Could Charging Electric Cars Lead to a Cyber Attack?
As the adoption of the electric vehicle increases, the decentralization of charging electric vehicles at either the home or the workplace is becoming a necessity, not a luxury. Commercial real estate companies are using the allure of charging vehicles at the workplace, multi-family properties are upgrading their property parking lots for their residents and using them as a value-add amenity for their prospects. Universities and housing areas are preparing for an increasing number of students using electric vehicles and retail space keeps allocating more and more EV charging spots to attract tenants/clients to their locations.
There are many different manufacturers of these EV chargers, but most function in the same way. Along with the supplied electrical circuit, these chargers need a connection to the internet to function.
EV chargers rely on an internet connection to allow for functionalities like payment processing, user authentication, as well as EV vehicle charging data and other usage logging. Utilizing an internet connection, whether it is cellular or locally provided, poses a risk to the supplier of the service being liable to any cyber security events.
Could cyber risk be reduced? There are two ways that EV chargers primarily achieve an internet connection once installed. The EV charger either has a built-in cellular modem or an Ethernet/Wi-Fi network card. Cellular connected models communicate (usually over LTE) to a provider’s cellular network to connect back to the portal that enables the EV charger functionalities. The Ethernet/Wi-Fi models communicate back to the same portals but use a supplied internet connection from building ownership. Internet connections supplied by building ownership will need to properly segment the EV chargers from all other networks that run the building. Utilizing a Zero-Trust Architecture within a building’s network is the industry preferred method to reduce risk for all Operational Technology and “Internet of Things” devices.
What about Personal Identifiable Information (PII)? Could that also be at risk? EV chargers typically use a form of “near-field” communication (Bluetooth or NFC) to communicate with the user’s smartphone or credit card to process payments. This poses the risk to building ownership of customers’ Personal Identifiable Information (PII) being captured by an attacker should vulnerabilities be exploited. This can also lead to building owners indirectly supplying internet connections to the EV chargers, which require PCI compliance, that could be used for nefarious purposes. Unfortunately, it has already been demonstrated on video streams just how simple it is to take administrative control of an EV charging station with only a cell phone.
In addition, global regulations have started to broaden the scope for what a company is responsible for when it comes to user data. With the user’s data being stored on servers, typically owned by the manufacturer of the EV charger, building owners will need to take additional steps and update policies and procedures to ensure the manufacturer becomes part of the compliance vetting process that has historically been carried out on internally managed systems. When doing business with these companies, it will become imperative to choose a partner that can meet and adhere to these ever-changing regulations.
Providing a place to charge electric vehicles could attract new clients and building tenants, become a building feature to highlight when talking to prospects, improve property value as part of capital improvements, be part of the ESG initiatives roadmap, and even be a new source of revenue.
While all these are great reasons to install EV Chargers, building owners will need to also consider all the cyber and operational risks that the EV charger can pose to their assets. Again, select a manufacturer that can provide a seamless user experience along with a cyber protected network design to install the EV chargers in a secure manner.
Who can address cyber security exposure from EV Charging Stations, Operational Technology and IoT Property Technology? If you do not have experts in house that understand property technology cyber risk, partnering with an organization that knows the commercial real estate business in combination with deep expertise in building technology and cyber security will be a great way to close the skill gap in your team.
5Q possesses decades of global commercial real estate technology and cyber security experience. We focus and service Commercial and Corporate Real Estate owners, operators, and occupiers. 5Q’s Cyber division is structured with cyber security experts to ensure every organization in your portfolio is safe from cyber threats, protecting their most important data and assets. We assess exposure and risk, then implement a robust plan to secure the entire enterprise that fits within any budget and continuously monitor your technology to detect, investigate and respond to cyber threats.
To learn more about these services, visit 5qcloud.com or contact us directly by emailing firstname.lastname@example.org.