EV Charging Cyber Security
As we move towards a world of lower carbon emissions Electric Vehicles (EV) are becoming ever more popular. As well as cutting carbon output they also have lower running costs, lower maintenance and some generous tax breaks (currently at least). In the rush towards all electric has industry stopped to truly consider the cyber security risks this may create.
Both manufacturers and cyber security professionals need to consider the end-to-end risks, all the way from the car itself back to the electric grid. In doing so they need to consider cyber risks ranging from secure remote infrastructure management to ensuring charger firmware updates are legitimate.
The electric car is fast becoming as an autonomous robot on wheels, or a supercomputer on wheels. The cars can accelerate, brake and steer autonomously to avoid accidents and offer advanced cruise control. In theory a cyber attack could in the worst-case scenario cause accidents by taking away control from the driver. We need to consider very seriously how such scenarios can be avoided.
There are many data privacy issues to consider also. More and more personal data is being sent back from the car to the manufacturer, such as routes taken or video data from inside and outside the car. This is being used to calculate insurance risks/pricing and car security. Again, we need to be confident the manufacturers are protecting this data and not sharing it inappropriately.
When a car charges at a supercharger it draws a large amount of energy from the grid, if a cyber attacker gains control of this charging functionality they could cause energy and load management disruption to the local electricity supply or even worse a national impact depending on the number of EV chargers compromised.
The charge point operator will also need payment for the electricity used. They will have customer payment information that they need to secure. They also need to ensure payment accuracy as well as ensuring the correct customer is charged
In a world where customer functionality is king EV mobile apps are gaining more and more functionality. You can view cameras, start and stop charging, warm the car up, find its location or even unlock the car. The cyber security of this mobile application becomes more and more important.
So how do we go about addressing the many challenges, or if you are feeling positive opportunities, that the EV charging sector stares into. Well first it’s about understanding the threats faced and the cyber risks posed. From here we can start to understand the impact of these risks. For example, threat modelling should be used as widely and as early as possible.
The Electric Vehicle ecosystem is fast becoming a cyber security minefield. However, with dedicated cyber security resources who understand the risks we can look to build robust security controls to mitigate those risks and ensure the move towards Net Zero is fully supported by the cyber security community.
Third Party Cyber Security (TPCS) is a cyber security consultancy offering a range of cyber security services to customers across multiple industry sectors.