Making cybersecurity a priority in EV charging systems
Ransomware, brute force, DDoS and the like: the pest zoo of cybercrime is constantly growing and hardly anyone cares about it until the exterminator is forced to intervene. Christoph Erni, Founder and CEO of Juice Technology AG explores.
Only recently, a well-known German software company had to take its servers offline due to a cyber-attack. According to the company, the damage was (only) limited to internal systems. Cloud services for customers would thus have been spared from the attack. However, the example shows that even software companies are not immune to cyber-attacks.
Even if no data is stolen and production operations are not compromised, each attack blocks capabilities and slows productivity, often for months. Cyber-attacks are on the rise worldwide and cause billions of dollars in damage. An international survey conducted by Statista showed that, on average, one in two companies has been the victim of a cyber-attack at least once in a year. Yet software is the backbone of the modern world.
Electric mobility is like a booster for the digitisation of individual motorised mobility. This results in an increasing interconnection between cars, charging stations, network operators, and energy management systems. However, this inevitably increases the risk of failure, as faults in electronic systems can spread beyond individual subsystems.
Faced with horrific scenarios such as a blackout, there is no need to freeze like a rabbit in front of a snake. The best way to reduce cyber risks isgood prevention. A security-oriented approach is crucial. This means that the security aspect must be firmly anchored already in the design and development phase. Although this should be obvious, it is not practised everywhere. Although this should be obvious, it is by no means practised everywhere. As a software-based company, it is important for us not only to talk about cybesecurity, but also to be a model for the industry.
With the certifications, we make it visible to everyone that information security and data protection are of great importance to Juice and that the relevant measures are continuously implemented. In addition, charging stations must meet the highest standards of the automotive industry. That is why Juice has been certified according to ISO/SAE 21434 since 2022. This means that all electronic systems, components, software, and all external connections are treated from a cyber security perspective. It also covers the management of cybersecurity along the entire supply chain. The standard was created for vehicles, but exactly reflects our 'security by design' approach, which we have always cultivated. Our charging stations, for example, are among the first to have the ISO 15118 standard. This ensures that the data connection between the infrastructure and the vehicle is protected against unwanted access and manipulation from outside.
Overall, the connected and smart controlled charging infrastructure plays a key role in e-mobility, which has moved beyond its initial phase. Because charging stations are becoming important nodes with the increasing interconnection of vehicles, home control systems, and connection to energy suppliers. Smart charging stations must not only offer a service to electric vehicle drivers but also be a stabilising element in the electricity grid. The point is the software. It depends on the connectivity, security, and thus the sustainability of the individual devices and ultimately of the entire smart grid.
However, the smart connection must not only take place on a technical level but also between industry, energy suppliers, and authorities. All parties involved must realise that with each new actor connected to the network and communicating with others, the entire infrastructure becomes more vulnerable. Effective protection against cyber-attacks can therefore only be achieved when e-mobility will be understood by all parties as a globally connected system. This awareness should come quickly, as the transport and energy sectors are among the critical infrastructures that need special protection.