In a world where everything is online, many people are moving away from gasoline-powered vehicles toward electric ones. The reasons are not far-fetched. Since EVs (electric vehicles) are powered by electricity from the grid and have no tailpipe emissions or need for petroleum fuels, they have been promoted as being cleaner and more efficient than traditional cars. Besides, they are usually environmentally friendly and exhibit better performance.
EVs are becoming more common in the United States, with sales expected to hit 700,000 units in 2022 and 2.5 million units by the end of 2027. While this simply means that you won’t probably have to keep buying gas any longer, owning an EV comes along with challenges of which security is a critical aspect.
Due to their nature, EVs are vulnerable to cyberattacks because they rely on wireless technologies instead of standard physical connections like oil or gas pumps. While conventional vehicles are usually self-contained, EVs are connected to the grid and therefore vulnerable to cyberattacks which can compromise critical functions such as braking or steering control. Security risks are higher for EVs than they are for conventional vehicles due to their reliance on software systems and network connectivity, making them more likely to be hacked.
The 25 Teslas Case Study
In January this year, a 19 year old cybersecurity expert, David Colombo singlehandedly discovered and exploited some vulnerabilities in 25+ Teslas across 13 countries. In a series of tweets, he shared that he could perform various commands remotely without being noticed by the owners. These commands include “disable Sentry Mode”, “unlock the doors”, “open the windows”, “start Keyless Driving” etc. While he also clarified that this was not a security flaw in Tesla’s infrastructure but in that of the owners’, this recent example only shows how vulnerable EVs can become.
Security flaws are increasing in EV charging stations
The proliferation of electric vehicles has led to an increase in the number of EV charging stations. These stations are used by both private and commercial entities to charge their vehicle fleets. However, since these EVs are powered by computers and software, they can be susceptible to cyberattacks. This can lead to a wide range of problems including the theft of personal data, disruption of services and operations, and even property damage.
Most of these charging stations are not protected as well as they could be. This is because a lot of charging station manufacturers and operators have no standardized process for identifying and remediating vulnerabilities or do not even have a common definition of what constitutes a vulnerability or threat to EV charging equipment. This means that while EV owners can protect their cars from physical threats by locking them up when they aren’t in use and keeping them away from high traffic areas where thieves might see value in stealing them, there’s little that can be done if someone were to hack into your car while it was plugged into one of these insecurely designed chargers at an unknown location.
The rise of EV cybersecurity standards and regulations
The EV industry has made significant strides in developing environmentally-friendly vehicles. However, it is not immune from the cybersecurity concerns that plague the rest of the automotive industry. Hence, the need for regulations and standards to mitigate attacks and protect end-users.
These are rules set by governments and organizations like NHTSA (National Highway Traffic Safety Administration) that outline how manufacturers should build software systems and test them before releasing them into production models so they can prevent hacking attempts on their vehicles during operation or theft attempts. This also includes a way for consumers to report any potential security vulnerabilities in their EV software.
ISO/SAE 21434 is another standard that provides a common framework for the assessment or prediction of cyber risks. It can be used to evaluate any type of IT system, including electric vehicles and their connected components.
EV charging systems’ security requirements are taken into account
In a 2016 report by ENCS, the European Network for Cyber Security presented some cybersecurity guidelines for mitigating the dangers that EV charging infrastructure pose.
These guidelines which apply across Europe give municipalities and distribution network operators a practical set of considerations when purchasing electric vehicle chargers. Charge Point Operators (CPOs) can use this document to determine the security criteria for charging stations during the procurement process.
OEMs Are Not Left Out of This
Since OEMs are responsible for integrating cybersecurity into the design of their EVs, they face the challenge of not just securing the vehicles but also the larger EV ecosystem: charging stations, software updates, smartphone apps used by drivers and passengers alike—and any other third-party systems that interact with the vehicle itself (like traffic lights).
Vehicle manufacturers must disclose any vulnerabilities found in their vehicles and provide notifications about how those vulnerabilities will be addressed before they can be accessed by malicious actors. All software used by a manufacturer must have known vulnerabilities corrected prior to implementation within one year of the initial purchase date or delivery date for leased vehicles; OEMs may request waivers if this deadline cannot be met due to extenuating circumstances such as major recalls necessitating immediate patching of existing software versions on large numbers of production lines simultaneously while still maintaining quality control standards during production runs.
Also, the NIST Cybersecurity Framework is a valuable tool for OEMs to implement in the development and production of electric vehicles, as it provides standards for improving cybersecurity throughout their supply chains and product lifecycles. These standards will help OEMs focus their efforts on the most critical risks and provide a foundation for establishing technology-neutral cybersecurity requirements that meet or exceed those mandated by Federal Motor Vehicle Safety Standards (FMVSS).
As we march on towards a greener, cleaner future where all vehicles are powered by electricity, more and more individuals and organizations are making strides towards fully electric cars that run on the power of the sun. However, while this new technology heralds a new era of efficiency, it also requires a serious rethink of how we keep these new vehicles safe from cyber attackers.
Here at ITEGRITI, we’ve built our entire business around security, so we know how important it is for companies of all kinds—especially automotive companies—to be aware of cybersecurity threats and implement proper solutions to protect themselves from them. Find out more here.