Electric Vehicles are on the rise in a big way. Bloomberg NEF predicts that plug-in vehicle sales will rise from 6.6 million in 2021 to a figure as high as 20.6 million by 2025, an impressive 312% growth in only five year time period. In the EU alone, 30 million new EVs are expected to take to roads in the next half-decade — bringing concerns around safety, cybersecurity and supply chain pressures into laser focus.
With attacks on EV charging infrastructure and connected vehicles at large are increasing at an exponential rate, protecting the EV ecosystem has never been more important. In response, C2A has rounded up the latest news coverage of attacks here, diving into the implications of each and providing actionable steps as to how CISOs and cybersecurity stakeholders in the automotive sector can protect themselves against attack.
What the industry has to say about threats to the EV ecosystem
Electric Vehicles are Taking Over. Hackers are Waiting, Security Magazine
With electric vehicle adoption on the rise, this piece in Security Magazine outlines the cybersecurity implications of skyrocketing EV adoption. Citing the recent TeslaMate hack, which saw 25 Tesla vehicles broken into simultaneously, the article emphasizes the critical importance of cybersecurity for the EV ecosystem and how underestimated threat can result in undue damage.
Written the week after Escar, this Forbes article opens with a warning: though hacked EV charging stations in Ukraine chastising Putin may bring a smile to the face of some, it foreshadows a much more serious threat to the EV ecosystem. As technology becomes more advanced, more software-defined, so does the opportunity for attack.
Focusing on the vulnerabilities of EV charging infrastructure, this article in Ars Technica assesses the likelihood of an attack on charging stations. Critically, it states, electric companies and OEMs must be sure to protect their backend, as this is the most interconnected and vulnerable aspect of the grid. Furthermore, while there are cybersecurity standards directly addressing the cybersecurity requirements of all vehicles — EVs included — the same cannot be said for charging infrastructure, which largely left in the hands of the manufacturer.
This piece in TechRepublic asks the critical question, “In an age of cyberattacks and security breaches, how will we protect car fueling infrastructure that is no longer analog and is therefore more vulnerable to IoT intrusions?” The answer, it seems, is not so simple, but one thing is clear: EV charging stations will require robust monitoring and management to ensure they are adequately protected against the threats they face.
Automotive Industry Races Against Cyber Threats, Security Magazine
Written in July, this article in Security Magazine cites the rise in IoT connectivity as one of the main reasons for increased automotive cybersecurity risk. “In the last three years, the automotive industry suffered a 225% increase in cyberattacks, including not only the data privacy breaches that have plagued every economic sector, but also troublingly successful digital car break-ins, thefts, and control system accesses.” To protect vehicles, it’s critical that OEMs comply with regional, national and international regulations and standards, as well as perform regular threat and risk assessments.
No matter the vulnerability, C2A’s EVSec is securing the EV ecosystem
It’s clear that the industry needs a holistic approach to adequately protect the EV ecosystem. EVSec is a C2A automation DevSecOps platform designed specifically for the unique needs of the EV ecosystem — seamlessly supporting vehicle architecture, battery management, charging infrastructure and the power grid throughout the security lifecycle from development to operations (real time protection / continuous monitoring) and back.
Supporting full regulation compliance from the start, EVSec automates archaic manual processes, enabling cross-functional sharing and collaboration between teams, customers, supply chains and full digital twin capabilities.
With EVSec, any automotive solutions provider can:
- Reduce cost, time and headcount with one, simple automated platform.
- Provide a single pane of glass, centralized risk management and full transparency into cybersecurity throughout the vehicle lifecycle.
- “Shift left” on cybersecurity testing and deployment of embedded security
- Scale product cybersecurity activities as required by regulation (TARA, Fuzzing, Monitoring, etc.) to achieve best in class
- Protect electric vehicles, and its infrastructure