Hackers are Waiting

10406872454?profile=RESIZE_400xElectric vehicles (EV) appear to be a vital part of the present (and future) state of the US auto market.  In the past, there has been EV hope and hype; now the rapid adoption of electric vehicles is finally here.  As an example, Tesla was only one month away from bankruptcy in the recent past and now is thriving.  In 2011, there were only 16,000 battery and plug-in hybrid electric vehicles on the road.  In mid-2021, that number had grown to over 2 million vehicles. In fact, auto executives expect over 50% of US vehicles to be all-electric by 2030.

The US Bipartisan Infrastructure Deal includes $7.5 billion to plan and build a robust network of EV charging stations, a sizeable down payment toward developing a nationwide system.  But of what of the extensive and complicated network needed to service those electric vehicles?  It took decades for a reliable network of gas stations to crisscross the US, with policies and procedures created by individual oil companies before proper government oversight or planning ensued.  A state or nationwide electric vehicle charging network will require thorough planning and significant investment.  Despite these lofty goals, projected EV usage increases and plans to keep them rolling along the US highways, one crucial challenge remains woefully undiscussed: EV charging station cybersecurity.

In March, a 19-year-old tech security specialist used TeslaMate, a third-party software app, to successfully hack into 25 Tesla vehicles in more than a dozen countries.  It was the first reported incident of a third-party app being used to hack and obtain access to vehicle data and controls, which is a clear indication of the risks associated with EVs.

Tesla is hypervigilant about cybersecurity, yet hackers still found a way to compromise their systems.  As electric vehicles become an even larger portion of the automobile market, a disturbing cyber threat is the installation of potentially unprotected EV charging stations across the country.  Without a heavy emphasis on cybersecurity, these stations could become a hacker superhighway.

Electric vehicles adoption will increase.  In short, EV charging infrastructure is a device (or set of devices) that waits for another device to connect and begin communicating without a 3rd party firewall or other cybersecurity devices to act as a shield, meaning all those technologies must be built into the charging station itself.  As seen with MS Windows, a third party is often necessary to secure technologies like this as the tech itself tends to lack proper cyber protection.

The complexity and rapid adoption of EV charging stations/technologies make them especially vulnerable to attacks as certain security measures may be overlooked.  Electric vehicle charging stations appear highly vulnerable to hackers.  In 2021, the US based Colonial Pipeline became a victim to a foreign-fronted cyberattack due to a single compromised password.  This one vulnerability halted fuel supply processes in the Eastern US and cost the company $4.4 million in ransom.  Now, think of a hack that could cripple EV charging stations across California; of the entire US.  More open doors provide more opportunities for hackers to break into and potentially control sophisticated EVs.

The demand for electric vehicles is rising dramatically.  According to Gartner, EV charging stations are expected to increase from 1.6 million units in 2021 to 2.1 million units this year.  It also predicted that electric cars (battery-electric and plug-in hybrid) shipping would rise to 6 million in 2022, a 50% increase over 2021.  Additionally at COP26 in November 2021, the Zero Emission Vehicle Transition Council announced that vehicle manufacturers will commit to selling only zero-emission vehicles by 2040 and earlier in leading markets. 

One incentive to boost EV adoption essentially rolls out the red carpet for hackers.  Today, EV drivers can save or earn money by giving the power stored in their battery back to the grid or supplementing their home or office’s electric needs. Unfortunately, this connectivity opens doors to cyberattacks from data breaches.

The best way for cybersecurity leaders to protect charging stations from security breaches is to consistently monitor for cyberattacks, both known and unknown.  For instance, utilities use technology like IPKeys Cyber Partners’ evolving VSOC (Vehicle Security Operations Center) platform.  This software enables cybersecurity for the post-production phase.  It is critical to ensure the security of connected vehicles and the smart mobility ecosystem, allowing companies to monitor their entire infrastructure and vehicles in real-time, utilizing automotive-specific analytics to detect cyber threats.

Automotive cybersecurity is still a relatively new domain, developing quickly to keep up with the fast-paced technological developments in the industry and the increasing number of cyber incidents.  Unfortunately, traditional automotive safety regulations and security standards do not sufficiently cover the cyber threats related to modern-day connected vehicles.

EV charging infrastructure is as vulnerable to suffering from cyber threats as any other connected device.  Still, the complexity and quick evolution of the technology and connected devices put this technology, especially, at risk.  They will require the same type of monitoring and protection to ensure they do not open doors for cybercriminals to walk through, whether on the device itself or through a third-party app.  As the use of electric vehicles grows and EV charging stations are installed across the country, it is crucial that the US focus on advanced cybersecurity measures to keep drivers safe and secure the critical data our vehicles contain.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.   For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/3702558539639477516

 source: Considerations for building an equitable, profitable and reliable EV infrastructure - American City and County

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!