- Jan 21, 2018
- 814
With more countries reaching the tipping point for electric vehicle (EV) adoption, it's more urgent than ever for the public and private sectors to invest in EV charging infrastructure. A robust and highly secure EV charging ecosystem is essential for ensuring network availability and stability, providing a seamless charging experience to drivers, and achieving zero-emission transportation.
The good news is that EV charging infrastructure build-out is gaining momentum. The downside is that cybersecurity risks are growing along with the charging infrastructure, and cybercriminals are starting to take notice.
Today, EV chargers themselves are the primary target, with hacks ranging from planting ransomware to hijacking charger message screens with politically motivated or objectionable content. In a major wakeup call to manufacturers, a white-hat security specialist demonstrated EV charger hardware and software vulnerabilities. Recent hacks have also shown that EVs, too, are at risk.
The Vulnerabilities Are Broader Than Chargers and EVs
The communications networks that connect chargers with their management system, the personal data that travels across those networks, the charge-point operators collecting payments, and the grid itself are increasingly vulnerable as the EV ecosystem grows and the attack surface expands. The risks include (but are not limited to):
As IT security experts know, whenever you have digital communications between two points, you have a potential vulnerability. When an EV plugs in to a networked charger, a cascade of bidirectional communications between multiple computers ensues — between the vehicle and the charger, the charger and the driver's mobile app, the charger and the grid, the charger and the back-end management system, the management system and a payment gateway, and the management system and the charge-point operator. That's a broad attack surface....
- Disruption of operations for public charger networks, rendering large numbers of chargers unusable and interfering with transportation
- Takeover of charger networks to use the chargers as bots in massive distributed denial-of-service (DDoS) attacks
- Theft of customers’ personal identifiable information (PII), including payment card information
- Fraudulent payments for electricity used in EV charging
- Disruption to the power grid, leading to blackouts and equipment damage
- Damage to the EV charging provider's reputation
Security and the Electric Vehicle Charging Infrastructure
When EVs and smart chargers plug in to critical infrastructure, what can go wrong? Plenty.
www.darkreading.com
Last edited by a moderator: