Lila Kee is the General Manager for GlobalSign’s North and South American operations, as well as the company’s Chief Product Officer.
In 2023, we’re now sadly becoming accustomed to learning about new cyberattacks. Whether it’s a government, hospital, financial institution or retailer, it’s a widespread, daily occurrence. Companies do what they can to control it, but unfortunately, cybercriminals sometimes get the upper hand. The trick is to get ahead of a problem before it starts. An excellent example of this might just be the coming onslaught of electric vehicles (EVs) and, most especially, EV charging stations and the utilities and cloud services that work alongside them.
Around the world, EVs are pretty much going to be mandated within a decade. Unless governments worldwide do a complete turnaround, we’ll soon all be driving them.
It’s expected there will be more than 26 million EVs on the road in the U.S. by 2030. To power all of these new vehicles, tens of thousands of EV charging stations—or more—will need to be built because the U.S. simply doesn’t have enough of them to accommodate the massively growing market. A January 2023 report from S&P Global Mobility says the “U.S. needs to quadruple its charging infrastructure by 2025, and grow it more than eight times by 2030.”
Tesla has its own network of charging stations that appears to be leading the industry. In early June 2023, it was announced that General Motors would join Ford as one of two automobile manufacturers that will soon have access to the Tesla network. But there may be doubt Tesla’s network won’t be enough. Businesses are starting to crop up to meet this demand.
There’s been a lot of excitement about the positive effect of EVs, such as lower carbon emissions and costs. However, in this new world of daily cybersecurity concerns, people are also starting to wonder: Will the cars—and especially the charging stations—be secure? The matter is starting to get more attention.
Increasing Concerns
As Sunil Chhaya, an Electric Power Research Institute senior technical executive for transportation, said, “people are plugging in and charging without attacks but hackers are everywhere, and the growth and visibility of the EV ecosystem will magnify the temptation to either make money or a political point.” Then, a 2022 attack on Russian charging stations and a white hat attack (paywall) on German Tesla charging stations added to the growing concerns around the security of the stations.
The potential for a calamity is real. The question then is, what can be done to prevent it from happening?
Closer Examination Needed
Potential solutions to mitigate data breaches, unauthorized access, DDoS attacks and the spread of malware and ransomware are being explored across the energy and security industries. Although this is an emerging issue with unique challenges, I also believe tried-and-true practices used to secure endpoints within, between and outside the network remain applicable. In the case of the EV charging ecosystems, security must be applied to transactions among and across the key components, which include the electric vehicles themselves, charging stations, charging networks and electric utilities.
Practitioners should apply a range of technologies that address the following needs:
• Strong authentication and encryption across endpoints.
• Authorization mechanism to restrict access to only authorized users and devices.
• Situational awareness and perimeter defense.
Implementing Strong Authentication And Confidentiality
Digital certificates, part of a suite of public key infrastructure (PKI) technologies, are a scalable method to provide strong assurances around the identities of all endpoints. Deploying and managing certificates for both operational technology and IT environments can easily be achieved using cloud PKI solutions that have evolved to manage device identity from manufacturing to field deployment. Given the sensitive data that will be shared among charging stations, service providers and utilities, implementing encryption and strong identity assurance is critical.
Enforcing Authorization Policy
A range of identity, access and management (IAM) solutions are available to enforce critical policies around the access rights of both internal and external users. It’s likely that IAM systems will be particularly useful for EV charging stations to restrict users to only those who are authorized to access the charging infrastructure.
Perimeter Defense
Hackers could attack EV charging stations both virtually and physically. That’s why perimeter security—a combination of multiple strategies and devices to create a system that’s virtually impenetrable—should also be a consideration for EV charging stations. Practitioners should implement perimeter firewalls to defend the boundary between the various EV charging private networks and the public network they transact through to prevent malicious data from infiltrating their network.
Conclusion
Fortunately, there hasn’t been a steep rise in attacks on existing EV charging stations. Hopefully, this trend will continue. Still, we know that hackers will likely focus on this growing industry, so it’s critical for vendors and governments to collaborate to ensure that the EV charging stations will have a strong identity and, therefore, will be secure enough to withstand attacks.
I also urge practitioners to closely follow NIST NCCOE reference frameworks. These guidelines incorporate relevant best practice standards. Paying attention to these frameworks and other industry guidance, as well as implementing the steps mentioned here, will hopefully allow us to drive off into the sunset, worry-free, in our new Earth-friendly cars and simply enjoy the ride.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Read the full article here