The U.S. market expects to see at least 100 EV models by the end of 2022, up from the roughly 62 models currently available. This momentum was witnessed in all of the EV-related commercials during this year’s Super Bowl. About half of polled U.S. adults say they are likely to consider purchasing an EV in the next decade. Two key enablers for their EV adoption are availability and reliability of the charging infrastructure.
Availability of the charging infrastructure is being addressed by the new infrastructure bill, tax credits for EV charger hardware and EV charger installation costs, the White House’s $5 billion funding plan to states for EV chargers, and many ESG efforts undertaken by corporations. Once there are enough EVs on the road, many businesses could start seeing the value in installing chargers. For example, a hotel may want to attract guests who’d want to charge their EVs overnight. Similar business cases can be envisioned for other retail businesses.
The reliability aspect of the charging station infrastructure, however, requires attention to cybersecurity related risks. These risks are highlighted in many academic literature and US DOE lab reports. Sandia National Laboratories recently shared in a report: “As the U.S. transitions to transportation electrification, cyber-attacks on vehicle charging could impact nearly all U.S. critical infrastructure.” The articles below further highlight the cybersecurity risk:
The US DOD and PBS (Public Building Service) are both responding to these risks by requiring robust cybersecurity for EV charging stations in recent RFPs.
So, what about the private sector? Charging station network operators, also known as charge point operators, would tell you that they have cybersecurity covered by being Payment Card Industry (PCI) compliant. Although PCI compliance is necessary, it is not sufficient because cybersecurity risk is not limited to potential personal and financial information loss. As you’ll see in the following image, the risk also involves potential damage to EV batteries, compromised EV life safety systems, charger malfunction, compromised building energy management network, bulk system (grid) frequency increase, etc. The risk only increases with the bidirectional charging (i.e., power moving to/from EV to/from grid).
The cybersecurity risk involving a charging station and associated connectivity is too great to ignore. The impact could be better understood from the estimates highlighted in the following table:
While PCI compliance could be sufficient for charge point operators as they lack full control over physical and logical management of a charging station over its life cycle, the connected building energy management infrastructure, and charging station system design, it clearly is not adequate to manage risks for all stakeholders. At the same time, electrical contractors who commission and maintain charging stations often lack necessary expertise in cybersecurity.
So how should cybersecurity of the EV charging infrastructure be addressed? We address this question in our whitepaper: Risk-based Approach to Managing EV Charging Station Cybersecurity [click here]. It covers how risk management activities should be coordinated, what technologies should be considered, how liabilities should be managed, and much more; it briefly covers end-to-end solution. The adoption of EVs without robust cybersecurity could bring considerable risk in terms of availability of asset and infrastructure, safety of people, and confidentiality. The risk related to safety is not hypothetical. A German teenager recently found a vulnerability in a 3rd party app installed in a few Teslas, which allowed him to unlock doors, flash headlights, and blast music! While this doesn’t sound too bad, it is essentially a doorway to disaster. External systems and applications connecting to a vehicle also bring significant risk.
ResiliAnt offers an easy-to-use platform for EV charging infrastructure cybersecurity in a cost-effective manner. To obtain whitepapers, attend our webinars, or learn more about our platform, email us at info@ResiliAnt.co.