It seems that electrical cars are going to become the wave
of the future. Personally, I don’t have
one, and I don’t ever plan to have one, as long as my long and trusted Honda Civic
03 keeps on running like it has been.
But, it seems like that the worldwide adoption for Electrical
Vehicles (EVs) is only going to continue to grow at a very strong clip here in the
coming years.
While EVs are deemed to be very ecofriendly and green, the batteries
in these cars have to be charged, or replenished, like how normal cars would be
at the gas station. But rather than
filling in the usual unleaded 87 into your car, you will be literally charging the
battery of your car.
There are numerous stations like these that are propping up
in the United States, especially in the larger cities, like here in
Chicago. In fact, my own apartment building
will soon be offering EV charging stations for their own residences.
So with all of this, this will give birth to an entirely new
industry: The EV Charging Infrastructure. But this won’t be something that will exist
all by itself, rather, it will be connected into the national power grid in order
to keep up with a fresh charge supply.
While this could bring in more jobs, and even be good news
for our economy, it also poses one serious threat: Cyber-attacks. This gives an extra avenue for the hacker to
make their grand entry into one of our nation’s Critical Infrastructure.
Because of this, it is the EV charger that is now most at
risk. In fact, one ethical Pen Tester
even simulated and wrote a detailed article about how an EV charger can literally
be heisted by a Cyberattacker. More information
about this can be seen at the link below:
https://www.pentestpartners.com/security-blog/smart-car-chargers-plug-n-play-for-hackers/
It is important to keep in mind that there are many other components
that go along with the EV charging station, and this increased amount of
interconnectivity only expands the attack surface to a much greater
degree. So, you may be asking at this
point, what are some of the Cyber risks that are involved here? Well, here is a sampling of them:
*A mass disruption in the availability of charging stations;
*Deploying bots at these stations in order to launch massive
DDoS attacks;
*The heisting of PII datasets;
*Credit card hijacking as customers pay to use the charging
stations for a certain amount of time;
*Mass disruptions to the national power grid, with far more
severe cascading effects;
*On a more qualitative front, if any Cyberattacks do happen,
the brand and reputational loss will be far too severe for the charging station
to handle.
One of the other main security issues here as well is the cascading
effect that a bi directional connection can bring. Keep in mind that the EV charger is like the
IoT, in that it is connected to many other things. Here is an example of this situation:
“When an EV plugs in to a networked charger, a cascade of
bidirectional communications between multiple computers ensues — between the
vehicle and the charger, the charger and the driver's mobile app, the charger
and the grid, the charger and the back-end management system, the management
system and a payment gateway, and the management system and the charge-point
operator.”
One way to keep the EV Charging stations at a lower risk
from a Cyberattack is to have them follow a strict set of compliance rules and
regulations which include the following:
*The Open Charge Point Protocol (OCPP):
This is a set of best practices which oversees the flow of
communications between the EV charger the management system (and vice versa).
*The ISO 27001:
This addresses all of the controls that are required for any
company, and even can fit to the security requirements of an EV Charging
station.
*The ISO 15118.20:
This is another framework that was launched in 2022 to
increase the security for bi directional communications between the EV Charger and
the actual EV, and vice versa. It deals
with issuing a series of security certificates authenticating the credit card,
the credit card holder, as well as even sending unused charge back to the national
power gird in a secure manner.
The other security concern deals with the EV Charging Infrastructure. Many Cyber pundits believe that a national
system should be put into the Cloud, as the AWS or Microsoft Azure. Here the principles of Asymmetric Key Cryptography
would be strictly observed and enforced by the security tools which are offered
by these Cloud providers.
Of course, there is then the need to be compliant with all
of the data privacy laws, primarily those of the GDPR and the CCPA. All of the EV Charging stations would have to
be responsible for maintain their own levels of compliance, which of course
will be an added expense.
Since credit cards will be the primary means of payment, all
of these charging stations will have to abide by the tenets and principles of
the PCI – DSS standards as well.
Finally, since the EV Charging stations will be connected to
many other points of origination and termination, Endpoint Security will also
be a key issue, but the major Cloud providers have the tools in place to address
that as well for you.
My Thoughts On This:
It’s only obvious that the digital world that we live in
today is only going to be more complex down the road with all of this
interconnectivity. I truly yearn for the
days when life was simpler and not so digital.
The EV Charging infrastructure is still in its infancy, and will
probably grow like a beast as the demand for EVs really starts to pick up. Thus, now is the time to address and remediate
any security issues before it gets too far out of hand.
Will I ever buy an EV?
Probably not. Even in the coldest
days here in Chicago, my good ‘ole Honda started up fine. Can’t say the same of an EV.
No comments:
Post a Comment