Insights

Cyberattacks in the EV industry: A Disruption Waiting to Happen

Adrian McGrath, Client Partner and Digital Transformation Lead

The shift to electric vehicles (EVs) is happening quickly. Consumers all over the globe are actively researching and, likely, buying electric and hybrid vehicles. EV sales in 2022 accounted for 10% of global auto sales. The Global EV Outlook 2022 places the number at 120,000, while the International Energy Agency estimates the sales figure to be closer to 130,000. Experts forecast that this aggressive pace will lead to over USD 1103.17 billion in sales by 2030.”

A focus on security

Whether consumers are buying EVs for the environmental benefits, the monetary incentives, easier maintenance, or the cool factor, one thing is sure - the underlying infrastructure must be secure to maintain an efficient, profitable, streamlined EV ecosystem.

Studies indicate that "there is broadly a hacker attack every 39 seconds," and $3 billion was stolen in 2022 across just 125 hacks. Typically, we think of data breaches at financial institutions and major corporations where thieves steal thousands of consumer credit card numbers. Most people don't think of an EV as a target for a cyberattack. However, the EV ecosystem offers hackers and cyber thieves a wide range of rogue opportunities to harm automobile owners and the many companies that support and underpin the electric and hybrid vehicle industry.

Vulnerabilities to consider

Here's a brief summary of some of the key points of vulnerability for EVs:

• The charging station - It's the equivalent of a gas pump for a conventional vehicle. Still, it's comprised of many different technology components, including the charger, the electricity meter, and the energy controller.
• The power storage system within the charging station - This includes the battery and power conversion system and the software that provides functionality to the power storage system and the entire charging station. The software ensures the batteries and other components of the charging station function properly. It tracks the electricity dispensed to vehicles and manages credit card transactions as drivers charge their vehicles.
• It also provides real-time usage metrics that enable the service provider to maintain the charging station and optimize for the most economical utility consumption.
• Connectivity to the local electrical grid - A transformer and a DC converter provide industrial-grade connectivity between the charging station and the power grid.
• The EV itself - Although electric and hybrid vehicles have fewer moving parts than gas-powered vehicles, EVs have considerably more technologies and software components.

Each of the items I listed above is driven by many complex software systems and sophisticated technology components. Any one of these systems is ripe for hackers and rogue entities to wreak havoc on EV drivers and the companies that provide the underlying infrastructure. A cyberattack could disrupt vehicle functionality, power distribution, and monetary transactions - with potentially devastating consequences to drivers, electricity grids, EV-related companies, and financial institutions.

Combating threats

How can vehicle manufacturers, automotive OEMs, charging station service providers, and the many other vehicle electrification vendors across the automotive industry combat the threat of cyberattacks? Here are a few strategies to consider:

Design innovative technology solutions with security at the core - Regardless of where your company sits on the spectrum of the vehicle electrification ecosystem and whether you provide vehicle features and functions, a holistic software-defined vehicle platform, ancillary automotive industry software, or some other critical component to power next-generation vehicle solutions, the UST Innovation Assurance methodology can help you design, develop and build advanced digital products for the EV industry with security at its core.

Focus on security as a core element of your software development environment - As your company develops innovative vehicle software and EV infrastructure solutions, ensure security is at the forefront of your application design and development processes. If you need to transform your software development or DevOps ecosystem to ensure security is built into every stage of the design, development, and deployment process, consider a comprehensive cloud-native microservices platform like UST PACE.

Build-in security at every stage of the automotive value chain - This point is particularly aimed at vehicle manufacturers and automotive OEMs that deal with sourcing parts across their supply chain, materials planning and production, inbound and outbound logistics, process optimizations, and value-added and aftermarket services. Suppose you need to modernize, digitize or completely reimagine end-to-end or discreet processes for any part of your value chain. In that case, our automotive industry experts can utilize a range of technology enablers, such as edge and cloud analytics, blockchain, and AI/ML/statistics modeling, to transform your processes - with a focus on security to drive out vulnerabilities.

Implement cloud-native security operations to protect EV solutions from malicious attacks - With the constant threat of cyber security, it often feels like a never-ending battle to stay ahead of the bad guys - especially as you focus on innovation and speed to market. However, with sophisticated, automated, cloud-based managed detection and response services, you can boost your security posture to help protect your EV solutions from malicious attacks. Possibly you need tools and automation to accelerate threat detection and response times, or you might need better visibility across your EV solution platform to quickly identify and remediate security vulnerabilities. If you want to enhance any facet of your security operations with advanced technologies and expert analysts, CyberProof can deliver value-driven results.

Thankfully we haven't experienced a major cyberattack that has significantly disrupted the EV industry, but it could happen any day, and we should be prepared. Vendors in the vehicle electrification industry must look closely at their security postures to identify and eliminate vulnerabilities, proactively implement measures to bolster security across the product design, development, and deployment processes, and prioritize security as a core element of their business strategy.

To learn more about technologies that enhance EV security, visit Automotive Industry Consulting Services & Solutions | UST.