Why electric vehicles are a vulnerability in automotive cybersecurity

Why electric vehicles are a vulnerability in automotive cybersecurity

Steve McEvoy, Expleo, discusses the current cybersecurity threats facing the electric vehicle market and what else the industry could be doing.

A global engineering, consulting and technology company, Expleo provides the automotive industry with industry-wide knowledge and innovation. The company offers solutions in digitization, autonomous driving and electric mobility to help with the future of automotive engineering.

With the risk of cybersecurity becoming an increasingly important issue within the automotive industry, particularly when looking at electric vehicles, the company has been looking into this issue.

We spoke to Steve McEvoy, Vice President of Automotive at Expleo, to find out more about the cybersecurity risks facing electric vehicles and what else the industry should be doing to combat these threats.

Steve McEvoy

Just Auto (JA): Could you provide some background on the company and its role?

Steve McEvoy (SM): I joined Expleo in 2016, my professional qualifications in engineering, sales and marketing assisted me in my role as director of business development before assuming full operational responsibility as director of the automotive and transportation business unit. I am now the company’s VP of Automotive, leading the business to deliver end-to-end engineering and quality solutions for the benefit of manufacturers.

At Expleo we work to promote the future of the automotive sector. We provide a range of services including operating system development, battery and hydrogen solutions, connecting the automotive ecosystem with IT ecosystems, and more.

What are the main cybersecurity risks facing the automotive industry today?

The concept of cybersecurity in the automotive sector is still relatively new and has developed rapidly thanks to the acceleration of digital transformation throughout the industry.

Many industries have witnessed an exponential growth in security threats in recent years, but it is particularly important for the automotive industry and even more so as we move towards fully autonomous driving.

There is a growing threat of cyber attackers trying to breach the network these systems run on, which could lead to serious safety issues for drivers and passengers.

Since connectivity and information sharing are part of autonomous driving, many of the risks revolve around data theft, and as a result, connection security is compromised. The consequences of a vehicle failure or cyber attack could be critical, so it is important for the industry to have confidence in handling security constraints.

Although part of the automotive industry has been slow to recognize these threats, there are new UNECE WP.29 Automotive Cyber ​​Regulations that have been adopted by the EU and will be mandatory for all new vehicles in the EU from July 2022. The standard will also it will become regulation in South Korea and Japan as the UN push to make automotive cybersecurity standards as non-negotiable as traditional security standards.

Are newer cars and electric vehicles more at risk?

As new cars and electric vehicles are more connected and automated than ever, they are also at greater risk of cybersecurity attacks.

EV vehicles need not be inherently more at risk than a modern ICE vehicle; it’s just that an EV vehicle to maximize its performance will naturally use the most modern electrical architecture that includes all sorts of connectivity which by its nature can create a higher level of risk.

My concern is that many cybersecurity measures and protocols can be easily overlooked as the complexity of the electrical architecture of electric vehicles continues to increase and manufacturers try to keep up with demand.

The supply chain is also vulnerable and as more materials and technology are sourced from abroad; There will be new opportunities for cyber attackers to collect sensitive data and use backdoor entry points within this ecosystem to hack automakers.

Looking specifically at electric vehicles, what are the biggest risks posed by cybersecurity hacking?

The infrastructure of electric vehicles is just as vulnerable to cyberattacks as any other connected device and, therefore, one of the biggest risks of electric vehicles is the charging stations themselves.

Charging points and system operators must take special care to implement security measures and protocols to ensure that users can experience safe charging. They must ensure that the security of the software installed on the station is strengthened and that the firmware is constantly updated.

Without knowing what the network has been exposed to, connecting a device to the station can be risky. Like any device, the Charge Point communicates through the access points when it is connected. To ensure that cyber attackers do not interfere with this connection, charging point operators must use encrypted communication features.

What else do you think manufacturers should do to address this issue?

To avoid surprises in the future, manufacturers must also be responsible for addressing cybersecurity at the design and development stages, to build more secure systems.

Working with cyber analysts at the design stage will allow the analyst to perform checks and recommend changes or improvements to manufacturers, such as upgrade enhancements. Addressing these risks earlier in the process will save manufacturers valuable time and money while offering drivers greater protection.

What do you think the future holds for this topic?

Cybersecurity is a major hurdle in the future of the industry, but keeping passengers and the public safe should be the number one priority for automakers, and cyber now plays a big part in that. There are a large number of interfaces and interactions that still need to be tested in its cybersecurity capabilities, adding significant technical complexity to the development process.

Automotive companies can bridge the gap by working with outside experts to help ensure quality control and safe design throughout the construction stages. These consultants can help organizations innovate and take full advantage of emerging technologies, considering cybersecurity as part of the comprehensive approach to autonomous control systems: from the design stage to real-life testing.

Large automotive companies must also work together to advance technology and collaborate to achieve innovation, helping to strengthen cybersecurity across the industry. By pooling its knowledge, the industry can create more effective and cyber-secure products, while taking a customer-centric approach.

Leave a Comment