EV charge points need cybersecurity

The growing popularity of electric vehicles (EVs) will increase the number of EV charging stations, but the importance of cybersecurity may be an afterthought.

William Petherbridge, systems engineering manager for Southern Africa at Fortinet, argues that EVs and their charging infrastructure are just as susceptible to cyberattacks as any other internet-connected technology.

Trade, Industry, and Competition Minister Ebrahim Patel’s Electric Vehicles White Paper presents a thorough EV roadmap for South Africa, covering aspects like local manufacturing capacity.

 However, there has been minimal attention given to cybersecurity concerning EVs and the necessary charging stations, according to Petherbridge. The National Association of Automobile Manufacturers of South Africa (Naamsa) observed substantial growth in new energy vehicle sales and issued a tender for over 100 new EV charging stations on major routes last year. These additions will contribute to the rapidly expanding networks of privately-owned charging stations already established.

“EVs are an emerging trend likely to dominate the market within a few years, so businesses are moving quickly to gain an early lead. In the rush to stake a claim in the EV charge point market, there is a risk that cybersecurity will be a mere afterthought,” warns Petherbridge.

“The strategy of ‘build first, then secure’ is not workable for EV infrastructure because of the potentially extensive size of the ecosystem, the ongoing interaction consumers will have with it, and its connection to the larger electric grid. The numerous components in this new environment pose tangible risks to road users if the infrastructure is compromised. Hence, cybersecurity needs to be integrated into the EV environment from the beginning.”

He points out that both domestic and public EV charge points connect to central management platforms, enabling access to credit card information and user data. Furthermore, smart EV charging points establish direct communication with the car itself, potentially increasing the risk.

“This will become an increasingly intelligent and complex environment, presenting a potential target for cybercriminals,” he says. Hackers could potentially access the power supply, execute a ransomware attack to immobilise the charging station or operating system, gather personal information and credit card data, or even compromise the cars themselves, he said.

He stresses the need to safeguard the physical charge point structures, their operational systems, and networks to mitigate cyber risks through implementing multi-layered security measures, EV cybersecurity should ensure high availability, guaranteeing that services remain accessible across diverse sites, with centralised management and visibility in the charging ecosystem and control mechanisms. Segmentation features are also critical to prevent lateral movement by attackers, 

Given that the physical infrastructure is operational technology (OT), EV charging businesses should collaborate with reputable OT security vendors to mitigate risk across the entire environment, spanning charge points, the network, and back-office IT systems.