As stakeholders in the industry, EV charging station security should be one of our top priorities. As EV charging station owners, ensuring you’re making the best choice in your solution provider means ensuring security. Ultimately, that means understanding the risks, the threats, and the efforts we can make to mitigate them.
Quick Links
It’s no secret that, as the internet has expanded and as the internet of things (IoT) has grown, cybersecurity has become more important than ever. We knew nearly a decade ago that public networks were vulnerable to malicious attacks and offering up your devices to those networks put you, and your data, at risk. And now? Even more aspects of our lives are “connected.”
It’s also no secret that as technology expands, so do the efforts of hackers. Their tactics and strategies evolve, in many cases, more quickly than the technology itself. In fact, cybersecurity experts expect the costs of cybersecurity breaches and hacking to reach $10.5 billion by 2025.
Yet much of our world now relies upon our use of mobile and wireless technology as well as the cloud. And, despite our reliance upon it, there are very real concerns about cloud security, especially when it comes to the “as a service” model. Similarly, there’s a lot of lack of understanding regarding the security of mobile apps, mobile devices, and networked machines, like EV charging stations.
If we’re being realistic, anywhere there is data collected, stored, or transmitted, there’s a cybersecurity risk. When it comes to EV charging infrastructure, there’s a lot to consider from physical tampering with machines and the mobile apps and networks drivers use to cloud applications used for EV charging station platform management systems (CPMS). As EV adoption rates increase, experts worry that EV charging stations will become a more enticing target. For that reason, it’s become more important than ever to understand what companies are doing to protect their networks and their users from cybersecurity threats.
In the US, one US charging company was victim of an attack where a hacker was able to hijack the screen of an EV charger and display a politicized message. Similarly, other countries, namely Russia and England, have both experienced EV charging station cyberattacks. Thankfully, there has not been a wide scale attack on EV charging stations in the US, but that doesn’t mean they’re not a target.
Though nuisance attacks, all demonstrate the ability to infiltrate EV charging station networks and, potentially, access networks and user data, typical targets for hackers. Through an unsecured, publicly network connected charger, attackers could, effectively gain access to a CPMS, and aforementioned user data, as well as larger computer networks. That said, attacks could also go after a much larger target.
Because EV charging stations connect to the power grid, there’s an extra incentive to seek pathways in. While a single station is not of much use, a group of networked chargers, hacked and used to overload the grid could cause significant damage and disruption.
In fact, research from the U.S. Department of Energy Office of Scientific and Technical Information has identified and details a wide range of risks to EV charging stations, both remote and local, as well as potential consequences of each type of breach.
From intercepted communications to malware and exploiting security vulnerabilities, the threat to EV charging stations goes beyond simply sharing unwanted or politicized videos, and so it’s vital for station owners to understand not just the risk but also what their EVSE suppliers are doing to secure their stations and networks.
So, if we have a big picture sense of the threats, we should be able to prevent any attacks, right? While we understand, as much as we can, about how most cyberattacks happen, we’ve been unable to stop them, in totality, in just about every industry where they run rampant. We have, however, been successful in mitigating the risk by applying strict security standards. The same must be true when it comes to EV infrastructure.
Still, because there are humans along the chain, there will always be risks. Lapses in network security including a failure to update and patch software on public servers running cloud-based management software to weak passwords all along the chain create vulnerabilities. Similarly, a failure to encrypt and secure transmissions between charging apps and networks can expose driver data.
While weak passwords are beyond the control of EVSE suppliers, securing the EVSE network and data transmission is not. This is another area where understanding what your EV charging station provider is doing to maintain a strong security stance across their tech stack and network configuration is essential.
Obviously, one of the first and most important ways to insure the security of your EV charging stations is to do your due diligence on the company providing your hardware and network. Not only are you looking for a team well versed in the EV charging space, but equally important is expertise and experience in data and technology. A keen understanding of the risks often means greater effort to mitigate them.
That said, you’re also looking for some very specific security measures, both physical and logical, including, but not limited to:
At NovaCHARGE, we take EV charging and EV charging station security seriously. We have approached every aspect of our solution with security, functionality, and reliability in mind. Further, we’ve been forward thinking meaning we’re not just designing solutions that will be obsolete or need replacement in a year. We’re prepared for growth and ready to help you do the same.
Whether you’re looking to improve properties, add amenities, lower NOI, increase ROI, or have a mix of goals that EV charging stations can help you achieve, get in touch with us. We’d love to chat!