With electric vehicles (EV) continuing to grow in popularity, it is vital for cybersecurity measures to be implemented to keep drivers, electric utility companies and the grid secure. The National Electric Vehicle Infrastructure (NEVI) program and the U.S. Department of Transportation guidance on EVs contain a section on cybersecurity that could be expanded in the future and affect interested parties in the industry.
Three aspects of the EV industry are especially susceptible to cybersecurity threats: charging infrastructure, the grid powering charging infrastructure, and consumers themselves in the form of authentication and payment interaction at a charging station through EV network connection to the internet. While there are no clear requirements yet related to cybersecurity standards through NEVI or any other entity, the Federal Highway Administration encourages states to implement policies to safeguard consumer privacy.
The NEVI program has the potential to impact electric utilities of all sizes that are involved with providing power to EV chargers. Growing EV adoption poses challenges to providing reliable energy to customers with severe load impacts and to providing cybersecurity for the additional chargers to meet this rapid growth. Electric utilities, EV manufacturers and other key interested parties will have to collaborate to establish cybersecurity measures that keep the EV industry safe.
The NEVI program could serve as the platform needed to kick-start cybersecurity initiatives for EVs. Creating a cybersecurity safeguard standard for EV charging infrastructure for operational technology (OT) systems through the program could help provide guidance on what is needed to keep the EV industry safe from cyberthreats. A cybersecurity risk assessment should also be completed by electric utility companies installing chargers to identify vulnerabilities and further protect the grid from being taken down via a single hacked charger. Some next steps that should be taken include:
- Conduct a cybersecurity assessment on the infrastructure supporting the charging network.
- Remediate known vulnerabilities.
- Implement a monitoring and detection tool to warn security operations of any threats to the system.
To address user EV charger access management, a few mitigation strategies can be implemented for increased cybersecurity. Implementing appropriate encryption systems, intrusion and malware detection, management of software updates, and securing operations during communication outages are all solutions that can safeguard against cybersecurity threats. It is also vital to keep the OT and information technology (IT) networks separate to limit vulnerabilities in the event of a hacking.
Managing risk is a coordinated effort and often a challenge for utilities to navigate. Discover how an integrated team can simplify the process.