find-partner-btn-inner

EV fleet transition sees increased cyber risk

When considering the transition to EVs, fleet managers and decision makers need to place more emphasis on cyber security considerations.

Energy Transition

The UK’s ten point plan for a green industrial revolution[1] seeks to accelerate the shift to zero emission vehicles. Sales of new petrol and diesel cars and vans will be banned by 2030, with sales of new diesel lorries banned from 2040 and smaller models removed from sale by 2035.

Challenges for fleet managers

This phased ban on internal combustion engine (ICE) vehicles is having a seismic impact on the motor market, influencing which vehicles are bought and how they are operated and managed, bringing with it a range of new challenges for fleet managers and operators.

These challenges depend on a wide range of issues, depending on the type of vehicle (car, van etc.) and location, but typically include things such as:

  • Cost – EVs typically cost more to buy than their ICE equivalents, although the run cost can be significantly less,
  • Range – depending on the use case, limited driving range coupled with issues with the charging infrastructure nationwide can cause issues for high-mileage drivers,
  • Charging – different solutions will be needed depending on regular charging location e.g. workplace, depot, on-street and home charging,
  • Skills gap – currently, there is a shortage of specialist EV mechanics in the UK, and
  • Lead times – EV delivery times have been lengthened (in some cases up to a year) due to chip shortages, supply chain and geopolitical issues.

Growing cyber threat

The BBC reported[2] last year that security flaws in home chargers supplied by Wallbox and Project EV meant hackers were able to exploit weakness in order to gain control of the charger as well as access to the user’s home Wi-Fi network. In another incident, the BBC reported[3] that a local council’s charge points were hacked to display a pornographic website on their screens. And following Russia’s invasion of Ukraine, it was reported[4] that cyber-attacks against EV charging stations in Russia resulted in charging stations disabled and made to display anti-Putin messages.

Specifying security requirements

Consequently, developing and implementing a fleet electrification strategy requires careful planning, including when issuing RFPs/ITTs to the market. A key area which should not be overlooked is the cyber risk which may exist due to vulnerabilities at various levels including connected EVs, charging infrastructure (hardware, software etc.), and charge point operators’ back offices and systems which handle payments and data exchange. For example, as a minimum, charge points should be confirmed as meeting the cyber security requirements set out in the new BSI standards for energy smart appliances (PAS 1878 and PAS 1879 specifications[5]) and charge point operators should be able to show compliance with UK GDPR and other relevant regulations and standards such as ISO15118 - Road Vehicles – Vehicle to grid communication interface.

If you would like to discuss your fleet electrification strategy or any related matter, please contact the author or any other member of Fladgate’s Green Energy Group.

[1] The ten point plan for a green industrial revolution - GOV.UK (www.gov.uk)

[2] Home car charger owners urged to install updates - BBC News

[3] Isle of Wight: Council's electric vehicle chargers hacked to show porn site - BBC News

[4] Hacked electric car charging stations in Russia display 'Putin is a d*ckhead' and 'glory to Ukraine' - Electrek

[5] New standards for energy smart appliances (techuk.org)

Featured Lawyers

Featured Insights