All connected devices and networked systems, including EV charging stations, carry risk, but...

All connected devices and networked systems, including EV charging stations, carry risk, but that risk can be identified and managed.

Photo: AssetWorks

It is easy to look at the Colonial Pipeline ransomware attack and point to electric vehicles as the solution. Although petroleum distribution comes with a million problems, the threat of fuel supply cyberattacks will not be solved by electric vehicle (EV) charging.

EV charging networks are not immune nor inherently more resilient to cyberattacks. All connected devices and networked systems carry risk, and although that risk can be identified and managed — it is still there. Fleets that rely on a single EV charging network are putting all their eggs into one basket.

“What one has to take into consideration is that this is a relatively new industry,” said Bill Soule, founder of Torq EVs. “EV charging is dominated by a few startups and they are in the middle of a site host land grab to take advantage of the EV charging station incentives and scale their businesses. Most do not have the staff to plan for worst case scenarios.”

That will need to change rapidly as the industry matures, but fortunately there are already several immediate actions fleet operations can take to make themselves more resilient to cybersecurity threats.

Eliminating Single Points of Failure

Generally, the first step to any resiliency plan is addressing single points of failure. A single point of failure is a part of a system that, if it fails, will stop the entire system from working. Single points of failure are undesirable and managed by creating redundancies that ensure continuity of operations in the event of a mishap.

For EV fleets, the most significant point of failure is the EV charging network because a disruption would be enterprise-wide and not limited to a single parking location, type of vehicle, or charging hardware. A cyberattack on an electric vehicle charging network (which has not happened to date) would “brick” chargers across all of a fleet’s facilities, because it is the network software that grants drivers permission to charge and initiates charging sessions. Fortunately, there are few solutions to minimize the impact of a network outage.

Solution 1:

The first solution is to deploy two or more networks at each fleet location. The odds of two or more networks being hacked at the same time are lower. Most EV charging networks use different servers and software. Their networks are separate from each other. Although a cyberattack on one network would still reduce a fleet’s total number of chargers in service, only a fraction of fleet chargers would be affected.

Action Items:

  1. Deploy two or more charging networks at each facility and for each duty cycle. In other words, heavy-duty vehicles should have two or more types of EV networks to charge from and light-duty-vehicles should also have two or more types of EV networks to choose from as well.
  2. Issue drivers FOBs or RFID cards for each of these networks as well. Although network roaming normally allows fleet drivers to use the same RFID card or FOB across different charging networks, that support may be interrupted during a cyberattack.
  3. Use a third-party fuel management provider to integrate each of the charging networks for complete usage, cost, and status reporting. Otherwise, deploying multiple charging networks is impractical from a fleet management perspective.

Solution 2:

In the event of a cyberattack, fleet managers can also replace the SIM cards for each charger. For reference, the charger’s network software is generally contained on a tiny SIM card inside the device, like how mobile phones are setup. By removing the SIM card and replacing it with the manufacturer’s original SIM card (designed for nonnetworked operation), many networked or smart chargers can be quickly put back into service as “dumb chargers.” This disables networked charging benefits such as load management, access control, or data collection but allows charging and fleet operations to continue in the interim. However, this is not always practical, and fleet must ask their charging station vendors to help develop this contingency plan before attempting on their own. Technicians should be trained and shown which chargers to not perform this repair on during an outrage (i.e., because of limited circuit capacity). Lastly fleets should check with their vendors to determine if there are any warranty issues for making these repairs in-house.

Action Items:

  1. Check with your EV network providers to see if equipment will provide a SIM card for non-networked charging.
  2. If so, ask the EV network provider to provide a contingency plan and training for fleet staff on how to replace SIM cards from select chargers during the event of a cyberattack.
  3. Work with your EV network providers to create a written plan that notes which chargers cannot or should not have their SIM cards removed (i.e., because of limited circuit capacity).

Solution 3:

Fuel Island Controllers such as the kind used for gasoline and diesel were designed years ago for environments with terrible cellular coverage, questionable cable connections, and overall decrepit fleet facilities. They are resilient to charging station network outages as well. Every day, their firmware is updated with a list of fleet users that can fuel. Even if the Controller’s connection to the cloud is completely severed, it will simply refer to its most recently updated list of authorized users and continue to dispense fuel and charge vehicles regardless.

Action Item:

1.           Install Fuel Island Controllers and chargers where appropriate such as at fleet depots.

Probability of a Problem

For a 100% EV fleet, or even a fleet approaching a third or more EV, the prospect of not being able to charge is stomach-turning. It is worse than a pipeline shutdown. When a pipeline is shut down, gasoline continues to be delivered for some time after. Fleets have days of advance notice to prepare. An EV charging network outage, however, could happen during or in between shifts and without any warning.

Yet this has not happened to date, and there is room for dispute on how likely it is to happen. By the same token, there are other issues today that are pressing and much easier to focus on. Fortunately, relative to the risk, which is significant, the resiliency strategies recommended here are comparatively easy to implement. Most fleets are already deploying multiple networks, and this resiliency concern should reinforce that approach and give it greater purpose.

About the Author: Michael Terreri is the EV product manager at AssetWorks.