Electric vehicles have become an integral part of the U.S. auto market, and their role on the road will only become more pivotal as the country continues to explore climate-friendly practices across every industry. After years of hype bubbling below the surface, we are now entering the age of rapid EV adoption. In 2011, there were only 16,000 battery and plug-in hybrid electric vehicles on the road. By 2021, that number has grown to over two million vehicles. With no plans of slowing down, auto executives expect over half of all U.S. vehicles to be all-electric by 2030.
The Bipartisan Infrastructure Deal passed in 2021 includes a $7.5 billion surplus to plan and build a rich network of EV charging stations, an impressive down payment toward developing a system that stretches across the country. But what of the extensive and complicated network needed to service the oncoming wave of electric vehicles?
Starting in the early 20th century, it took decades for a miscellany of gas stations to take root in big cities and small towns across the nation. As gas automobiles became the norm on the road, a robust network of filling stations was needed to ensure drivers had fuel for their journeys. Policies and procedures were created by individual oil companies before any sort of government oversight or planning ensued. A nationwide system of EV charging stations, however, will require thorough planning and significant investment. Despite lofty goals, projected EV usage increases and plans to keep them rolling along America’s highways, one crucial obstacle remains undiscussed: EV charging stations’ cybersecurity infrastructure.
Over the past few years, cybersecurity, cyber tech and cyberattack discussions have begun to take over the media. For example, the supply chain industry, which is already behind when it comes to securing its systems, admitted that 93 percent of firms have suffered a direct cybersecurity breach because of weakness in their supply chains. Additionally, the U.S. Treasury Department warned cryptocurrency companies about their cybersecurity controls, fearing Russia could conduct cyber-attacks in response to Western sanctions over its invasion of Ukraine.
The Coming Wave of Electric Vehicle Adoption
In February 2022, a 19-year-old tech specialist apparently used a backdoor created by a third-party software app to hack into 25 of a leading EV manufacturer’s vehicles in over a dozen countries. It was the first instance of a third-party app being used to hack and obtain access to vehicle data and controls, a clear sign of the potential cybersecurity risk associated with electric vehicles. Incidents such as these are driving concerns about a targeted cybersecurity attack that could affect the whole country.
Despite the manufacturers’ hypervigilance regarding cybersecurity, hackers found a way using open doors from third-party vendors. As EVs become a larger portion of the auto market, that will mean even more open doors for bad actors to walk through, including the cyber threat of potentially unguarded and unprotected EV charging stations across the country. Without a clear focus on cybersecurity, these stations could become a hacker superhighway.
In a nutshell, EV charging infrastructure is a device (or set of devices) that waits for another device to connect and begin communicating without a third-party firewall or other cybersecurity devices to act as a shield. All of those systems and tech must be built into the charging station itself; a third party is typically required to secure technologies like this as the tech itself usually lacks proper cyber protection.
The complex nature and the rapid adoption of EV tech/charging stations make them an attractive target for attacks as certain security measures may be overlooked. Electric vehicle charging stations appear highly vulnerable to hackers. Last year, the U.S. based Colonial Pipeline fell victim to a foreign-fronted cyberattack due to a single compromised password. This one weakness halted fuel supply processes in the eastern U.S. and cost the company a total of $4.4 million in ransom. With that in mind, now imagine a hack crippling EV charging stations across California. More open doors mean more entry points for hackers to break into – and potentially control – sophisticated EVs.
The demand for EV adoption is increasing exponentially. According to Gartner, EV charging stations are expected to rise from 1.6 million units in 2021 to 2.1 million units this year. It also predicted the electric cars (battery-electric and plug-in hybrid) shipping would rise to six million in 2022, a 50 percent increase over 2021. Additionally, at COP26 in November 2021, the ZERO Emission Vehicle Transition Council announced vehicle manufacturers will commit to selling only zero emission vehicles by 2040 and earlier in leading markets.
One particular incentive to boost EVs essentially rolls out the red carpet for hackers. Right now, the electric vehicle driver can save or earn money by giving the power stored in their battery back to the grid or enhancing their home or office’s electric needs. Unfortunately, this connectivity opens the door to cyberattacks from data breaches.
Automotive cybersecurity is still a relatively new domain. It has had to develop quickly to keep up with the fast-paced technological advancements in the industry and the increasing number of cyber incidents. Unsurprisingly, traditional automotive safety regulations and security standards do not adequately cover the cyber threats related to modern-day connected vehicles.
EV charging infrastructure is as exposed to suffering from cyber threats as any other connected device. Even then, the complexity and quick evolution of this technology put the charging stations, especially, at risk. They will require the same style of surveillance and protection to ensure they do not open doors for cybercriminals to break through, whether on the device itself or through a third-party app. As the use of electric vehicles grows and charging stations are “planted” across the country, it is imperative that we hone in on advanced cybersecurity measures to keep drivers safe and to secure the critical data our EVs contain.
Headline photo courtesy of Adobe Stock.
Robert Nawy is CEO of IPKeys Cyber Partners, provider of industry-leading, secure OT/IT intelligence platform that addresses the complex cybersecurity, data and critical infrastructure protection challenges faced by operators of mission-critical networks for customers in the energy, government, public safety communications and industrial markets. The company’s suite of solutions encompasses cybersecurity, cyber compliance, and operational network monitoring for a range of dynamic OT/IT environments. The company is headquartered in New Jersey and has offices in California, Louisiana and Texas.