As potential attack vectors from connected devices continue to broaden across the infrastructure, securing electric vehicles and their charging stations brings new challenges and elevated cyber risk.
EVs and advanced driver assistance technologies are computer and sensing systems in their own rights with internet and wireless accessibility, which leaves them open to many of the same cybersecurity issues prevalent in network-connected and integrated solutions. There’s privacy and safety risk and the cybersecurity of firmware updates at stake, as well as the potential of sabotage or other intentional attacks on these platforms.
Connected car growth
According to research firm Statista, an estimated 48% of all new cars shipped in 2020 included in-build connectivity. It projects that 96% of all new cars shipped worldwide by 2030 will be connected vehicles.
The need for powerful automotive cybersecurity corresponds with rapid advancements in vehicle technology, the National Highway Traffic Safety Administration (NHTSA) reports. NHTSA promotes a multilayered approach to cybersecurity by focusing on a vehicle’s entry points—wireless and wired—that might be vulnerable to cyberattack. A layered approach to vehicle cybersecurity reduces the possibility of a successful vehicle cyberattack, and it mitigates the potential consequences of a successful intrusion, according to the organization.
EV manufacturers are mobilizing behind cybersecurity for charging infrastructure, which is another possible entry point for cyberattack. As more EVs enter the market and connect to the electrical system, vehicle security and cyber vulnerabilities are drawing increased attention.
The National Renewable Energy Laboratory (NREL), Ford Motor Co., Rivian, Shell Global Solutions and ChargePoint collaborated to assess and develop enhanced cybersecurity and hardening methods for the connections between EVs and their charging stations. These stakeholders came together as part of a project led by SAE International to provide data on establishing a secure and encrypted connection between a charging station and an EV.
Securing data exchange
During the event, organizers evaluated the application of public key infrastructure (PKI)—a method for encrypting information exchange and certifying the authenticity of devices—to help ensure digital trust between vehicles and charging stations. PKI is a widely used digital certificate that protects sensitive data by providing unique digital identities for users, devices and applications and secure end-to-end communications.
“Although PKI had been adopted for many industries, this kind of authentication between different companies’ electric vehicles and charging stations is not commonplace and has not yet matured in the EV charging ecosystem,” according to a news release from NREL.
NREL previously studied the vulnerabilities associated with EV interconnections and evaluated strategies to mitigate those vulnerabilities. The event also showed how PKI could improve the security of communications during EV charging sessions—with the goal to protect against financial fraud and defend drivers, vehicles, manufacturers and network operators from cyber intrusions.
The integration of EVs into electric grid operations can also potentially leave the grid vulnerable to cyberattacks from legacy and new equipment and protocols, including extreme fast-charging infrastructure. The NREL predicts that 30% of all global vehicle sales may be EVs and hybrid EVs by 2025, and they will rely on increasingly sophisticated strategies for grid integration.
The next-generation EV charging infrastructure is expected to include interconnected renewable resources, such as photovoltaic arrays and battery storage systems, along with grid-edge devices, which could possibly open other areas of vulnerability.