Federal officials eye path forward for EV cybersecurity
Federal officials are examining what role they should play in strengthening the cybersecurity of electric vehicles (EVs) as they push for increased EV adoption in the U.S.
The big picture: EV chargers create unique cyber threats, since the systems tend to be interconnected, run on personal home or business networks, and connect to local power grids.
- Add this to the growing cyber threats posed to all newer car models, which have internet-connected communications and electronic systems with WiFi hotspots and Bluetooth capabilities.
Driving the news: The Office of the National Cyber Director (ONCD) hosted a forum last week with government leaders and private companies, including both automakers and EV charging manufacturers, to discuss the cybersecurity issues facing EVs and the tech they operate on.
- Most of the discussion focused on the possibility for new EV cyber standards and the potential for new research on looming cyber risks, per a meeting readout.
- The White House's meeting readout did not specify which private companies or industry stakeholders attended the ONCD forum.
Why it matters: While EV charger hacks have remained mostly hypothetical, the technology powering chargers could face increased hacker interest as EV adoption rises.
- Earlier this year, a teenage hacker was able to hack into more than 25 Teslas at once through the automaker's open-source activity logging tool.
- Researchers have already discovered several security vulnerabilities in charging equipment that would allow hackers to access user information and impede charging.
Threat level: EV chargers — whether located in personal homes or in public areas — typically collect information about a vehicle's charge rate, identification numbers and drivers' online account information.
- Chargers also typically connect to a system inside cars known as the controller area network, which allows a car's various on-board electronic components and controllers to communicate with one another. Hackers are notorious for targeting this network.
- "If somebody can get into the systems that run public charging infrastructure, then there is potential to inject some sort of malware into the vehicle," says Sam Abuelsamid, a principal research analyst leading Guidehouse Insights' e-mobility division.
Between the lines: No cybersecurity standards exist for EV charging infrastructure, although automakers and charging manufacturers have been working to account for cyberthreats in the development of new vehicles and systems.
- Bringing in new regulations could mean new baseline cybersecurity requirements for both EVs and their chargers to ensure automakers don't cut corners, says Gartner analyst Mike Ramsey.
- However, it's unclear which government agency would lead the charge on setting these standards. Representatives from the White House and the departments of Energy, Transportation and Homeland Security attended last week's meeting.
Yes, but: Standards aren't a foolproof solution to preventing hacks of EVs and their charging systems.
- Hackers are constantly digging up new ways to exploit devices.
What's next: The ONCD office did not make any promises about next steps, but it's possible updated EV standards could come out of the discussion.
Sign up for Axios’ cybersecurity newsletter Codebook here.