EV charging stations prone to cyber attacks ‘like other tech applications’: Govt to Parliament

EV charging stations prone to cyber attacks ‘like other tech applications’: Govt to Parliament

In response to question in Parliament, Union minister Nitin Gadkari says CERT-In issues alerts regarding latest cyber threats & countermeasures on a regular basis.

An EV charging point | Commons

An EV charging point | Commons

New Delhi: The central government has informed Parliament that charging stations for electric vehicles are susceptible to cyber attacks like any other technological application, however, stakeholders believe this is unlikely to affect consumer demand and trust.

“Electric vehicle charging stations are also susceptible to cyber attacks and cyber security incidents like any other technological application,” Minister of Road Transport and Highways Nitin Gadkari said in a written reply to Lok Sabha Thursday.

The minister added that the Indian Computer Emergency Response Team (CERT-In), which is mandated to track and monitor cyber security incidents in India, has received reports of vulnerabilities in products and applications related to electric vehicle charging stations and issued alerts and vulnerability notes suggesting remedial measures.

While the electric vehicle ecosystem in India is still at a nascent stage, countries with more developed ecosystems and infra have witnessed cyber attacks.

For instance, reports had surfaced last year of some electric car charging stations outside Moscow being hacked and disabled. While EV owners couldn’t charge their vehicles, the display on the stations was changed to reflect criticism of president Vladimir Putin.

Likewise, some chargers were hacked in the UK early last year to show users pornographic websites. The UK is also working on a new policy and technical framework to lower energy bills for users and enhance the cybersecurity of EV ecosystems.

In an email response to ThePrint’s queries, Jio-BP, which provides EV charging and battery swapping network in the country, said that like any other technological platform, EV charging infrastructure is an integration of several technologies and is susceptible to security incidents.

“Having said that, the standard protocols used in the charging system have been quite robust, especially with the release of OCPP 1.6-J security release, many of the vulnerabilities have been taken care of. Going forward, with the OCPP 2.0 release, it will get further strengthened,” it said.

The OCPP or Open Charge Point Protocol is published by the Open Charge Alliance (OCA) – a global consortium of public and private EV infrastructure leaders – and also includes security protocols.

Jio-BP, which has announced tie-ups with car manufacturers such as Citroën India, Mahindra and Mahindra, and MG Motors, for setting up charging infrastructure, said it has deployed best in class EV charging stations design and systems with maximum security controls, and has collaborated with trusted cybersecurity partners and deployed advanced protection systems to detect and respond to various cyber threats.

Also read: One-third of Indian mobile phone users likely to be on 5G by March 2025: CRISIL Ratings

‘Government aware’

Meanwhile, Gadkari said in Parliament that CERT-In issues alerts and advisories regarding latest cyber threats/vulnerabilities and countermeasures to protect computers and networks on a regular basis. He added that the government is aware of the various cyber security threats and is actively taking steps to combat hacking.

“…CERT-In has now made it mandatory for all incidents to be reported to it. It has formulated a Cyber Crisis Management Plan for countering cyber attacks and cyber terrorism for implementation by all ministries and departments of the central government, state governments and their organisations and critical sectors,” the minister said, adding that CERT-In has empanelled 150 security auditing organisations to support and audit implementation of Information Security Best Practices.

As per the information reported to and tracked by CERT-In, the number of cyber security incidents in India was 2,08,456 in 2018 compared to 13,91,457 the previous year.

“There is a challenge that they (EV charging infra) are vulnerable to cyber attacks because they are connected. There have been cases in the past where the power grid has also faced some attacks…But I think a cyber security framework is something that has been talked about in India and that includes everything. It’s not just cars that are connected today,” said Ashim Sharma, Senior Partner & Group Head, Business Performance Improvement, at research firm NRI Consulting & Solutions India.

He added that as a safety measure, manufacturers are also developing several network layers to differentiate between what can be easily accessed in a vehicle such as an infotainment system and what is more sort of guarded like the control units for powertrain, battery, safety systems.

“Mobile phones are equally susceptible….we live in a connected universe. Even current ICE vehicles now have connected vehicle features…The only challenge that people see is, can it be controlled remotely? So as far as the operating them goes, OEMs (original equipment manufacturers) are trying to keep that separate from the rest of the system. So even if there is an attack, it does not create a potentially unsafe situation for users,” he added.

Sharma also explained that at the charging stations, there are largely two types of network connections. The first is a cloud connecting network that will tell a user the location of charging stations and how many vehicles are there, so that the user can decide where to go to charge the vehicle, and the second is the communication that takes place between the charger and the battery management system in the battery.

“There is no doubt about India’s EV growth story. Hence, with the increase in penetration of EVs, the demand is continuously rising for establishment of charging station in cities & highways…With the way the industry is evolving and putting serious efforts to curb any negative impacts, we believe that this will not affect the demand and customer’s trust,” Jio-BP said.

(Edited by Smriti Sinha)

Also read: Cybercriminals using ChatGPT to create more convincing online scam content: Norton