Electric vehicles are taking over. Hackers are waiting

Electric vehicles (EV) are a vital part of the present (and future) state of the U.S. auto market. After decades of hope and hype, the rapid adoption of electric vehicles is finally upon us. In 2011, there were only 16,000 battery and plug-in hybrid electric vehicles on the road. In mid-2021, that number had grown to over 2 million vehicles. In fact, auto executives expect over 50% of U.S. vehicles to be all-electric by 2030.

The Bipartisan Infrastructure Deal includes $7.5 billion to plan and build a robust network of EV charging stations, a sizeable down payment toward developing a nationwide system. But of what of the extensive and complicated network needed to service those electric vehicles?

It took decades for a hodgepodge network of gas stations to crisscross the nation, with policies and procedures created by individual oil companies before proper government oversight or planning ensued. A state or nationwide electric vehicle charging network will require thorough planning and significant investment. Despite lofty goals, projected EV usage increases and plans to keep them rolling along America’s highways, one crucial challenge remains woefully undiscussed: EV charging station cybersecurity.

Last month, a 19-year-old tech security specialist used TeslaMate, a third-party software app, to successfully hack into 25 Tesla vehicles in more than a dozen countries. It was the first reported incident of a third-party app being used to hack and obtain access to vehicle data and controls, a clear indication of the risks associated with EVs.

Tesla is hypervigilant about cybersecurity, yet hackers still found a way to compromise their systems. As electric vehicles become an even larger portion of the automobile market, a disturbing cyber threat is the installation of potentially unprotected EV charging stations across the country. Without a heavy emphasis on cybersecurity, these stations could become a hacker superhighway.

Electric vehicles adoption to increase

In a nutshell, EV charging infrastructure is a device (or set of devices) that waits for another device to connect and begin communicating without a 3rd party firewall or other cybersecurity devices to act as a shield — all those technologies must be built into the charging station itself. As seen with MS Windows, a third party is often necessary to secure technologies like this as the tech itself tends to lack proper cyber protection.

The complexity and rapid adoption of EV charging stations/technologies make them especially vulnerable to attacks as certain security measures may be overlooked. Electric vehicle charging stations appear highly vulnerable to hackers. Last year, the U.S.-based Colonial Pipeline fell victim to a foreign-fronted cyberattack due to a single compromised password. This one vulnerability halted fuel supply processes in the Eastern U.S. and cost the company $4.4 million in ransom. Now, think of a hack that could cripple EV charging stations across California. More open doors provide more opportunities for hackers to break into and potentially control sophisticated EVs.

The demand for electric vehicles is rising dramatically. According to Gartner, EV charging stations are expected to increase from 1.6 million units in 2021 to 2.1 million units this year. It also predicted that electric cars (battery-electric and plug-in hybrid) shipping would rise to 6 million in 2022, a 50% increase over 2021. Furthermore, at COP26 in November 2021, the Zero Emission Vehicle Transition Council announced that vehicle manufacturers will commit to selling only zero-emission vehicles by 2040 and earlier in leading markets.

One incentive to boost EV adoption essentially rolls out the red carpet for hackers. Today, EV drivers can save or earn money by giving the power stored in their battery back to the grid or supplementing their home or office’s electric needs. Unfortunately, this connectivity opens doors to cyberattacks from data breaches.

The best way for cybersecurity leaders to protect charging stations from security breaches is to consistently monitor for cyberattacks — both known and unknown. For instance, utilities use technology like IPKeys Cyber Partners’ evolving VSOC (Vehicle Security Operations Center) platform. This software enables cybersecurity for the post-production phase. It is critical to ensure the security of connected vehicles and the smart mobility ecosystem, allowing companies to monitor their entire infrastructure and vehicles in real-time, utilizing automotive-specific analytics to detect cyber threats.

Automotive cybersecurity is still a relatively new domain, developing quickly to keep up with the fast-paced technological developments in the industry and the increasing number of cyber incidents. Unfortunately, traditional automotive safety regulations and security standards do not sufficiently cover the cyber threats related to modern-day connected vehicles.

EV charging infrastructure is as vulnerable to suffering from cyber threats as any other connected device. Still, the complexity and quick evolution of the technology and connected devices put this technology, especially, at risk. They will require the same type of monitoring and protection to ensure they do not open doors for cybercriminals to walk through, whether on the device itself or through a third-party app. As the use of electric vehicles grows and EV charging stations are installed across the country, it’s imperative that we focus on advanced cybersecurity measures to keep drivers safe and secure the critical data our vehicles contain.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.