With that in mind, testing, inspection and certification company, Bureau Veritas, is emphasising a ‘critical need’ to focus on cyber security risks associated with this growing EV infrastructure.
Concerns about hacking of EV charge points also made the news earlier this year. So what are the risks and how can they be addressed?
George White, senior consultant for EV charging at Bureau Veritas, shares his views.
“In the pursuit of this electrified future, the digital aspect is rife with evolving cyber security threats that could potentially compromise the integrity of EV charging points. Unauthorised access through unprotected network or peripheral device interfaces poses a huge risk, as does firmware-based attacks that manipulate voltage settings, potentially causing major damage.
“The UK Electric Vehicles (Smart Charge Points) Regulations 2021, is fundamentally the first place to start, which states that charge points must be designed, manufactured, and configured to provide appropriate protection:
- Against the risk of harm to, or disruption of, the electricity system
- Against the risk of harm to, or disruption of, the relevant charge point
- For the personal data of the owner and any other end-user of the relevant charge point
‘Suppliers should carry out thorough checks before shipping EV charge points’
“Ensuring the supplier of charge points adheres to this before they ship is key to ensuring that the right levels of security are maintained over its lifetime. Before charge points are shipped, we recommend thorough pre-installation inspections.
“This includes scrutinising passwords, ensuring software is up to date, validating security configurations, secure communication, data inputs, and ease of use. These assessments aim to identify and rectify security gaps before installation, saving time and resources.
“Firstly, the software must be capable of secure updates, employing cryptographic measures to protect against cyber-attacks. Regular security checks during setup and periodic updates are also essential, with owners responsible for verifying the authenticity and integrity of each update.
Furthermore, sensitive security considerations, such as credentials, should be stored securely, avoiding hard-coded information, and designed to verify authorised access.
Cyber security is a necessity, not a luxury
“Charge points must also be able to encrypt all communications to maintain the confidentiality and integrity of transmitted data, preventing unauthorised access or tampering. Along with this, the configuration should verify data inputs, discarding unverified data to prevent potential security vulnerabilities. Lastly, and quite importantly, for user convenience and compliance with privacy regulations, charge points should be designed for ease of use, minimising owner inputs, and allowing straightforward deletion of personal data.
“Cyber security is not a luxury but a necessity in the EV space. Bureau Veritas’s comprehensive approach, from third-party risk reviews to ongoing maintenance assessments, ensures a robust cyber security framework for the entire EV ecosystem, that we encourage companies to incorporate into their security measures and planning.”
What do you think? Do you have, or are you hearing about, concerns around the digital security of renewable tech? Get in touch to let us know by emailing linda@renewableenergyinstaller.co.uk.