According to IEA’s Global Electric Vehicle Outlook 2022 report, the global sales of electric vehicles (EVs) have tripled in just three years. This trend is also picking up pace in Singapore as the government eyes ambitious plans to install 60,000 charging points by 2030 and fast-track electric vehicle (EV) adoption to achieve net-zero emissions by 2050.

However, EV charging stations and networks are vulnerable to hacks that can disrupt the networks, and worse disrupt the national electric network that is connected to it. Hackers can also gain access to steal drivers’ personal data. Specifically, standards, policies and technologies which can help secure EV charging stations and the data shared between the vehicle and the endpoint and the national grids are much needed.

Without the necessary regulations, the effects can bring the country to a standstill.

Networked EV charging stations act as a vital link between the vehicle and power grid. They are essentially a high-wattage kiosk connected to the internet, making them vulnerable to exploitation. Though there appears to be no public instances of EV networks being disabled (other than by white hat hackers), showed that threat actors had successfully accessed Russian EV chargers along a stretch of road to display pro-Ukraine messages. New research released by Sandia National Laboratory in New Mexico also proves that EV charging stations are vulnerable to several different cyber-attack scenarios.

A US forum for government and private sector leaders agreed in October last year to work together to assess the state of cybersecurity standards and state of cybersecurity R&D for the EV ecosystem which includes lawmakers, car makers, battery makers and cybersecurity companies.

Cybersecurity And Data Protection Is A Two-Way Street

As Singapore pursues the smart city concept, many points are becoming increasingly internet connected. This includes solar panels on rooftops, batteries installed in homes and high rises and ubiquitous, networked EV charge points. Battery-powered EVs themselves might soon power our homes or buildings while we sleep. Vehicle to Grid (V2G) communications like the system deployed in the UK in 2020, are a key enabler of such features.

For auto manufacturers, they are leading the way in the application of software-defined vehicle (SDV) technologies . The SDV is the glue that make different auto components work smoothly together like vehicle infotainment, cloud-connectivity for map updates, predictive maintenance and so much more to enhance our driving experiences.

But it can also further expose a vulnerable attack surface to hackers.

How does this happen?

When an EV plugs into a networked charger, there is a two-way exchange of data. A breach in the systems or communication channels that link the vehicle and charger can have serious implications. Compromises of the system can enable malicious actors to steal personal data, gain access to home networks, hijack entire EV networks through cloud servers or skim payments. Threats like data theft are troubling, and there are also other serious potential impacts such as impairing a car's performance to impact driver/passenger safety, more direct takedowns of entire charging networks through a single exploit, or manipulation of “smart” electricity grids.

Preparing For A Smarter EV Future

We are heading towards a digitally transformed future where buildings, infrastructure and vehicles are all interconnected and enabled by 5G.

It is good that automakers are already working hard to strengthen the safety and security resilience of their processes and products, especially for EVs more dependent on computerisation . As auto cybersecurity regulations become more established worldwide, it is critical for vehicle makers and other general embedded (GEM) industries, including EV equipment manufacturers, to work with technology companies that understand every piece of the exceedingly complex domain where the physical and digital collide.

As Singapore accelerates its EV infrastructure development, every aspect of EV adoption needs to be considered in deployment to ensure that cybersecurity is not an afterthought. Vehicle to Everything (V2X), enabled by 5G, will bring all sorts of benefits, such as improved safety, reduced road congestion and lower emissions through optimised traffic coordination – not to mention conveniently identifying where the nearest chargers are. However, to be successful it must be trusted, so it should be designed to enable receivers to reject messages where hackers have modified messages in transit or sending malicious messages.

Digital handshakes to secure the communication of vehicles with each other and with roadside equipment is a critical piece of the cybersecurity consideration. It enables vehicles, e-mobility providers and EV charging stations to identify and establish trusted connectivity – and fully compliant with the new international standard (ISO 15118-20) - for secure vehicle-to-grid interfaces

Leading The Charge

There is no doubt of continued and increased collaboration between financially motivated cyber-criminal groups and state-sponsored threat actors, who will continue to disrupt the operations of organisations with outdated and indefensible security architectures.

Nations such as the United States and Great Britain are ahead of the curve, with new laws and policies that cover cybersecurity as well as tamper-protection of EV charging devices.

As Singapore rises to the challenge of nationwide EV adoption, it is important that its comprehensive EV Roadmap also includes a close look at the cybersecurity implications of the technology ecosystem of IT/OT convergence. The accessibility of charging infrastructure, key to the success of EV adoption, will be of interest to EV owners and bad actors alike.

To future-proof its city, citizens and businesses, it is critical for Singapore’s private and public sector stakeholders to continue to work in unison with a secure-by-design approach that encompasses policies and standards for both hardware and software, and more adequate protections for the software supply chain and manufacturing. This includes the use of trusted mission-critical and intelligent, AI driven-software that can deliver timely contextual data to build predictive, proactive and defensive cybersecurity resilience for a 5G future. Zero Trust Frameworks and regular audit programs will also help in achieving the vision for safe and secure EVs.

Collectively, this will help to ensure that systems comprising all those “computers on wheels”, and anything they connect to, will be both safe and secure.