As governments around the world instigate and progress sustainable transport policies and initiatives, the need for more electric vehicle (EV) charge points grows. The IoT underpins this relatively new infrastructure by enabling the exchange of operational and other data. To secure and protect this data and charging assets, charge point operators (CPOs) must design their solutions with defence, detection and incident response in mind, says Justin Godfrey-Cass, head of transport solutions, Wireless Logic.
A growing EV charge point network
According to one analysis, there are over five million electric vehicles in the 27 EU member states and UK and, as a result, the number of public charging points has risen from 90,000 in 2016 to over 450,000 in 2022. However, while EV volume growth has been 50% in this time, charging points have failed to match this rate at only 31%.
Meanwhile, the US has its own plans to ramp up. With more than three million EVs on the road, supported by 130,000+ public chargers, the goal is for 500,000 charging points by 2030.
Why EV charge points are IoT-connected
The IoT connects EV charging stations so they can exchange data.
The data in question supports a range of operational needs. Firstly, to facilitate customer payments at public charging stations. Secondly, to enable CPOs to track usage, monitor performance and understand demands on the grid. This becomes increasingly important as charge points become part of a wider transformation of energy infrastructure to be smarter, less reliant on fossil fuels, and to draw on more sustainable energy sources.
Illustrating this, Ofgem predicts EV batteries, alongside other devices including heat pumps, could deliver savings up to £4.7bn by the end of this decade. The savings would come from efficient infrastructure use, which includes sending electricity back into the grid when needed.
For CPOs to support vehicle-to-grid charging, they need load balancing insights and for that they must monitor their infrastructure. Without visibility into usage and power consumption, they cannot take action to, for example, manage fluctuations, avert the risk of power outages and prevent power surges.
Charge point data therefore supports visibility and control for power consumption purposes, and it enables payments to be taken. There is a third important function and that is performance and maintenance. EV drivers need charge points that are in good working order. CPOs monitor their installed estate to identify where any issues need addressing so that drivers aren’t disappointed when they arrive at charging stations.
EV charge point security must be prioritised
Unfortunately, more charge points makes for more opportunities to compromise this important infrastructure which is fast becoming essential to the smooth running of road transport around the world. CPOs must secure their assets and data, and protect the privacy of customers’ data, 24/7.
All connected solutions face security threats. Cybercriminals will seek out vulnerabilities to exploit and profit from, and to cause disruption. Unfortunately, enterprises’ defences do get breached, so much so that, according to a report by SonicWall, there were 57 million IoT malware attacks in the first half of 2022, an increase of 77%.
Malware, ransomware and all other forms of cyberattack can cause significant damage on a number of levels. Businesses can incur considerable costs identifying and stopping an attack, after which they must pay to fix the issue, and then they can count the cost of incurred down time and recovery expenses.
What’s more, they can incur a fine if a security incident is adjudged to be a compliance failing. Despite all this, the biggest cost of all is often the impact on company reputation and brand.
Overall, the sums involved can be staggering. IBM’s Cost of a Data Breach 2022 report, for example, put the average cost of a ransomware attack at $4.5 million (€4.18 million).
Yet, despite all this, Kaspersky reports that 43% of businesses don’t fully protect their IoT solutions. To understand why, we find that over a third (35%) suffer from a lack of staff or specific IoT security expertise, while 40% cite difficulty in finding a suitable solution.
It is unsurprising, therefore, that a survey by Transforma Insights in 2022 found that security was the second most influencing factor, behind only IoT reputation/brand, when enterprises choose a vendor.
How to optimise IoT security for EV charge points
The security of EV charging stations must be given the highest priority. CPOs must make their solutions ‘secure by design’ to protect credentials, secure applications and ensure device communication is only with the correct destinations.
IoT security defends, detects and reacts against existing and emerging cyberthreats. CPOs connecting through cellular IoT, which is flexible, scalable and can support large-scale and multi-region deployments, can build security into their solutions through technology, standards and best practices.
To defend their installations, they must protect against unauthorised device, cloud infrastructure or data access. It makes good sense to begin here with IoT SAFE, as an industry standard to authenticate and authorise IoT devices to mobile networks. CPOs must also keep software up-to-date and stay abreast of relevant regulation to ensure compliance.
Despite all these measures, it is never enough to build in defences only to let things run without monitoring. Practically, that means automated anomaly detection, and usage-based insights and analytics to detect any abnormal activity so it can be investigated.
Armed with this insight, CPOs equip themselves to react as swiftly and comprehensively as possible, should an issue arise. That may involve quarantining and cleaning affected devices, reporting the incident and instigating corrective actions across systems.
Essentially, CPOs must apply policies and best practices to their processes and employee training too. Vulnerabilities are often found in staff behaviour or company processes, and not only within the company responsible for the solution but potentially with their suppliers too. Any weaknesses this could expose must be plugged.
Also, CPOs should rehearse potential incidents. Through rehearsal they prepare themselves to react, should they need to, and give themselves the best chance of minimising damage.
As EV charging ramps up, CPOs and original equipment manufacturers (OEMs) must prioritise security at the point of design. Cyberthreats are ever-present, and the important data that charge points transmit can make them a target. A security strategy should cover technology, standards and best practices to defend, detect and react in the face of threats, and ensure IoT connections are as resilient and secure as they can be.
The author is Justin Godfrey-Cass, head of transport solutions, Wireless Logic.