We are at an exciting inflection point for the electric vehicle (EV) industry. Green energy regulations are pushing automakers to manufacture more eco-friendly cars and trucks. EVs, once viewed as a costly investment, are increasingly becoming less so.
In fact, a recent paper by climate policy think tank Energy Innovation found that many new EVs are cheaper to own and operate than their gasoline-powered equivalents. As mass adoption of EVs becomes a reality, it’s imperative the industry is cognisant of the accompanying security vulnerabilities. Failure to address them will cause a massive cybersecurity pileup, the effects of which will hamper the EV highway for the foreseeable future.
EVs differ from legacy automobiles in numerous ways, not the least of which is the number of suppliers involved in their development, maintenance, and performance. These manufacturers range from chips and firmware developers to control units and mobile apps that connect to and interact with EVs. Each point of connectivity is also a pathway that hackers are eager to exploit.
Innovation brings new opportunities for threat actors
In addition, the technologies responsible for EV innovation are also behind many of the industry’s new cyberthreats. With every aspect of the vehicle linked to various computer-based subsystems, there are numerous opportunities upon which hackers can easily capitalise. Let’s examine some of the chief vulnerabilities in the EV ecosystem.
- Advanced Driver-Assistance Systems
EV manufacturers are increasingly adding some form of advanced driver-assistance systems (ADAS) to vehicles. Blind spot monitoring, driver drowsiness detection, and parking assistance are just a few examples that offer clear safety benefits.
However, ADAS also presents hackers with multiple avenues to interact with and control an EV. Imagine the devastation if hackers could infiltrate and override the pedestrian detection feature in a commercial EV operating in a highly populated area.
- Charging networks
The rollout of fast charging networks is critical for widespread EV adoption. Unfortunately, this charging infrastructure also introduces numerous vulnerabilities ranging from skimming credit card data at the point of charge to using cloud servers to hijack an entire EV charger network. Charger Wi-Fi, USB, or Ethernet maintenance ports are other entry points hackers could exploit to obtain system access.
Once threat actors successfully hack an EV charging station, they can then access the car and impact its performance by turning off the headlights or disabling the brakes, for example. Locking the car until a ransom has been paid is another concern, as is exploiting charging stations to display political messages, which recently occurred with hacked EV charging stations in Russia. In addition to these and other attack scenarios, there is also the secondary impact of mission-critical vehicles like fire engines and ambulances being unable to respond.
- Payment systems
As mentioned, skimming card data from charging station systems is one security concern, but the payment system problem is much more widespread.
Card data is linked to in-vehicle infotainment systems as well as numerous third-party companies that are increasingly partnering with EV manufacturers. As these relationships deepen and the EV ecosystem grows, expect payment systems to become an increasingly popular attack avenue.
Security is often an afterthought
Despite the EV industry’s myriad security concerns, protecting these vehicles and their associated infrastructure from attack has yet to receive the prioritisation it deserves.
Automakers and other stakeholders are eager to capitalise on the market opportunity and, at best, put security on the back burner or, even more concerning, leave loopholes that can be exploited.
Security must be incorporated into the design phase
Companies must act now to embed EV security into the design phase of vehicles, sensors, charging stations, and other supporting infrastructure. One of the best ways to achieve this is by deploying a digital twin—which Gartner defines as “…a digital representation of a real-world entity or system.”
With the technology, developers can simulate the behaviour of systems within the EV ecosystem to identify weaknesses and address them before hackers can utilise them as an entry point. In addition, digital twins enable manufacturers to explore numerous potential scenarios and spot any subsequent security issues before the EV goes into production.
These virtual models also enable development teams to vet the security of the broader EV ecosystem to ensure that areas such as charging infrastructure and payment systems aren’t introducing additional vulnerabilities.
Paving a secure road to the EV future
Digital twin technology has a role to play once EVs are out of the design phase. With frequent updates and patches of systems and software, the emulation can continuously monitor performance and detect vulnerabilities before they become a security threat.
The technology essentially provides a crystal ball, allowing problems to be identified and addressed before they come to fruition, thereby reducing the likelihood of a successful attack.
With mass adoption of EVs poised to become a reality, it’s imperative that companies act now to avoid being derailed by security concerns.