Even as the number of electric vehicles and EV charing points sees a spurt in India, cybersecurity experts warn about security vulnerabilities. They said the EV charging networks and the electric vehicles might become soft targets for hackers.
Cyber attacks that exploit EV charging station weaknesses may be able to cause power fluctuations and power outages, as attacks would suddenly alter the demands of EV charging networks.
“The new installations could prompt cyber attackers to target EV charging networks, the vehicles themselves, and the connected power grids,” Harish Kumar GS, Head of Sales (India and SAARC), Check Point Software Technologies, has said.
He said the Indian Computer Emergency Response Team (CERT-In), the national agency that keeps a close watch on cyber vulnerabilities, has received reports of vulnerabilities in products and applications related to electric vehicle charging stations.
Also read: Delhi leads electricity consumption at EV charging stations
“EV chargers are interlinked with other infrastructure. In India, EV sales hit 1.17 million units in FY23. Consumer demand for EVs is at an all-time high, but the growth of this sector may mean unprecedented security challenges,” he said.
“The industry is in the midst of a rapid expansion phase. New EV charging stations are popping up in parking lots and on street corners the world over. However, the new installations could prompt cyber attackers to target EV charging networks and the vehicles themselves,” he said.
The National Institute of Standards and Technology (NIST) has commented on the enormity of the cyber safety concern pertaining to electric vehicle charging stations.
“EVSE (Electric Vehicle Supply Equipment) is supported by electronics, both for charging the vehicle and facilitating communications, so EVSE is susceptible to cyber security vulnerabilities and attacks,” he said in an advisory to the EV industry.
Also read: Hackers target civil society organisations across world
EVSE also ties together two critical sectors — transportation and energy (specifically, the grid) — that have never been connected electronically before. This creates the potential for attacks that could have significant impacts in terms of money, business disruptions, and human safety.
What should be done
The EV ecosystem should work on network and hardware segmentation. “The industry should leverage trusted components and create a partitioned architecture. Thus, a compromise in one sector would not necessarily morph into a lateral danger for an adjacent sector,” he said.
“Enterprises in the electric vehicle ecosystem must use secure software,” he said.
He also asked EV equipment producers to continuously monitor systems for malicious cyber activity and should be prepared for cyber threats to emerge.
“Cybersecurity needs to be built into the software and hardware deployment operations,” he said.