By: Lionel Dartnall - Country Manager, Check Point Software Technologies

The global transition towards electric mobility (e-mobility) is accelerating rapidly, driven by environmental goals, consumer demand, and technological advancements. By 2030, governments and industries aim to have millions of electric vehicles (EVs) on the roads, along with robust charging infrastructure. 

According to National Association of Automobile Manufacturers of South Africa’s (naamsa’s) quarterly review for Q1 2024 demand for new energy vehicle (NEV) is growing with 3,042 NEVs sold in between January and March 2024, compared to 1,665 vehicles sold during the same period in 2023. This represents an increase of nearly 83%.  Hybrid vehicles in particular are most popular with 2,574 units in the first three months of 2024, compared to 1 408 vehicles in the same period last year.  

"Despite growing local and global appetite for EV's they bring along significant cybersecurity challenges. These risks, if left unaddressed, could pose serious threats to the safety of EV users and the overall security of connected systems," Lionel Dartnall, Country Manager, Check Point Software Technologies.

The Growth of Electric Vehicles and Their Infrastructure

Electric vehicles are no longer just a futuristic concept. Countries across the globe are investing heavily in the production and distribution of EVs. Charging stations, the backbone of e-mobility infrastructure, are expanding to meet this growing demand. According to estimates, over one million publicly accessible charging stations will be required globally by 2030 to meet demand.

The digitalization of this infrastructure—spanning everything from smartphone-based payment systems to vehicle data communication—introduces an interconnected web of data flows between vehicles, users, and systems. This digital landscape, however, also exposes EVs and their infrastructure to a host of cyber risks.

The Cybersecurity Threat Landscape

1. APIs: A Gateway for Cybercriminals
The rapid growth of API usage in automotive ecosystems makes it one of the prime attack vectors. In 2022, API-based attacks increased by up to 380%, according to a Global Automotive Cybersecurity Report. APIs connect charging stations, vehicles, and mobile applications, making them attractive targets for cybercriminals seeking to disrupt services, steal data, or launch ransomware attacks.

2. Charging Station Vulnerabilities
Public EV charging stations, especially those providing fast-charging services, present potential vulnerabilities. Researchers have demonstrated attacks like Brokenwire, which uses radio signals to disrupt the charging process. In another high-profile incident, hackers exploited infotainment systems to push explicit content onto charging station screens, exposing users to inappropriate material and underscoring the weak security posture of many of these systems.

3. Payment Systems and Data Theft
The integration of digital payment systems into charging infrastructure opens the door to financial crimes. Cybercriminals can intercept and exploit sensitive payment data, leading to identity theft or unauthorized transactions. Malware and ransomware attacks targeting the underlying software systems of these stations could halt operations, leading to service disruptions and financial losses for users.

4. Vehicle-to-Grid (V2G) Attacks
With the rise of V2G systems, where electric vehicles exchange power with the grid, the threat surface expands. Cyberattacks aimed at manipulating the V2G ecosystem could result in power outages, widespread grid disruptions, or financial losses through unauthorized transactions. The consequences of such attacks could be devastating for energy providers and customers alike.

Securing the EV Ecosystem: Key Considerations

Given the diversity of components within the EV ecosystem, a comprehensive security strategy must be applied at every layer. From vehicles to chargers, mobile apps, and the broader grid, all elements need robust cybersecurity defenses to mitigate risks effectively.

1. API Security
Since APIs are widely used in the e-mobility ecosystem, security teams must focus on securing API communications. This includes implementing encryption, authentication mechanisms, and real-time monitoring to detect and respond to malicious activity. Strong API security policies can prevent unauthorized access and mitigate risks associated with data interception.

2. Firmware and Software Updates
Continuous monitoring and regular software updates are critical for securing EV infrastructure. Updating firmware in charging stations and onboard vehicle systems can help close security gaps and prevent the exploitation of known vulnerabilities. However, updates must be performed securely, ideally using encrypted over-the-air (OTA) methods, to ensure the integrity of the software.

3. Cloud Security and SBOM
With much of the data and analytics for EVs and charging stations processed in the cloud, implementing strong cloud security measures is essential. Security teams must create a Software Bill of Materials (SBOM) to track software components and ensure transparency in software development and deployment. This allows for quick identification and remediation of vulnerabilities in third-party software.

4. Zero-Trust Architecture
Adopting a zero-trust security model ensures that no user, device, or system is trusted by default. This approach is particularly effective for large, complex ecosystems like e-mobility, where there are multiple access points to the network. Zero-trust architecture ensures that only authenticated and authorized users can access critical systems, reducing the risk of breaches.

5. Intrusion Detection and Prevention Systems (IDS/IPS)
Implementing IDS/IPS at both the network and device levels allows for real-time monitoring and automatic responses to suspicious activity. This proactive defense mechanism helps prevent attacks before they escalate and can detect anomalies in charging station operations or vehicle communications that indicate an attempted breach.

6. Data Privacy and Protection
Given the sensitive data involved, such as payment information and location data, EV operators must prioritize data privacy. Encryption and secure authentication methods should be employed to protect user data at all times. Compliance with international data protection regulations, such as GDPR, is also crucial to ensure users’ privacy rights are maintained.

7. Supply Chain Security
The supply chain for EV components is vast, involving hardware and software from multiple vendors. To mitigate risks, organizations must work with trusted suppliers and conduct thorough security audits to identify potential vulnerabilities. Robust supply chain security measures are essential to prevent the introduction of compromised hardware or software into the EV ecosystem.

Collaboration for a Secure Future

"As the automotive and energy sectors converge with the digital world, collaboration is key to building a secure future for e-mobility. Governments, private companies, and cybersecurity experts must work together to develop robust regulations, security standards, and industry best practices. These standards, including ISO 15118 for secure communication between vehicles and chargers, provide a strong foundation for cybersecurity in this rapidly evolving field," Dartnall says

Managed Security Service Providers (MSSPs) also play a critical role in securing e-mobility by offering continuous monitoring, threat detection, and response measures. MSSPs help organizations comply with regulatory frameworks such as ISO/SAE 21434 for automotive cybersecurity, ensuring that all systems in the EV ecosystem remain secure.

Conclusion: Protecting the Future of Electric Mobility

"The future of electric mobility is bright, but only if its infrastructure is secure. Cybersecurity must be an integral part of the design and implementation of every component within the EV ecosystem. By adopting a comprehensive approach to security—from securing APIs and cloud systems to protecting the supply chain and charging stations—we can ensure that the benefits of e-mobility are realized without compromising safety or data privacy.  As we move towards a greener, smarter future, it’s imperative that we address these cybersecurity challenges head-on, building the trust and resilience needed to power the electric vehicle revolution securely," Dartnall concludes.