The market for electric vehicles (EVs) has expanded exponentially across the past few years and is expected to grow quickly over the coming decade. In essence, the automotive industry is undergoing a profound transformation.
Packed with cutting-edge technology that can go the distance, this eco-engineering revolution comes with new imperatives. While Hollywood-style vehicle hacks are unlikely, stronger strategies are needed to mitigate EV security risks.
“EVSE [Electric Vehicle Supply Equipment] is supported by electronics, both for charging the vehicle and facilitating communications, so EVSE is susceptible to cyber security vulnerabilities and attacks,” says the National institute of Standards and Technology (NIST).
Every element within an EV communicates with a central computer, which is responsible for relaying messages between different parts of the car. This has led to efficiency gains. However, it also renders EVs vulnerable to hacking.
The chargers required to refuel EVs also need to communicate in specific ways, as to manage a vehicle’s charge level, voltage and other metrics. The communication requirements render EVs vulnerable to maliciously modified chargers and other types of cyber malevolence.
A major point of vulnerability in terms of EV security exists within the charger. In contrast with gas stations, the current public charging model is based on unattended self-service, meaning that charging stations may be in remote locations without physical security.
In turn, any person with a screwdriver could break into charging stations and attempt to hack the computer operating the charger. Theoretically, an individual could manipulate systems as to provide inaccurate charging metrics, endangering both the vehicle and the driver.
In contrast with public perceptions and imaginings, no one has managed to use charger connections to hack into vehicles themselves thus far, but hackers are becoming increasingly sophisticated.
Research supported by the U.S. National Science Foundation suggests that hackers could manage to gain entry into numerous charging stations simultaneously, repeatedly switching them on and off. Not only could this lead to massive travel delays and inconveniences, it could also result in regional blackouts, if over-frequency relays at power grid substations trip.
“In the rush to EVs…cybersecurity can’t be an afterthought,” says Tomas Bodeklint, a research and business developer at the Research Institutes of Sweden, a government-run group that focuses on EV charging and other technologies.
“When you get rapid deployment, you cut the corners a bit. Then there’s an increased risk if [products] haven’t been thoroughly tested and validated.”
EV risk mitigation
Incorporating threat detection and monitoring tools into EV charging infrastructure may limit risks associated with the technology.
For organizations, using strong authentication mechanisms for accessing EV systems and data will help prevent unauthorized access. Similarly, individual EV owners should use strong and unique passwords for EV-related applications and accounts. Enable two-factor authentication where possible.
Both EV infrastructure managers and individuals can increase EV security by staying current; in other words, running the most up-to-date software. Ensure that software and firmware are regularly updated and patched.
In relation to the supply chain, businesses need to work with trusted suppliers who prioritize cyber security. Individuals should remain cautious when purchasing aftermarket EV accessories, making sure that they come from reputable vendors.
On account of the fact that the technology behind EVs and EV chargers is relatively new, there are few standards when it comes to manufacturing and security. In the U.S., regulations are being developed at the state-level, indicating a potential missed opportunity for a set of cohesive, nationwide policies.
There is a need for increased transparency across all dimensions of EV production; design, development and construction. As the demand for electric vehicles continues, an EV security roadmap will become paramount in driving us towards a secure and sustainable future.
For more insights and best practices around EV security, check out this amazing interview with Check Point’s industry experts – here. Lastly, to receive more timely cyber security news, insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.