Researchers worry that cybersecurity is being neglected as Europe and the U.S. try to accelerate the development and sales of electric vehicles.
Officials and security specialists worry that in the worst-case scenario, hackers might manufacture blackouts and harm to entire electric grids by hacking charging stations and networks.
Targets include large corporations like Tesla, which has hundreds of thousands of chargers.
The Biden administration called for EV sales to account for 50% of all new vehicle sales by 2030 and proposed harsher car pollution limits in April to hasten the transition to EVs. By outlawing the sale of new gasoline and diesel-powered vehicles beginning in 2035, the European Union has gone further.
However, cybersecurity cannot be neglected in the haste to expand EV usage. Rapid deployment allows you to make some minor cuts. If products (charging stations) haven’t been adequately tested and validated, there is thus a greater risk.
The security of EV charging stations is a topic that is still in its infancy. Anjos Nijk, managing director of the European Network for Cyber Security, a Dutch organization that shares cyber threat information with critical infrastructure and energy companies, said that European lawmakers are drafting new cyber rules for electricity grid operators that will probably include additional security requirements for EV charging infrastructure.
The U.K. imposed regulations that included using special passwords on specific equipment and encrypting communications received from stations.
The procedure to tighten cybersecurity has been stepped up now that charging station suppliers know the risk.
Plans submitted by American states last year to obtain federal financing for EV infrastructure had to include cybersecurity. Jay Johnson, a mechanical engineer at Sandia National Laboratories engaged in energy research, indicated that more details are required.
A 2021 U.S. infrastructure law provides $7.5 billion in funding for state-led EV charging station expansion. While stating that applicants must implement “appropriate” cybersecurity measures to safeguard data and systems, federal guidance left it up to the states to define them.
For instance, South Dakota declared that it would demand that businesses creating EV infrastructure utilize firewalls and encrypt communications. Standards for EV security technologies are still being created, according to New York’s proposal. Once these are completed, “New York State will comply with all federal technical standards, including cybersecurity,” the proposal stated.
It was a huge opportunity lost to synchronize requirements across the country. It would have been simpler for businesses operating across many states to comply with national cyber requirements.
Recently, Sandia conducted an evaluation of 12 undisclosed charging items and discovered security issues, such as openly exposed usernames, passwords, and credentials to modify or configure some equipment, while other products had greater safeguards.
Tesla is positioned to dominate EV charging in the United States, and this year, General Motors, Ford, Volvo, and Rivian joined Tesla in committing to embrace it’s charging standard. The Mercedes-Benz Group said this week that it would begin supporting the Tesla Supercharger stations in 2019. Requests for comments from Tesla were not returned.
ChargePoint, a significant supplier of charging stations to cities and business parking lots in North America and Europe, takes many precautions to protect its networks. The business was running roughly 225,000 charging terminals at the end of January.
To prevent cyberattacks from spreading to the broader electricity grid, ChargePoint employs security measures such as penetration testing and network isolation.
According to him, ChargePoint uses a variety of technologies to handle cyber vulnerabilities in the station chips and software, consumer payment transactions, encryption, and its technological infrastructure.
Cyber laws that vary by region won’t shield against the widespread repercussions of a significant cyberattack. It makes no difference where the 100,000 chargers are if you hack them. The electricity grid may be significantly impacted by it.
In a public tender for public EV charging stations last year, the city of Amsterdam incorporated cybersecurity requirements for the first time. To be considered for contracts, organizations must demonstrate that they adhere to security requirements and offer cyber assessments of their supply chains.
According to him, Amsterdam’s regulations are intended to thwart attacks that can result in power outages or force charging stations to consume more electricity than they need to, damaging transformers and power lines.