- As electric vehicles become more popular in South Africa, William Petherbridge, systems engineering manager at Fortinet, believes they could pose a cybersecurity risk.
- He specifically highlights the charging infrastructure for EVs as a potential attack vector.
- It is therefore important that EV and charging station manufacturers implement multi-layered security measures.
South Africans still have a general skepticism about the long-term viability of owning an electric vehicle locally, but with more car makers bringing EV models into the country, it is clear that the category of vehicle is proving more popular.
While this will have possible benefits for the environment down the line, a concern down the line could be the cybersecurity risk that EVs pose compared to their petrol/diesel guzzling brethren.
This according to William Petherbridge (pictured below), systems engineering manager for Southern Africa at Fortinet, who believes that EVs, and in particular the charging station infrastructure required to support them pose a cybersecurity risk that must be considered by the entire electric vehicle value chain.
“EVs are an emerging trend likely to dominate the market within a few years, so businesses are moving quickly to gain an early lead. In the rush to stake a claim in the EV charge point market, there is a risk that cybersecurity will be a mere afterthought,” he warned in a release shared with Hypertext.
“The strategy of ‘build first, then secure’ is not workable for EV infrastructure because of the potentially extensive size of the ecosystem, the ongoing interaction consumers will have with it, and its connection to the larger electric grid. The numerous components in this new environment pose tangible risks to road users if the infrastructure is compromised. Hence, cybersecurity needs to be integrated into the EV environment from the beginning,” he continued.
He noted that some of the risks include the fact that both domestic and public EV charge points connect to central management platforms, which enable access to credit card information and user data in many cases.
Added to this is that the charging points establish direct communication with the car itself, which too potentially increases the cybersecurity risk.
“This will become an increasingly intelligent and complex environment, presenting a potential target for cybercriminals. Hackers could potentially access the power supply, execute a ransomware attack to immobilise the charging station or operating system, gather personal information and credit card data, or even compromise the cars themselves,” he posited.
This is not just a theory either, as we have seen Tesla EVs in particular being targeted, with the Model S being hacked as far back as 2018 already.
As with any enterprise product, Petherbridge emphasises the importance of implementing multi-layered security measures, that need to safeguard the physical charge point structures, their operational systems, and networks to mitigate risks.
“EV cybersecurity should ensure high availability, guaranteeing that services remain accessible across diverse sites, with centralised management and visibility in the charging ecosystem and control mechanisms. Segmentation features are also critical to prevent lateral movement by attackers,” he pointed out.
“Given that the physical infrastructure is operational technology (OT), EV charging businesses should collaborate with reputable OT security vendors to mitigate risk across the entire environment, spanning from the charge points, through the network, and to the back-office IT systems,” Petherbridge concluded.
While EVs are potentially the way of the future, they are not immune to hacking.