Charging stations not only serve as interfaces between the electric vehicles and the power supply, but are also interconnected via a backend. This close connection to the energy supply and, consequently, to the critical infrastructure makes the charging infrastructure itself a vulnerable key component. As a result, the charging infrastructure is increasingly viewed as a potential point of attack, but this is rarely given sufficient consideration in any security concept. Against this background, cybersecurity is a crucial factor for charging stations and should therefore be given high priority. Find out here what steps Juice takes to prevent cyberattacks.

1. Cyberattacks: a real and often underestimated threat
2. Why is this relevant to the charging infrastructure?
3. What can charging station manufacturers do about this?
4. Conclusion

1. Cyberattacks: a real and often underestimated threat

A study conducted by the digital association Bitkom (representative survey of more than 1000 companies across all sectors) has revealed that 84 percent of the German companies surveyed were the victim of various types of cybercrime in 2021, including data theft, espionage or sabotage. In the record year of 2021, the total damage attributable to cybercrime is estimated at 223 billion euro – more than double the 103 billion euro recorded in 2018/2019. Moreover, the perpetrators are becoming increasingly professional.

2. Why is this relevant to the charging infrastructure?

E-mobility has become a driver for the digitalisation of motorised individual transport. Yet the wide variety of potential dangers presented by insufficient software security are often underestimated by young companies or businesses, which have previously attributed little importance to software. The increasing interoperability between vehicles, charging stations, energy management systems and network operators harbours a growing risk of outages since disruptions to electronic systems can spread across individual subsystems. Wherever there is connectivity, there is also a potential vulnerability to hacker attacks. In other words, the charging infrastructure can serve as a potential entry point for cybercriminals – with serious consequences for the operators.

Risks associated with charging infrastructures

1. Data theft
2. Power theft
3. Load management manipulation
4. Spying on charging behaviour with subsequent break-ins

These can range from the theft of customer data and power theft – e.g. through unauthorised activation of the charging station to charge vehicles at the expense of the station owner – to hacking of the load management system – e.g. to cause all operational charging stations to draw maximum power at the same time, thereby overloading the connection line in order to trigger a power outage. This is possible because a smart, configurable load management system is connected to a backend via the internet.
The attack can thus take place via the internet or by means of a “man-in-the-middle” scenario: When the charging stations communicate with each other via Wi-Fi, the attacker can intercept the signal and pass it on in falsified form. The altered signal can, for example, trigger the charging stations to always switch off after five minutes of charging, set all stations to maximum output or have all stations switch on and off alternately. This overloads the supply line and trips the fuse. In this way, not just individual homes but also entire districts, industrial plants, cities and countries can be threatened, extorted and incapacitated – particularly once comprehensive or even nationwide load management is in place.
However, the threat to the private sector is no less significant. Criminal gangs can use the load management system to monitor the charging behaviour of users and thereby establish patterns. Any deviations from these patterns can then signal an opportunity for break-ins. For example, if a charging station is not drawing current at the usual times, this could indicate that the occupants are on holiday and the home is therefore unguarded.

3. What can charging station manufacturers do about this?

“Security by design”

Prevention is the simplest way to mitigate the risk of cyberattacks. Is it therefore essential that manufacturers adopt a security-oriented approach. For the charging infrastructure, this means that the security aspects must already be firmly established in the design and development phase. To ensure a comprehensive security structure, this “security by design” begins with the procurement of the hardware components and extends throughout the entire software design process, including all relevant communication processes. After all, wherever there is connectivity, there is also a risk of a security gap. Since many software vulnerabilities arise in the development phase, it is crucial that software security is integrated into the design process from the outset – something which Juice describes as a “software first” approach. The application of generally recognised coding standards, use of code analysis tools and regular code reviews help to minimise the associated risks. Best practices contribute to more effective quality assurance.
At a corporate level, attacks can be effectively prevented through technical precautions, continuous monitoring and targeted employee training. Up-to-date backups and a well-thought-out contingency plan will greatly minimize the damage caused by a successful cyberattack. ISO 27001 certification can be considered as proof of competence in cyber defence and as a clear signal of a company’s commitment to information security and data protection – a measure that Juice has already implemented successfully.

E-mobility security – an integrated concept

At Juice, we view the security of electromobility as an integrated concept, which includes not only mechanical security but also application and data security. As an automotive supplier, we are of the firm conviction that charging stations must satisfy the highest standards of the automotive industry.
Our engineering team utilises proprietary chipsets as well as encrypted communication systems and continuously tests the robustness of our cybersecurity both internally and in close cooperation with independent software engineers. Juice charging stations are among the first to be certified according to ISO 15118. This ensures a secure data connection between the infrastructure and vehicles and protects against unauthorised access by third parties.

ISO 21434

As a manufacturing company, Juice is also certified according to ISO/SAE 21434 “Road vehicles – Cybersecurity engineering”, thus demonstrating our effective risk management during product development. This standard covers all the phases in a vehicle’s life cycle, from development to decommissioning, and requires the application of cybersecurity measures to all electronic systems, components, software and external connections.
Although the standard does not technically cover the infrastructure outside the vehicle, the charging infrastructure does represent an integral part of the electric vehicle ecosystem. Consequently, the security of charging procedures and the associated communication systems is directly affected by ISO/SAE 21434. We have recognised this fact and therefore ensure that the Juice charging infrastructure meets the highest security standards. This commitment offers greater reliability and added security for product developers, OEMs and their suppliers.
We are an OEM supplier and manufacture in automotive-certified plants. Since ISO 21434 “Cybersecurity engineering” also covers cybersecurity management across the entire supply chain, the certification was an important step for Juice to take. The main thing, however, is to promote a corporate culture that places cybersecurity at the centre of each and every project from the very beginning.

4. Conclusion

The world is becoming ever more connected, and this also applies to the transport sector. In the world of e-mobility, charging stations play a crucial role as node points in a network that connects vehicles, (smart) home systems and energy suppliers in an intelligent fashion. Software is the key to this interconnection since it controls the connectivity, security and future viability of the entire system.
As a result, effective protection against cyberattacks requires a holistic understanding of electromobility as an integrated, networked system. After all, highly critical infrastructures such as transport and energy require particular protection, an essential aspect of which is cybersecurity. This gives rise to the development and product philosophy employed by Juice Technology, specifically the concepts of “software first” and “security by design”. By placing cybersecurity at the heart of their corporate strategy, companies such as Juice can help to safeguard the ongoing security and stability of electromobility.

Related topics

• https://juice.world/e-mobility-security/ (ISO/SAE 21434)
• https://juice.world/e-mobility-security-juice-erhaelt-internationale-zertifizierung-fuer-cybersicherheit/ (ISO 27001)
• https://juice.world/e-mobility-security-sicherheit-braucht-aufmerksamkeit/ (JWCD 2021)

External sources

• https://www.businessinsider.de/gruenderszene/sponsored-post/sophos-cybersecurity/cybersecurity-in-unternehmen-sophos/?utm_campaign=copy&utm_medium=onsite_button&utm_source=social&tpcc=offsite_bigs_sharing_free_copy
• https://www.bitkom.org/Presse/Presseinformation/Wirtschaftsschutz-2022