please provide more information about related works. This will help readers better understand your contributions and the context of the current research. For example:

a)         Designing microgrid energy markets: A case study: The Brooklyn Microgrid. Applied energy, 2018, 210: 870-880.

b)         Experimental measurement-device-independent type quantum key distribution with flawed and correlated sources, Science Bulletin 2022, 67: 2167-2175;

c)          Attacks against process control systems: risk assessment, detection, and response, Proceedings of the 6th ACM symposium on information, computer and communications security. 2011: 355-366.

d)         Experimental quantum secure network with digital signatures and encryption. National Science Review, 2023, 10: nwac228.

7.       In Section 8, the brief discussion on threats to validity could be expanded upon. A more in-depth discussion would help readers fully understand the potential limitations and biases present in your research.

8.       A thorough proofreading of the manuscript is suggested to rectify any grammatical, spelling, or punctuation inaccuracies. Some sentences, particularly in Section 8, were hard to understand due to these issues.

Moderate editing of English language required

Author Response

Please find below our answers to the comments from the three reviewers. The main changes/additions to the PDF file are also tracked in blue. Many thanks for these useful suggestions and comments.

Reviewer #2

Comment #1

The discussion on privacy in Section 7.5, while important, is currently quite broad. It might be beneficial to delve into specifics for a more nuanced understanding.

Author response:

Thank you for this comment. We have updated the corresponding section in RQ1 (Section 5.5) for conceptual clarity, and have improved the detail in the response to RQ3 in section 7.5 to address your concern.

Author action:

Section 5.5 was updated to be more conceptually organized, namely by splitting it into subsections. This feature was then used to improve section 7.5:

As we noted in Section 5.5, there is an insufficient level of privacy consideration in the existing literature. The two main areas of privacy we discuss are market privacy and data privacy.

Solutions that address market privacy currently do so at the expense of traceability, and thus inhibit dispute resolution and tracking of criminal behavior. For example, TRANSAX [29] and other proposals present privacy solutions that disconnect a prosumer's identity from their trading history. This prevents attacks that rely on using trading history to predict features about the consumer, as well as discovering the identity of a trading partner. However, these proposed systems do not enable this connection under any circumstances; a desirable attribute for the consumer but one that prevents recourse altogether, even by the DSO.

Data privacy solutions are being proposed, such as those within the Electron Volt Exchange [4] that protect user constraints and bids. However, given the sprawling, complex nature of TEMs, there still remain gaps in data privacy (notably energy usage data, which we discuss in Section 5.3). Furthermore, there is a lack of consensus about which approaches best suit which applications, as data must be obfuscated while remaining useful to the requesting party. Some approaches employ noising techniques, others use algebraic transformation, just to name a few. Some of these techniques will be more appropriate for certain kinds of data than others, and until an optimum is realized protocols that treat data differently with respect to its operational function will need to continue to be developed.

 

Comment #2

Section 7.6 discusses market attacks but lacks details. It would be valuable to provide a more comprehensive description of these attacks and illustrate why they are uniquely pertinent to transactive energy markets.

Author response:

Details about how such attacks would be carried out were lacking in the literature, which focused on the kinds of outcomes that could potentially be achieved by an adversary given a particular ability (i.e. manipulating bids). These attacks are pertinent to TE markets for one of three reasons:

• The kind of data involved (i.e. energy usage)
• The possible outcomes (i.e. grid instability)
• How the structure of the TE system affects attack execution (i.e. manipulating a smart meter to falsify consumption metrics)

This is to say while we agree that Section 7.6 lacks detail in this area, it is as detailed as the literature would permit. More detail would require undue conjecture by the authors that would not necessarily be natural conclusions drawn purely from the literature.

Author action:

We clarified Section 5.6 as follows:
Unfortunately, details about such technical execution were lacking in the literature, which instead focused on the kinds of outcomes that could potentially be achieved by an adversary, assuming they had some particular ability within the system (i.e,. manipulating bids). The attacks aggregated here have particular relevance to TE markets for one of three reasons:

• The kind of data involved (i.e., energy usage)

• The possible outcomes of an attack (i.e., grid instability)

• How TE structures might affect an adversary's approach (i.e., manipulating a smart meter to falsify consumption metrics).

 

Comment #3

Non-Fungible Tokens (NFTs) are mentioned in Section 7.6, but the relevance to the discussion is unclear. It would be beneficial to clarify why this example was chosen and how it connects to the overall discussion.

Author response:

NFTs were invoked as an example of the disastrous results that can occur in an unregulated distributed market that shares some properties with TE to motivate more stringent practices in TE development. This point has been made clearer in the text.

Author action: 

We added this precision to the last paragraph of Section 7.6:

(examples of which have been seen in the Non-Fungible Token space [7], an unregulated market with vulnerabilities similar to TE’s that we discussed briefly in Section 5.12)

 

Comment #4

There is a reliance on potential attack vectors to assume various security issues. Unfortunately, empirical data to substantiate these assumptions are lacking. Including real-world examples or case studies would lend more weight to the arguments.

Author response:

The lack of empirical data is cited as one of the external threats to validity in Section 8, as there are not many real-world examples to draw from.

Author action:

This point has been made clearer in Section 8. See answer to Comment #8.

Comment #5

Edge nodes are classified as a medium-level threat in Section 7.8, but the reasoning behind this classification could be clearer. Further elaboration on why edge nodes are deemed a medium-level threat would be beneficial.

Author response:

Edge nodes were classified as a medium-level threat because, on one hand, they have the unique quality of being positioned very dangerously in many proposals while, on the other hand, they are not being strictly necessary in TEMs. Many of the risks associated with them can be avoided with clever design, but this is not always employed. As a high risk threat that can be avoided with caution, we concluded with an overall medium priority. If edge nodes were a strictly necessary component, like smart meters, then they would have received a higher rating. This was not clear in the text, and your comment is appreciated. The text has been augmented to make this argument clearer.

Author action:

Updated section 7.8:

Edge nodes often perform tasks that require sensitive data. Combined with the fact that they are typically independently operated nodes, they can be seen as a significant security threat. Indeed, edge nodes are only as secure as the systems that use them, and there are many examples in the literature of edge nodes being deployed insecurely in TEM architectures.

However, despite often being employed to augment the TEM computing environment, edge nodes are not a mandatory component of a TEM infrastructure. Additionally, existing solutions to edge node concerns, such as distributing authority, reputation mechanisms, and incentives, are fairly comprehensive (Section 6.8). For these reasons, we do not consider edge nodes to be a top security priority for TEM designers, and we hence classify them as a medium-level threat.

 

Comment #6

Please provide more information about related works. This will help readers better understand your contributions and the context of the current research. For example:

• Designing microgrid energy markets: A case study: The Brooklyn Microgrid. Applied energy, 2018, 210: 870-880.

• Experimental measurement-device-independent type quantum key distribution with flawed and correlated sources, Science Bulletin 2022, 67: 2167-2175;

• Attacks against process control systems: risk assessment, detection, and response, Proceedings of the 6th ACM symposium on information, computer and communications security. 2011: 355-366.

• Experimental quantum secure network with digital signatures and encryption. National Science Review, 2023, 10: nwac228.

Author response:

Thank you for the additional resources; with them we felt there was enough material to justify the inclusion of a new threat (Communication Security) that had previously been excluded.

Author action:

Added new sections for Communication Security, namely: 5.14, 6.14, and 7.14

5.14 Communication

Although it is not explicitly mentioned often, networking protocols and communication devices provide a substantial attack surface for TEM cybersecurity. 

Mengelkamp et al. [41] note that even a secure smart meter and TE system can be undermined by an insecure communication network. In a similar vein, the authors of TRANSAX, Eisele et al. [29], point out that communication privacy is a baseline foundation that must be present in order to provide privacy and anonymity in a distributed application. Finally, Mbarek et al. [33] discuss the particular risk of the operating environment that TE components are deployed in. They note that smart meters and other sensors collect data on the customer premises, an open environment, and communicate via wireless protocols. These factors, as well as the sensitivity of the data in question, make them especially likely cyberattack targets, both in terms of appeal to hackers and vulnerability. 

Another consideration is the security of the blockchain itself. While this is often taken for granted, the blockchain’s security posture is based on the difficulty of cryptographic operations, as we discussed in Section 2.3. A looming concern is that the development of increasingly powerful quantum computers will render cryptography based on prime factorization – currently the most popular cryptographic technique – virtually insecure. This is a problem for systems built on top of blockchains that employ this kind of cryptography, as the integrity of the system’s records will be nullified if difficult hash puzzles can be solved at will.

6.14 Communication

As stated in RQ1, network security is not frequently referenced in TEM proposals. Solutions referenced typically exist outside the TE domain, such as onion routing, garlic routing, or the Matrix protocol [29]. Laszka et al. [13] also claim to provide communication anonymity with their protocol, PETra. 

In order to address the threat of quantum computers, efforts have begun to produce the next generation of cryptography which will be impenetrable even to quantum algorithms, with these techniques being generally referred to as “quantum-safe cryptography”. Yin et al. [42] go further by developing a quantum-secure network, laying the foundation for future quantum-safe blockchain technology. This technology will require continued development before it can be integrated into TEMs.

7.14 Communication

Although we noted in Section 5.14 and Section 6.14 that network security has not been a strong consideration for TE researchers thus far, we do not consider it a priority remaining issue for TE research. This is due to the fact that network security is already a richly researched field outside of the context of TE; as Eisele et al. [29] note, communication security research is orthogonal to TE security research. Similarly, cryptography research is a field that supports TE development, rather than being a subset of it. TE resources would be better spent enhancing the security of TE protocols and applications to reduce the impact of potentially insecure communication devices.

 

Comment #7

In Section 8, the brief discussion on threats to validity could be expanded upon. A more in-depth discussion would help readers fully understand the potential limitations and biases present in your research.

Author response:

The problem with this section arose from the quality of the writing of external threats to validity. The points being made were not clear giving the impression of a lack of analysis; this has been addressed in the next comment.

Author action:

See next comment (#8).

Comment #8

A thorough proofreading of the manuscript is suggested to rectify any grammatical, spelling, or punctuation inaccuracies. Some sentences, particularly in Section 8, were hard to understand due to these issues.

Author response:

Upon rereading the section on external threats to validity was indeed poorly written; these sentences have been restructured to make their core points clearer. We have also made several small changes throughout the paper.

Author action:

Rewrote section on threats to external validity:

The relatively narrow subject of this review, namely cybersecurity concerns that affect TEMs that use blockchains, presents a limitation in terms of available research. TE and blockchains are both relatively new fields. Among papers that fall into this category, many include little to no security analysis. Often, security concerns that were discussed were those that were addressed by including a blockchain, i.e., concerns that were not relevant to our review.

Perhaps just as impactful is the limited real-world deployment of TE systems. Most of the systems investigated for this review are in the proof-of-concept stage, meaning that they have not been tested in the wild, leading to a paucity of empirical data. It is difficult for researchers to predict which attacks will be most feasible or rewarding for hackers, but this is the analysis which we must rely on until TEMs are implemented broadly. As such, it is likely that some weaknesses have gone unnoticed, leaving gaps in security solutions.

Reviewer 3 Report

The paper reviews, classifies, and analyzes a number of studies found in the literature regarding cybersecurity threats associated with transactive energy applications that are built on distributed ledger technology.

The paper is nice and interesting; however, I have several concerns:

In Figure 1 the authors assume that each paper fits only one category. There might be papers that fit more than one category.

In section 5.4 the authors write about "51% Attack". They write "A successful 51% attack would enable the attacker to insert fake transactions", so actually this category is a sub-category of "False Data Injection". Why did they create a distinct category for that?

In Figure 2 and Figure 3 it is unclear why there are arrows that generate a circle in the blockchain.

In Figure 3 what are the unlabeled shapes of computers?

The authors write "Roaming electric vehicles (EV) present unique challenges for grid integration. Shuaib et al. [16] propose that DLT could be integral to supporting the integration of dynamic EVs into the electrical grid.". There are also other places in the paper that EVs are mentioned. However, the authors completely ignore autonomous vehicles. In Wiseman, Y. (2022). "Autonomous vehicles", In Research Anthology on Cross-Disciplinary Designs and Applications of Automation, pp. 878-889, available online at: https://u.cs.biu.ac.il/~wisemay/chapter43.pdf  ,  it is written "In the future, almost all if not entirely all the vehicles will be exclusively controlled by computers. If the software is not perfect and some flaws make the software vulnerable, smart hackers might be capable to unlawfully interfere with the vehicle software, so they will be able to harm the vehicle or even worse harm the vehicle occupants. In addition, a new version of car thefts may possibly be a fleet of autonomous vehicles thefts. ". Also in Channon, M., & Marson, J. (2021). "The liability for cybersecurity breaches of connected and autonomous vehicles", Computer Law & Security Review, 43, 105628 , the authors write "Hacking therefore can cause substantial damage and represents a significant caveat to the projections that the proliferation of autonomous vehicles". I would encourage the authors to cite the book chapter and the journal paper and expand their discussion from only EV to autonomous vehicles as well.

Author Response

Please find below our answers to the comments from the three reviewers. The main changes/additions to the PDF file are also tracked in blue. Many thanks for these useful suggestions and comments.

Reviewer #3

Comment #1

In Figure 1 the authors assume that each paper fits only one category. There might be papers that fit more than one category.

Author response: 

Figure 1 only presents the threat taxonomy; it does not classify the paper yet. Table 2 however shows that some threats are covered by many papers, and that some papers cover many threats.

Author action: 

We added a clarification before Table 2:

Please note from Table 2 that some threats are discussed by many papers, and that some papers discuss many different threats.

Comment #2

In section 5.4 the authors write about "51% Attack". They write "A successful 51% attack would enable the attacker to insert fake transactions", so actually this category is a sub-category of "False Data Injection". Why did they create a distinct category for that?

Author response:

Although a 51% attack can be used to inject false data, it is more importantly characterized by how the attack is carried out - i.e. by taking over a majority of a blockchain’s nodes / computational resources. In addition, it represents a threat against blockchains that is very particular to this domain, so we feel that it is justified in having its own section. Your comment is appreciated, and additional explanation has been added to make this clearer in the text.

Author action:

We added this sentence to the first paragraph of Section 5.4:

While this attack can have outcomes similar to those of a false data injection attack (FDIA), its method of execution relies on an attack on the blockchain network as a whole -- something that is generally taken for granted as secure by designers. This distinguishes the 51% attack from other methods of FDI.

Comment #3

In Figure 2 and Figure 3 it is unclear why there are arrows that generate a circle in the blockchain.

Author response:

This visualization is a convention used throughout the literature, to suggest the distributed and replicated nature of the blockchain (as data storage between computers, rather than on a single machine). 

Author action:

None.

Comment #4

In Figure 3 what are the unlabeled shapes of computers?

Author response:

These were all meant to represent microgrid controllers, but the diagram has been relabeled to reduce ambiguity, and the caption was improved.

Author action:

We labeled all computers in Figure 3, and changed the caption to: Visualization of the DLT-based patch system proposed by Lin et al. [3], with the threat detection and notification (left) followed by the solution discovery and dispatching (right).

Comment #5

The authors write "Roaming electric vehicles (EV) present unique challenges for grid integration. Shuaib et al. [16] propose that DLT could be integral to supporting the integration of dynamic EVs into the electrical grid.". There are also other places in the paper that EVs are mentioned. However, the authors completely ignore autonomous vehicles. In Wiseman, Y. (2022). "Autonomous vehicles", In Research Anthology on Cross-Disciplinary Designs and Applications of Automation, pp. 878-889, available online at: https://u.cs.biu.ac.il/~wisemay/chapter43.pdf  ,  it is written "In the future, almost all if not entirely all the vehicles will be exclusively controlled by computers. If the software is not perfect and some flaws make the software vulnerable, smart hackers might be capable to unlawfully interfere with the vehicle software, so they will be able to harm the vehicle or even worse harm the vehicle occupants. In addition, a new version of car thefts may possibly be a fleet of autonomous vehicles thefts. ". Also in Channon, M., & Marson, J. (2021). "The liability for cybersecurity breaches of connected and autonomous vehicles", Computer Law & Security Review, 43, 105628 , the authors write "Hacking therefore can cause substantial damage and represents a significant caveat to the projections that the proliferation of autonomous vehicles". I would encourage the authors to cite the book chapter and the journal paper and expand their discussion from only EV to autonomous vehicles as well. 

Author response:

While we feel that concerns regarding autonomous vehicles stray a bit too far from the intended focus of the review, we agree that better attention can be paid to EVs in the paper.

Author action:

We have updated the document with EV integration as a standalone threat, and thus included three new subsections for them in RQ1, RQ2, and RQ3 (namely, 5.13, 6.13, and 7.13):

5.13. Electric Vehicles

Electric vehicles (EVs) present some unique challenges in the TE domain. They form a new attack surface for adversaries, who can use EVs as a vulnerability to affect grid operations, as noted by Barreto et al. [32]. Malicious EV users could also misuse their own vehicle for such purposes [8]. Additionally, the ability for hackers to exploit vehicles with autonomous capabilities can lead to extremely harmful outcomes, ranging from damaging the vehicle to serious injury or even death [40]. The concern is that connecting to a TE when roaming charging could present a novel attack vector for hackers to target autonomous EVs. This concern is only going to become more relevant as vehicles continue to adopt autonomous driving features [57].

EVs also suffer from familiar challenges. Mollah et al. [30] note that EVs are subject to many of the privacy concerns of smart meters, including leakage of identifying information [4] and energy usage data, as well as some novel concerns such as location data. These concerns can also be exacerbated by the fact that EVs may have to connect to different TE networks depending on where they are charging.

In fact, this leads to probably the most unique concern associated with EVs. Unlike smart meters connected to homes, EVs may wind up charging in a TE network operated by a different DSO. This presents a two-sided challenge: the DSO does not have the required information to authenticate the EV, and sharing personal information with a foreign DSO represents a privacy risk for the EV [16,17].

 

6.13. Electric Vehicles

Regarding charging outside of an EV’s home network, Khan and Masood [17] reference a mutual authentication scheme that disguises the EV’s information from the supplier of energy, while still maintaining safety requirements.

In terms of privacy, many schemes have been proposed to facilitate privacy-preserving energy trading between EVs, some of which are found in [4,17,59,60].

From what we observed, attention has not been given to the particular problem of EVs disrupting stability intentionally. This makes sense since this concern is present in many DERs, and as such research to prevent load imbalances as a result of malicious behavior would be device-agnostic.

7.13. Electric Vehicles

Although EVs present a unique challenge in terms of integration into the energy market, their cybersecurity implications are not as significant. In terms of presenting a novel attack surface within the market, they share this property with other innovations such as RESs, BESSs, and smart meters. For this reason, EVs cannot be singled out as presenting a uniquely concerning safety threat to the stability of the system.

Solutions were not discovered for preventing TE-to-EV hacking, however, this is considered external to the TE domain, and vehicle cybersecurity should be handled by automakers.

The other main concern is user data management when roaming. While this does present some design challenges, the nature of roaming charging also makes this data less threatening than, say, SM energy usage data, which gives adversaries insights into a user’s home. Additionally, this problem has received considerable research attention. For these reasons, we classify EVs as a low-level threat overall.

Thank you all for this useful and constructive feedback!

Round 2

Reviewer 2 Report

The authors addressed all my issues and the manuscript should be accepted for publication.

 Minor editing of English language required

Reviewer 3 Report

The authors made a decent effort and the paper is certainly publishable so I would recommend accepting the paper.