ARCchargingsystem.jpg
Image: Beam Global

In February 2022, the Biden administration presented a plan to use $5 billion that was allocated by Congress in 2021 to create a network of electronic vehicle chargers along interstate highways.

Creating an electric charging station infrastructure that enables EVs to recharge, no matter where they are, is integral to fighting climate change and achieving a more energy-efficient means of transportation.

SEE: VW autonomous charging bots reimagine EV infrastructure in an increasingly electric landscape (TechRepublic)

Unfortunately, the side effect of moving from more analog fueling solutions, such as gas and diesel, to electric charging stations that are Internet of Things appliances, is security vulnerability.

In an age of cyberattacks and security breaches, how will we protect car fueling infrastructure that is no longer analog and is therefore more vulnerable to IoT intrusions?

“The complexity and rapid adoption of EV charging stations and technologies make them especially vulnerable to cyberattacks, as certain security measures may be overlooked,” said Robert Nawy, CEO of IPKeys. “EV charging infrastructure is a device, or set of devices, that waits for another device to connect and begin communicating without a third-party firewall or the cybersecurity device to act as a shield.”

This means that security technologies from third-party security solution providers must be added to EV charging stations, which don’t necessarily incorporate much built-in security on their own.

A 19-year-old in Germany used a third-party app to hack into about 25 Tesla vehicles in more than a dozen countries, Nawy said. “Some experts believe this was the first time a vehicle has been successfully hacked via a third party that had access to control and data, and it clearly underlines the risk to IoT security. This is why it’s absolutely imperative that the EV charging station industry focus on cybersecurity risk and how to prevent security hacks upfront.”

In the case of the Tesla security breach, experts detected the breach, but still couldn’t prevent it. What did the industry learn from that?

SEE: Electric vehicle charging company announces first open charging platform (TechRepublic)

“The industry learned that traditional automotive safety regulations and security standards do not sufficiently cover the cyber threats related to modern-day connected vehicles,” Nawy said.

Like more automated, electric vehicles, EV charging stations face many of the same security challenges.

In a recent EV charging station study conducted by Carlos Alvarez College of Business’ Department of Information Systems and Cyber Security, researchers examined 16 different EV charging systems and uncovered 13 significant areas of security threats and vulnerabilities, such as missing authentication and cross-site scripting. “By exploiting these vulnerabilities, attackers can cause several issues, including manipulating the firmware or disguising themselves as actual users and accessing user data,” noted researchers Elias Bou-Harb, director of the UTSA Cyber Center for Security and Analytics; and his colleagues, Claud Fachkha of the University of Dubai; and Tony Nasr, Sadegh Torabi and Chadi Assi of Concordia University in Montreal.

These researchers recommended developers patch existing vulnerabilities and also incorporate initial security measures during the manufacturing of charging stations to prevent a mass attack on the power grid.

One thing’s for sure: EV charging stations are going to require robust monitoring and management to ensure that they don’t present vulnerabilities that cyber criminals can take advantage of. Developers of EV charging stations might even consider borrowing a page from what many autonomous vehicle manufacturers have been doing: incorporating an internal disk and control software in each device that enables the device to run on its own for a while if internet connectivity is lost.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday