Check Point Software says it is calling for a prevention-first approach to protect electric vehicle (EV) charging points against rising cyber threats, to minimise the risk of delaying the wider adoption of EVs.
Governments around the world are pushing the move to greener technologies to combat climate change and reduce their reliance on hydrocarbons. In New South Wales and Victoria, state liberal parties are pledging $39.4 million and $50 million respectively to expand the network of EV charging stations, while the 2023 Federal Budget has outlined Australia’s first federal EV incentive.
Elsewhere around the world, Norway has built a network of 17,000 charging points, while the US Department of Transportation recently announced a $5B plan to create a new network of EV charging stations.
However, while automotive companies are ramping up production of new electric vehicles, implementing appropriate cyber security risk management measures around, what are essentially, IoT devices, will be crucial to secure cyber protection and encouraging safe transportation.
When users charge their vehicles, there is also a data connection between the vehicle and the EV hub. Charging stations are connected to the internet and, like any other IoT device, are vulnerable to the actions of cybercriminals. If a threat actor can gain access to a charging hub this could have serious consequences including:
- Risk to User Safety: Theoretically, via an EV charging point, a hacker could access a vehicle’s engine management system and either compromise safety, performance or disable the vehicle altogether. Imagine if the vehicle in question were an ambulance, where delays could pose a threat to life.
- Compromise the EV Charging Network: Hackers could knock out an entire network of charging hubs by taking advantage of just one vulnerability in one device. This could result in loss of revenue for the operator as well as untold disruption to the road network.
- Commercial loss: In addition to shutting down a network of EV hubs, hackers could access the operator’s management software and drop ransomware with consequent financial and reputational damage. Also, many commercial fleets are converting to electric power and a hacker could disable an entire delivery operation just from their laptop.
- Payment systems: Threat actors could potentially compromise the payment system at an EV hub, leading to financial loss for the driver or the network operator.
Threat actors are wasting no time escalating the scale and sophistication of attacks. Check Point Research recently reported a 59% global increase in ransomware attacks alone, while the UK’s transportation industry experienced an average of 979 cyberattacks a week over the last six months.
In Australia, the transportation industry ranks as the sixth most impacted industry from cyberattacks, with Australian transport organisations experiencing an average of 678 cyberattacks a week during the same period.
As a result, it won’t be long until the potential to exploit EV charging stations is noted, so it is pivotal that newer, greener technologies are protected.
“Climate change and the need to reduce our dependence on oil underline the imperative to migrate to greener forms of transportation. Concerns over cybersecurity could be another obstacle to the future growth of the electric vehicle market, so it’s vital that the industry adopts a prevention-first mindset and takes necessary steps to improve cybersecurity postures. Unsecured charging devices are an open door to increasingly sophisticated threat actors and yet there are proven IoT security solutions out there that could prevent such attacks and further encourage the development of sustainable travel,” said Ashwin Ram, Cyber Security Evangelist at Check Point Software.