IT security is vital for the future of E-mobility
Technology and cyber-security go hand in hand and embrace more and more areas of our lives, including transportation. And electric vehicles (EVs), which can be considered large computers on wheels and are constantly connected, could become increasingly susceptible to cyber crime.
So many of the products we surround ourselves with in everyday life are connected to networks and the internet, they ‘talk’ to our surroundings, and are controlled via the remote controls of our time - apps on our smartphones.
People often don’t consider that these devices have little or no security technology installed and are therefore vulnerable to abuse - and the EV itself, containing sophisticated computerised systems, full of valuable information, is also likely to become increasingly attractive targets for cyber criminals.
For a hacker, there are several access points, such as the built-in Bluetooth system, or in the app where you can update software. Here, malware can be installed so that attackers can connect to the car, which in the worst case scenario can pose a major threat to drivers.
Right now, there are no cyber-security standards in this field, and with an estimated 460,000 EVs and 380,000 plug-in hybrids already on Britain’s roads1, and with sales likely to increase rapidly as we head along the Road to Zero, this is something that needs addressing urgently.
Vehicle manufacturers and charge point manufacturers, like CTEK, along with suppliers and app developers all need to take greater responsibility for cyber safety, and CTEK’s in-house software developers are working continuously to ensure that their back end systems maintain the very highest levels of security.
So far as the EV charging point itself is concerned, security is provided through the adoption of Open Charge Point Protocol (OCPP), which provides a standard for communication between different manufacturers’ charging stations and with back end systems. OCPP includes security protocols that are under constant development, and all CTEK’s charge points are fully OCPP compliant.
However, some operators and service providers don’t want their charging data going through the charge point manufacturer's network or cloud solution, partly for security and partly for privacy reasons and this may present some issues. In newer versions of OCPP2, for example, there is a requirement that the charging station should also be identified, either by password or by a client certificate, and if the server for the charge point manufacturer’s cloud solution needs a password or certificate, the entire OCPP security set-up will fall. This suggests that operators and service providers who currently limit or prevent access to the charge point manufacturer’s network or cloud solution must find other solutions in the near future.
In larger charging networks, it has now become common to use Wi-Fi for communication between the charging stations themselves, and for communication with the load balancing system that controls and regulates the power supply going to the chargers. What’s important to consider then is that the Wi-Fi network can also then be an access point for hackers to the building's computer network.
CTEK gives the following advice to business fleet and IT managers, and EV charging network operators, to ensure their EV charging installations are as secure as possible, while limiting access for hackers.
- Check that the charging equipment you’re using is OCPP compliant, according to the Open Charge Alliance, the global consortium of public and private EV infrastructure leaders that have come together to promote open standards through the adoption of the OCPP.
- Consider if a Wi-Fi connection is the best solution for you. Many business customers today choose communication through an Ethernet cable, rather than Wi-Fi. A Wi-Fi solution can work in many cases, but you must pay attention to IT security, so as to limit access for hackers. A physical Ethernet cable is always more secure than a wireless connection.
- We’d recommend that a company's IT managers should be involved in the decision on how the charging system should be designed.
- Use secure APIs.
- Turn off smart devices when not in use.
- Keep software regularly updated.
Notes
1. Source: SMMT, March 2022
2. OCPP 2.0.1 has improvements in security, including the addition of secure firmware updates, secure logging and event notification and secure profiles for authentication (key management for client-side certificates) and secure communication (TLS). For more information, see www.openchargealliance.org