The rapid creation of new technology has made President Biden describe our digital world as an “inflection point.”
According to Morgan Lewis, the confluence of digital systems in the electric vehicle (EV) industry is a perfect example of that phenomenon. Deploying EVs and EV supply equipment (EVSE), such as charging equipment, involves multiple interconnected platforms, connections to electric grid infrastructure, and exchanges of operational and customer data, all spread over a wide geographic footprint, presenting a target-rich environment for threat actors.
For example, a large-scale compromise of grid-connected EVSE could cause electric distribution system disturbances by manipulating load patterns or system voltage. Threat actors could also introduce malicious software to a customer’s EV by first compromising an unsecured charging station to which that EV eventually connects.
Data privacy risks are also present. The EV ecosystem involves many different exchanges of customer information, including personally identifiable information and payment information. Such data, whether stored locally on the EVSE or in a remote server, presents a valuable target for threat actors.
Data concerns are not just limited to foul play. Inadvertent data disclosures or larger breaches due to poor data management practices will invite scrutiny and legal liability. To address these risks, EV and EVSE companies will need to shore up cybersecurity risk management practices while keeping the following challenges in mind.