As Europe and the US push to accelerate the development and sales of electric vehicles, researchers worry that cyber security is being neglected.
Officials and security analysts have warned that in worst cases, hackers could infiltrate charging stations and networks to cause blackouts and outage entire electric grids.
“If you have hundreds of thousands of chargers, you are a target,” said Harm van den Brink, a cybersecurity expert at ElADNL, a research organization in the Netherlands focused on testing EV charging.
In April, the Biden administration proposed 7d?mod=article_inline" target="_blank" class="icon none" rel="noopener">tougher car emissions targets called for accelerating the transition to EVs and making up half of all new vehicle sales by 2030. The European Union has gone even further, banning the sale of new gasoline and diesel-powered cars. starting in 2035,
However, in the rush to EVs, cyber security can’t be an afterthought, said Tomas Bodeklint, research and business developer at the Research Institute of Sweden, a government-run group working on EV charging and other technologies.
“When you get rapid deployment, you cut corners a little bit. then the risk is increased if [products] Thorough testing and verification has not been done,” he said.
Efforts to address the security of EV charging stations are in the early stages. European lawmakers are drafting new cyber rules for electricity grid operators that will likely include additional security requirements for EV charging infrastructure, said Anjos Nijck, managing director of the European Network for Cyber Security, a Netherlands-based organization that Shares cyber threat information with critical infrastructure. and energy companies.
The UK introduced requirements such as encrypting communications sent from stations and using unique passwords on certain devices.
“Things are accelerating very, very quickly now,” Nijck said.,
US states needed to focus on cyber security in plans they made last year to secure federal funding for EV infrastructure. More specifics are needed, said Jay Johnson, a mechanical engineer at Sandia National Laboratories working on the energy research.
A US infrastructure law passed in 2021 includes $7.5 billion in funding Expanding EV charging stations to states. Federal guidance states that applicants must adopt “reasonable” cyber security strategies to protect data and systems, but it is left to states to specify.
For example, South Dakota said it would require companies building EV infrastructure to encrypt communications and use firewalls. New York’s plan states that standards for EV safety technology are still being developed. The plan states, “New York State will comply with all federal technical standards, including cyber security, once these are finalized.”
“This was a huge opportunity to harmonize requirements across the country,” Johnson said. He said it would be easier for companies operating in multiple states to comply with nationwide cyber requirements.
Sandia recently evaluated 12 anonymous charging products, and found security flaws such as openly displayed usernames, passwords and credentials to modify or configure some devices, while others had better security. “These products have a broad spectrum of cyber security capabilities,” Johnson said.
ready to dominate the evi charging in the US, and auto manufacturers, including General Motors Ford, Volvo and Rivian signed to adopt Tesla’s charging standard this year. Last week,
said it planned to support Tesla Supercharger stations starting next year. Tesla did not respond to requests for comment.
ChargePoint, a major provider of stations for company parking lots and towns in North America and Europe, takes a number of steps to secure its systems, Chief Information Security Officer Teja Mukkavili said through a spokesman. The company was operating around 225,000 charging ports at the end of January.
Mukkavili said the cyber measures taken by ChargePoint include penetration testing and isolating parts of the network to prevent a domino effect on the larger electrical grid in the event of a cyber attack.
A ChargePoint station in Corona, NM
picture:
Bing Guan/Reuters
The chips and software used in ChargePoint stations, customer payment transactions and encryption, as well as various tools to address cyber risks in its technology infrastructure, he said.
Van den Brink at ElADNL said that cyber regulations that differ by geography will not protect against the large-scale effects of a major cyberattack.
“If you hack 100,000 chargers, it doesn’t matter where in Europe they are. This could have a major impact on the energy grid,” he said.
Last year, the City of Amsterdam for the first time included cyber security requirements in a public tender for public EV charging stations. Jaap de Munnik, the city’s former senior information security official, said organizations competing for the contracts must prove they comply with security standards and provide a cyber assessment of their supply chains. This month he joined Dutch seed provider Enza Zeden as an information security officer.
Amsterdam’s requirements, he said, are designed to prevent attacks that could cause power outages or force charging stations to use more electricity than necessary, which could damage transformers and power lines. can deliver.
Amsterdam has shared its requirements with other Dutch cities, and de Munnik said he expected them to follow suit.
Write to Katherine Stupp catherine.stupp@wsj.com
Copyright ©2022 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8