Charging stations are not only interfaces between electric vehicles and the power supply, but are also interconnected via a backend. The close connection to the energy supply and thus to the critical infrastructure makes charging infrastructure itself a vulnerable key component. As a result, charging infrastructure is increasingly viewed as a potential point of attack, but is rarely taken into account in a security concept. Against this background, cybersecurity is a crucial factor in charging stations and should therefore be given high priority. Find out how Juice prevents cyber attacks here.
- Threat of cyber attacks: a real, often underestimated danger
- Why is this relevant for charging infrastructure?
- What can you do about this as a charging station manufacturer?
- Conclusion
1. Threat of cyber attacks: a real, often underestimated danger
A study by the digital association Bitkom (representative survey of more than 1,000 companies across all industries) found that 84 percent of the German companies surveyed fell victim to various types of cyber attacks in 2021, including data theft, espionage or sabotage. The total damage in the record year of 2021 is estimated at 223 billion euros - more than twice as much as in 2018/2019 with 103 billion euros. In addition, the attackers are becoming more and more professional.
2. Why is this relevant for charging infrastructure?
E-mobility has become a driver for the digitalization of private motorized transport. However, the diverse sources of danger posed by inadequate software security are often underestimated by young companies or businesses that have previously had little focus on software. The increasing interoperability between cars, charging stations, energy management systems and network operators brings with it a growing risk of failures, as faults in electronic systems can spread beyond individual subsystems. Wherever there is connectivity, there is also a potential vulnerability to hacker attacks. In other words, the charging infrastructure can potentially serve as a gateway for cyber criminals - with serious consequences for the operators.
Risks associated with charging infrastructure
- data theft
- electricity theft
- Manipulation of load management
- Spying on charging behavior and then breaking into the building
They range from theft of customer data to electricity theft, for example by unlocking the charging station without authorization in order to charge vehicles at the expense of the charging station owner, to hacking the load management system in order to draw maximum power from all charging stations in operation at the same time, thereby overloading the connection line and causing a power outage. This is possible because intelligent, controllable load management is connected to a backend via the Internet.
The hack can therefore either be carried out via the Internet or as a "man in the middle" scenario: If the charging stations communicate with each other via WLAN, the attacker can intercept the signal and pass it on in a distorted form. The modified signal can, for example, always switch off the charging stations after five minutes of charging, or ramp up all charging stations to maximum, or ramp up and shut down alternately. This overloads the supply line and triggers the fuse. In this way, as soon as there is comprehensive load management, not only individual houses but also entire districts, industrial plants, cities and countries can be threatened, blackmailed and put out of action.
But the danger for private areas should not be underestimated either. Gangs of burglars could also use the load management system to monitor users' charging behavior, derive behavioral patterns from this and - as soon as they notice deviations - strike. In plain language: If a charging station does not draw power at the usual times, one could conclude that the residents are on vacation and are using the opportunity to break in.
3. What can you do about this as a charging station manufacturer?
"Security by design"
Prevention is the easiest way to reduce cyber risks. That's why a security-first mindset is fundamental. For charging infrastructure, this means that security must be firmly anchored in the design and development phase. To ensure a comprehensive security structure, this "security by design" approach begins with the procurement of hardware components and continues throughout the entire software design process, including all communication processes. Because wherever there is connectivity, there is also the risk of a security gap. Since many software vulnerabilities arise during the development phase, it is important to integrate software security into the design process right from the start, which Juice calls the "software first" approach. Applying generally accepted coding standards, using code analysis tools and regular code reviews help reduce risks. Best practices contribute to more effective quality assurance.
At the company level, attacks can be effectively fended off through technical precautions, continuous monitoring and targeted employee training. Up-to-date backups and a well-thought-out emergency plan help to significantly minimize the damage caused by a successful cyber attack. Certification according to ISO 27001 can be considered as proof of competence in cyber defense and as an external signal of commitment to information security and data protection - a measure that Juice has already successfully implemented.
E-Mobility Security – an overall concept
At Juice, we view e-mobility safety as a comprehensive concept that includes not only mechanical safety, but also application safety and data security. As a supplier to automotive manufacturers, we firmly believe that charging stations must meet the highest standards of the automotive industry.
Our engineering team uses proprietary chipsets and encrypted communication systems and continuously tests cybersecurity robustness both internally and in close cooperation with independent software engineers. Juice charging stations are among the first to meet the ISO 15118 standard. This ensures a secure data connection between infrastructure and vehicle and protects against unauthorized access from outside.
ISO 21434
In addition, Juice is certified as a manufacturing company according to ISO/SAE 21434 "Road vehicles - Cybersecurity engineering" and thus has proof of risk management in product development. This standard covers all phases in the life cycle of a vehicle, from development to decommissioning, and requires the application of cybersecurity measures to all electronic systems, components, software and external connections.
Although the standard does not technically cover infrastructure outside the vehicle, charging infrastructure is an integral part of the electric vehicle ecosystem. Consequently, the safety of charging processes and the associated communication systems is directly affected by ISO/SAE 21434. We have recognized this connection and ensure that Juice charging infrastructure meets the highest safety standards. This commitment offers product developers, original equipment manufacturers (OEMs) and their suppliers greater security.
We are an OEM supplier and manufacture in automotive-certified plants. Because ISO 21434 Cybersecurity Engineering also covers cybersecurity management throughout the supply chain, certification is a useful addition for Juice. But the most important thing is to promote a corporate culture that puts cybersecurity at the heart of every project right from the start.
4. Conclusion
The world is becoming more and more interconnected, including in the transport sector. In e-mobility, charging stations play a crucial role as nodes in a network that intelligently connects vehicles, household systems and energy suppliers. The software is the key to this interconnection, because the connectivity, security and future viability of the entire system depend on it.
Accordingly, effective protection against cyber attacks requires a holistic understanding of electromobility as an interconnected overall system. After all, critical infrastructures such as transport and energy require special protection, with cybersecurity playing a crucial role. This is the basis for the development and product philosophy pursued by Juice Technology: "Software first" and "Security by design". By making cybersecurity the focus of their strategy, companies like Juice can help ensure the safety and stability of electromobility.
related topics
- https://juice.world/blogs/news-hub/e-mobility-security-juice-erhalt-iso-certification-fur-cybersicherheit-von-ladestationen (ISO/SAE 21434)
- https://juice.world/blogs/news-hub/e-mobility-security-juice-erhalt-internationale-zertierung-fur-cybersicherheit (ISO 27001)
- https://juice.world/blogs/news-hub/e-mobility-security-security-need-attention (JWCD 2021)
