EV Charging Stations Susceptible to Cyber-Attacks and Cyber Security Incidents
Online security and safety of electric vehicles charging stations are as vulnerable as any other thing put online or connected to the Internet, this warning is recently given by India’s Transport minister Mr. Nitin Gadkari.
In a written reply in the Lok Sabha, the union minister explained that the Indian Computer Emergency Response Team (CERT-In), which is mandated to track and monitor cyber security incidents in India, received reports of vulnerabilities in products and applications related to Electric Vehicle Charging stations and issued alerts and vulnerability notes suggesting remedial measures.
Electric Vehicle charging stations are also susceptible to cyber-attacks and cyber security incidents. In January this year, a white hat attack on German Tesla charging stations was made by a 19-year-old teen. The white-hat hack was made to warn that Tesla’s third party software consists security flaws which could lead to Tesla vehicles getting hacked and get control of the vehicle such as unlocking doors, honk horns and start the cars.
In Russia, attacks disabled many charging stations while the stations’ video displays showed messages that put Russian prez Vladimir Putin in bad light.
India’s CERT-In issues alerts and advisories regarding latest cyber threats/vulnerabilities and countermeasures to protect computers and networks on an ongoing basis. “Government is fully cognizant and aware of various cyber security threats and is actively taking steps to combat the issue of hacking”, said Mr Gadkari.
In the recently notified cyber security direction, CERT-In has now made it mandatory for all incidents to be mandatorily reported to CERT-In. CERT-In has formulated a Cyber Crisis Management Plan for countering cyber-attacks and cyber terrorism for implementation by all Ministries and Departments of the Central Government, State Governments and their organisations and critical sectors. CERT-In has empanelled 150 security auditing organisations to support and audit implementation of Information Security Best Practices.
As per the information reported to and tracked by CERT-In, the number of cyber security incidents during the years 2018, 2019, 2020, 2021 and 2022 are 2,08,456, 3,94,499, 11,58,208, 14,02,809 and 13,91,457 respectively.
Last year in January, a study of EV charging stations by Department of Information Systems and Cyber Security, Carlos Alvarez College of Business, also found vulnerabilities in charging stations and the concerns raised include missing authentication and cross-site scripting, which puts malicious code into scripts and can launch cybersecurity attacks.