Electric Vehicle Cybersecurity: Assessing the Vulnerability of EVs to Cyberattacks 

As a rapidly growing economy, India is on the verge of becoming a manufacturing hub for the electric vehicle (EV) industry. The Economic Survey 2023 predicts India's domestic electric vehicle market will see a 49 percent compound annual growth rate (CAGR) between 2022 and 2030, with 10 million annual sales by 2030. However, as EV technology continues to advance, so do the associated risks, particularly in terms of cyberattacks. The growing dependence on connected systems and charging infrastructure could open up cyber vulnerabilities. In India, with over 2 lakh cases in 2018 and almost 14 lakh in 2022 (tracked by the Indian Computer Emergency Response Team, CERT-In), cyberattacks are on the rise.

A 19-year-old teen launched a white-hat attack on German Tesla charging stations in January 2023. In Russia, cyberattacks disabled many charging stations while the ''stations' video displays showed negative messages. The influx of EV-related cyberattack cases requires a closer look at the causes and effects to find ways and means of overcoming them.

Understanding the risks
The electric vehicle charging infrastructure is an essential component of the EV ecosystem. Unfortunately, it can be a potential target for cyberattacks. The Wall Street Journal reported that EV charging networks have been identified as a prime target for hackers seeking to disrupt transportation systems and exploit sensitive data.

Terranova Security points out that EVs collect a multitude of data, ranging from the driver's personal information to location data and even vehicle telemetry. Hackers could exploit vulnerabilities in the connected systems to gain unauthorised access and steal this significant data, leading to serious privacy concerns for EV owners. A successful cyberattack could disrupt the charging infrastructure, deterring EV owners from accessing charging services and potentially causing economic losses for charging operators. The concealed cyber risks associated with EVs include the potential for over-the-air (OTA) software updates to be compromised. A hacked OTA update could lead to dangerous circumstances on the roads and threaten public safety.

These discrepancies expose the industry to inconsistent security practices and increase the risk of cyber breaches. Cybersecurity awareness and training among EV stakeholders, including manufacturers, charging station operators, and vehicle owners, is paramount for smooth operations, as a lack of understanding leaves individuals more susceptible to cyber threats.

Strategies to counteract emerging threats
In a way like that of a computer network, there need to be certain measures taken by EV users and manufacturers to ensure the best possible digital data safety. To protect EVs from cybersecurity breaches, data protection must be prioritised. Encryption and secure communication protocols should be implemented to safeguard sensitive information EVs collect, such as location data, driving patterns, and personal details. Advanced encryption algorithms can prevent unauthorised access and ensure that data remains confidential. 

OTA updates are essential for enhancing EV performance and safety. Adopting a secure OTA update process with strict authentication mechanisms and code signing can ensure that only authorised updates are installed, reducing the risk of malicious software infiltrating the vehicle's systems. Regular software patching addresses potential vulnerabilities and weaknesses in EV software systems. Vehicle manufacturers and EV owners should stay alert regarding software updates and apply them promptly to prevent cyber attackers from exploiting known vulnerabilities. 

EV charging stations must be fortified against cyber threats. This includes implementing robust authentication mechanisms, firewalls, intrusion detection systems, and encryption protocols to prevent unauthorised access and potential disruptions to charging services. A significant factor in negating cyber hacking in EVs is ensuring regular cybersecurity audits of EV systems and charging infrastructure. This can help identify potential vulnerabilities and weaknesses. Cybersecurity experts should conduct these audits to ensure a comprehensive evaluation of the security measures in place.

Charting the path: shaping the future of electric vehicle cybersecurity
Several cybersecurity challenges are lined up to face the EV industry in the years to come. Continuous innovation and collaboration are necessary to stay one step ahead of emerging cyber threats. 

A roadmap for EV cybersecurity can guide the entire industry towards unified standards and best practices. Collaborative efforts among vehicle manufacturers, charging station operators, and cybersecurity experts can help establish a robust and cohesive cybersecurity framework. It is essential to foster awareness among electric vehicle owners, charging station operators, and other stakeholders. One effective approach is to conduct cybersecurity training programmes that enable participants to identify and address potential threats with heightened efficiency.

Electric vehicles have ushered in a promising era of sustainable transportation, but they are not unaffected by the ever-evolving threat of cyberattacks. The global and Indian EV ecosystems face various vulnerabilities, ranging from charging network weaknesses and data breaches to a lack of digital safety information. Every stakeholder must collaborate and prioritise the implementation of robust cybersecurity measures. With proactive actions and a shared commitment to safeguarding the EV ecosystem, the world can breathe easy and continue its transition towards greener mobility with confidence and security.

Ram Rajappa is the CTO of Greaves Electric Mobility. Views expressed are those of the author.