By 2040, internal combustion engine (ICE) cars will make up less than 1% of car sales. Well before then, sales of electric vehicles (EV) will overtake ICEs and are expected to dominate the market in the US, China and Europe by 2030.
While this may be good news for the environment, there are challenges to overcome. The EV market is still evolving and cybersecurity is a potential destabilizer. As hackers grow smarter and bolder, a vehicle that shares masses of data with charging stations can be an easy target for cyber-criminals.
With the huge increase in public charging stations, steps must be taken to secure the EV charging ecosystem. Without adequate security, the entire transportation and energy sectors will be vulnerable to attacks, putting critical infrastructure and lives at risk.
Public vs. Private Chargers: The Additional Risk
With the current number of EVs on the road, most drivers can fulfill their charging needs at home using their own electricity supply. But, this will change as EVs become more popular, and many people - especially those in apartment buildings - will not have the space or infrastructure to install a private charger. There will be a much greater need for larger numbers of public charging stations that can work at a higher capacity to meet demand.
The problem is that public charging stations are significantly more susceptible to cyberattacks than home outlets - they are connected to several communication networks and to the Internet to enable billing, for example. Each point of connection provides cyber criminals with a potential point of entry, and EV charging stations are quickly becoming the most likely targets of cyberattacks.
Compounding this problem is the fact that governments and municipalities are keen to respond to consumer demand and are in a rush to roll out more and more public EV charging stations. Without enough charging stations, people will be hesitant to buy EVs fearing that they will have to wait in long lines or be unable to drive long distances without running out of power.
In the attempt to roll out public charging stations faster, security features are being added after the fact, rather than taking the extra time to build a secure-by-design product that will better protect the infrastructure from cyberattacks.
What are the Dangers of Public EV Chargers?
Each EV and charger is part of the IoT in the following ways:
- Mobile devices and networks that control charging activity and payment processing.
- Digital wallets embedded in the vehicles for payments.
- Apps used to locate charge stations, manage billing and accounts, etc.
The different components communicate using APIs, each creating an additional potential cybersecurity vulnerability.
There are numerous potentially devastating outcomes of successful cyberattacks, including:
- Power fluctuations and outages
- Stranded drivers due to disabled EV charging infrastructure
- Thousands of vehicles loaded with malware via charging stations
- Stolen credit card and other financial information from those making payments
Ensuring a Secure EV Charging Ecosystem
All stakeholders involved in the EV ecosystem have a role to play in ensuring the sector’s security. The following are best practices for OEMs to consider:
- Hardware and Network Segmentation - Using trusted components and a partitioned architecture will prevent a breach or compromise in one sector from spreading to the others.
- Secure Software - Software in the EV ecosystem must be built securely and follow the “least privilege” design principle, ensuring that the software only has the permissions necessary to complete its intended tasks.
- Implementation of UNECE R155 - The UNECE World Forum for Harmonization of Vehicle Regulations created UNECE R155 that establishes guidelines to ensure that the production of new vehicles in the European Union and other countries will be more cybersecure. OEMs need to be sure they are compliant with this regulation by July 2024.
- Monitoring and Incident Response - EV charging station developers and operators must be prepared for the inevitable attacks and monitor for malicious activity. Managed detection and response (MDR) services should be evaluated, while in parallel a clear plan for attack response and communication should be created and documented to limit potential damage.
- Secure-by-Design - Security must be considered at every step of the EV charging station process - from software development to hardware deployment to final operations and updates. Secure-by-design devices are more resilient to cyber-attacks than devices with security patches added after the fact.
The Bottom Line
Hackers are getting smarter and bolder while threat vectors are widening. As vehicles evolve and are built to interact with charging stations, traffic lights, other vehicles, and more, hackers are taking every opportunity to attack. The best method of defense is creating secure-by-design products that will protect drivers and the entire ecosystem from the beginning.
Click here for more information on GuardKnox’s secure-by-design Communication Lockdown™ Methodology - a deterministic and ultra-secure automotive cybersecurity solution.