Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

Electric Vehicle Infrastructure Push Brings Cyber Concerns

Electric car charging stations, potentially vulnerable to hacking, face heightened security concerns as shifts in the auto industry coincide with rising cyberthreats. Electric Vehicle Infrastructure Push Brings Cyber Concerns

President Joe Biden in early August set a goal for electric vehicles to represent half of all new vehicles sold in the U.S. in 2030—a goal aimed at helping slow climate change by reducing fossil fuel use.

But shifting from gas-powered to battery-based cars brings with it new cybersecurity concerns, since vulnerability testing has shown that charging stations—by connecting to the internet and communicating with cars—are potential targets for hackers.

“Think about how disruptive it was with ransomware shutting down oil being delivered to gas stations,” said Brad Ree, chief technology officer for the ioXt Alliance, an industry-led security certification program for Internet of Things devices. In May, a ransomware attack against the Colonial Pipeline Co. forced nearly half of the East Coast’s fuel supply to shut down.

“Just imagine if all the gas stations connected to one common cloud point, what kind of target that would be,” Ree said.

He said that public chargers designed to be interoperable, so that EV drivers can charge and pay at different stations along their routes, could be vulnerable to a cyberattack that targets their connectedness, a typical way in for hackers to launch an attack that can quickly scale across a network.

Hackers could use chargers to gain entry to a home or business network, depending on where a charging station is installed, testing by cyber consulting company Pen Test Partners suggests.

User accounts for public charging stations are also at risk, creating the potential for a car charge to be billed to the wrong account, Pen Test Partners found.

There’s even a bigger fear that as more chargers are installed, hacking into many stations at once—then intentionally switching them on and off—could stress the electrical grid and cause a blackout, according to research funded in part by the National Science Foundation.

No Standards

In the rush to set up EV charging infrastructure, some manufacturers haven’t thought enough about security, according to Ken Munro, an electric vehicle owner and cyber consultant at Pen Test Partners who tested six chargers for vulnerabilities.

The situation is complicated by a lack of standards for safeguarding charging stations or certifying their security.

The National Institute of Standards and Technology, or NIST, could write cybersecurity standards for EV chargers, potentially echoing standards for IoT devices that federal agencies buy, the ioXt Alliance’s Ree said. Enforcement of such standards would fall to a federal agency, he added. A likely enforcer could be the Transportation Security Administration, which recently imposed new cybersecurity mandates on oil, fuel, and natural gas pipelines.

“Regulation is a good idea in this space,” Munro said. “It’s the only way to stop manufacturers from rushing products to market.”

State and local governments would need to consider charger cybersecurity if they want to tap into a $7.5 billion fund included as part of the Senate’s $550 billion bipartisan infrastructure package. It’s one of several provisions seeking to shore up the security of the electrical grid and devices connected to it amid a rise in cyberthreats.

The Senate-passed bill’s prospects in the House are unclear, but if the cybersecurity provisions make it into law, it would mark the first time the federal government invests in EV charging stations.

Applicants for federal EV infrastructure funds would need to describe how they worked with stakeholders such as automakers, utilities, and charging providers to “protect personal privacy and ensure cybersecurity,” among other factors, according to the bill’s text.

Policy Directives

There are about 43,500 EV charging stations in the U.S., according to data from the Energy Department. That number doubled over just four years, from December 2015-19. Biden has called for building a national network of 500,000 EV chargers by 2030.

“Every charging station in the country could be an attack vector into the larger grid system,” said Chris Carney, senior policy adviser at Nossaman LLP who was the U.S. representative for Pennsylvania’s 10th District from 2007-10. Carney, a Democrat, served on the Transportation and Infrastructure and Homeland Security committees.

Although the Senate’s language on charger cybersecurity in the infrastructure bill shows lawmakers are acknowledging potential risks, stronger policy directives are needed to make the EV industry move against the threat, Carney said.

The federal government should be clear about who bears the responsibility for a cyberattack on critical infrastructure and what steps must be taken to prevent or mitigate attacks, he said. With pipelines, the industry depended on a voluntary system of cyberdefenses—until the TSA imposed a security mandate after the Colonial Pipeline incident.

“The NIST can write all the cyber standards they want, but if there is not enforcement, either legislatively or in a strictly enforced agency mandate, any critical infrastructure system, including EV charging, would remain vulnerable,” Carney said in an email.

EV charging stations are designed with cybersecurity safeguards in mind, but there’s no standard for what the safeguards should be or how the systems should be certified, according to Sunil Chhaya, senior tech executive with the electric transportation group at the Electric Power Research Institute, or EPRI.

Chhaya said another challenge is that charging equipment is part of wider infrastructure that also includes electric vehicles themselves, cloud services, electric utilities, smart meters, and billing and payment systems.

EPRI is working with the Energy Department’s national labs, utilities, equipment providers, and third-party operators to develop a protocol for assessing cybersecurity risks that can be used for equipment and system certification.

Vulnerabilities Vary

Cyber risks can differ depending on how smart the charger is—for instance, whether it can be controlled remotely. Hacking risk also varies depending on whether a charger is installed at home or in a public location.

“For a compromised home charger, the whole home network could be at risk,” Chhaya said in an email. “In contrast, a compromised public charger has the potential for threat actors to intrude a larger network or systems since they are connected to different backends.”

So far, charging stations haven’t been installed on a scale that would pose a threat to grid stability if they were hacked, Chhaya said. But as higher-powered stations are more widely deployed, risk mitigation will need to be factored in, he said.

ChargePoint, a leading EV charging network in North America and Europe, secures its stations’ cloud connection so that if a hacker gains access to one station, they can’t take over other stations and draw excess power from a site.

The company’s software platform has built-in controls to thwart potential security breaches that could become safety issues, such as not allowing its mobile app to override certain settings. Those settings include the maximum output of the installed cable, which prevents adjustments that could cause damage to a vehicle or harm to the driver.

ChargePoint also safeguards EV drivers’ data, including their payment details, in a way that protects consumer privacy.

The company, based in Campbell, Calif., has a so-called bug bounty program that incentivizes people to test its systems for vulnerabilities, according to a recent blog post. Last March, ChargePoint brought in 50 security researchers from the cybersecurity company HackerOne to identify and close gaps in its website, apps, and infrastructure, the post said.

“Any device on a network becomes an attack vector,” said Eric Sidle, ChargePoint’s senior vice president of engineering. “We’re always learning about new attack vectors and closing them.”

Related Articles:

Hacker Claims To Steal Data Of 100 Million T-Mobile Customers

Accenture Confirms Hack After LockBit Ransomware Data Leak Threats

CIA Weighs Creating Special China Unit In Bid To Out-Spy Beijing

Israel’s Mossad Intelligence Agency Is Seeking To Hire A Crypto Expert

US Taps Amazon, Google, Microsoft, Others To Help Fight Ransomware, Cyber Threats

US Drops Visa Fraud Cases Against Five Chinese Researchers

Want To Invest In Cybersecurity? Here Are Some ETFs To Consider

How To Protect Your Online Privacy While Working From Home

What Hackers Can Learn About You From Your Social-Media Profile

Biden Administration Blames Hackers Tied To China For Microsoft CyberAttack Spree

US Fights Ransomware With Crypto Tracing, $10 Million Bounties

Faces Are The Next Target For Fraudsters

Russia ‘Cozy Bear’ Breached GOP As Ransomware Attack Hit

Advertising Company Will Use Its Billboards To Track Passing Cellphones

REvil Ransomware Hits 200 Companies In MSP Supply-Chain Attack

What It Will Take To Protect Cities Against Cyber Threats

Home Security Company ADT Betting On Google Partnership To Build Revenue

Carnegie Cyber Kids Academy. World’s Most Prestigious Cyber Defense Training Facility

How To Opt Out Of Amazon’s Bandwidth-Sharing Sidewalk Network

Carnival Discloses Breach of Personal Data On Guests And Crew

UK Cyber Chief Cameron Says Ransomware Key Online Threat

The FBI Secretly Ran The Anom Messaging Platform, Yielding Hundreds Of Arrests In Global Sting

Federal Reserve Hacked More Than 50 Times In 4 Years

All of JBS’s US Beef Plants Were Forced Shut By Cyberattack

It Wasn’t Until Anonymous Payment Systems That Ransomware Became A Problem

How To Use Ian Coleman’s BIP39 Tool For Finding Bitcoin Addresses And Private Keys From A Seed Phrase

A New Ransomware Enters The Fray: Epsilon Red

This Massive Phishing Campaign Delivers Password-Stealing Malware Disguised As Ransomware

Biden Proposes Billions For Cybersecurity After Wave of Attacks

Mobile Crypto ‘Mining’ App Possibly Connected To Personal Data Leak

Ireland Confirms Second Cyber Attack On Health System

US Unveils Plan To Protect Power Grid From Foreign Hackers

Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals

A Hacker Was Selling A Cybersecurity Exploit As An NFT. Then OpenSea Stepped In

Clubhouse And Its Privacy & Security Risk

Using Google’s ‘Incognito’ Mode Fails To Prevent Tracking

Kia Motors America Victim of Ransomware Attack Demanding $20M In Bitcoin, Report Claims

The Long Hack: How China Exploited A U.S. Tech Supplier

Clubhouse Users’ Raw Audio May Be Exposed To Chinese Partner

Hacker Changed Chemical Level In Florida City’s Water System

UK Merger Watchdog Suffers 150 Data Breaches In Two Years

KeepChange Foils Bitcoin Theft But Loses User Data In Sunday Breach

Hacker Refuses To Hand Police Password For Seized Wallet With $6.5M In Bitcoin

SonicWall Says It Was Victim of ‘Sophisticated’ Hack

Tor Project’s Crypto Donations Increased 23% In 2020

Read This Now If Your Digital Wallet Which Holds Your Crypto-currencies Can Be Accessed Through Cellular, Wifi, Or Bluetooth

Armed Robbers Steal $450K From Hong Kong Crypto Trader

Is Your iPhone Passcode Off Limits To The Law? Supreme Court Ruling Sought

Researchers Warn 3 Apps Have Been Stealing Crypto Undetected For A Year

Ways To Prevent Phishing Scams In 2020

The Pandemic Turbocharged Online Privacy Concerns

US Treasury Breached By Foreign-Backed Hackers

FireEye Hack Portends A Scary Era Of Cyber-Insecurity

How FinCEN Became A Honeypot For Sensitive Personal Data

Apple And Google To Stop X-Mode From Collecting Location Data From Users’ Phones

Surge In Physical Threats During Pandemic Complicates Employee Security Efforts

Imagine A Nutrition Label—for Cybersecurity

Cybercriminals Attack GoDaddy-based Cryptocurrency Platforms

Biden Team Lacks Full U.S. Cybersecurity Support In Transition Fracas

Nasdaq To Buy Anti-Financial Crime Firm Verafin For $2.75 Billion

Mysterious Software Bugs Were Used To Hack iPhones and Android Phones and No One Will Talk About It

Dark Web Hackers Say They Hold Keys To 10,000 Robinhood Accounts #GotBitcoin

Hackers Steal $2.3 Million From Trump Wisconsin Campaign Account

Crypto Scammers Deface Trump Campaign Website One Week From Elections

Telecoms Protocol From 1975 Exploited To Target 20 Crypto Executives

With Traders Far From Offices, Banks Bring Surveillance To Homes

Financial Systems Set Up To Monitor Unemployment Insurance Fraud Are Being Overloaded (#GotBlockchain?)

A Millionaire Hacker’s Lessons For Corporate America

Container Shipping Line CMA CGM Says Data Possibly Stolen In Cyberattack

Major Hospital System Hit With Cyberattack, Potentially Largest In U.S. History

Hacker Releases Information On Las Vegas-Area Students After Officials Don’t Pay Ransom

Russian Troll Farms Posing As African-American Support For Donald Trump

US Moves To Seize Cryptocurrency Accounts Linked To North Korean Heists

These Illicit SIM Cards Are Making Hacks Like Twitter’s Easier

Uber Exec Allegedly Concealed 2016 Hack With $100K BTC ‘Bug Bounty’ Pay-Off

Senate Panel’s Russia Probe Found Counterintelligence Risks In Trump’s 2016 Campaign

Bockchain Based Surveillance Camera Technology Detects Crime In Real-Time

Trump Bans TicToc For Violating Your Privacy Rights While Giving US-Based Firm Go Ahead (#GotBitcoin?)

Facebook Offers Money To Reel In TikTok Creators

How A Facebook Employee Helped Trump Win—But Switched Sides For 2020

Facebook Rebuffs Barr, Moves Ahead on Messaging Encryption

Facebook Ad Rates Fall As Coronavirus Undermines Ad Spending

Facebook Labels Trump Posts On Grounds That He’s Inciting Violence

Crypto Prediction Markets Face Competition From Facebook ‘Forecasts’ (#GotBitcoin?)

Coronavirus Is The Pin That Burst Facebook And Google Online Ads Business Bubble

OpenLibra Plans To Launch Permissionless Fork Of Facebook’s Stablecoin (#GotBitcoin?)

Facebook Warns Investors That Libra Stablecoin May Never Launch (#GotBitcoin?)

FTC Approves Roughly $5 Billion Facebook Settlement (#GotBitcoin?)

How Facebook Coin’s Big Corporate Backers Will Profit From Crypto

Facebook’s Libra Is Bad For African Americans (#GotBitcoin?)

A Monumental Fight Over Facebook’s Cryptocurrency Is Coming (#GotBitcoin?)

Alert! 540 Million Facebook Users’ Data Exposed On Amazon Servers (#GotBitcoin?)

Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users (#GotBitcoin?)

Facebook Says Millions of Users’ Passwords Were Improperly Stored in Internal Systems (#GotBitcoin?)

Advertisers Allege Facebook Failed to Disclose Key Metric Error For More Than A Year (#GotBitcoin?)

Ad Agency CEO Calls On Marketers To Take Collective Stand Against Facebook (#GotBitcoin?)

Thieves Can Now Nab Your Data In A Few Minutes For A Few Bucks (#GotBitcoin?)

New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research (#GotBitcoin?)

Equifax, FICO Team Up To Sell Your Financial Data To Banks (#GotBitcoin?)

Cyber-Security Alert!: FEMA Leaked Data Of 2.3 Million Disaster Survivors (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Lithuanian Man Pleads Guilty In $100 Million Fraud Against Google, Facebook (#GotBitcoin?)

Hack Alert! Buca Di Beppo, Owned By Earl Enterprises Suffers Data Breach Of 2M Cards (#GotBitcoin?)

SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)

Maxine Waters (D., Calif.) Rises As Banking Industry’s Overseer (#GotBitcoin?)

FICO Plans Big Shift In Credit-Score Calculations, Potentially Boosting Millions of Borrowers (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.


Go back

Leave a Reply