'NEVI Plan': Prioritizing Cybersecurity for EV Charging Infrastructure
Successful rollout and widespread use of EVs relies on coordination among a variety of stakeholders extending beyond vehicle OEMs to charging site operators and local utilities. As demand for infrastructure to support reliable, accessible public EV charging increases, programs like the Biden Administration’s National Electric Vehicle Infrastructure (NEVI) formula plan, will be vital. The NEVI plan supports the creation of a national EV charging corridor with the goal of putting the U.S. on a path to have 500,000 EV charging stations by 2030.
This program comes from the U.S. Department of Transportation’s (DOT) Federal Highway Administration (FHWA) and will provide funding to states to create EV charging stations and to establish an interconnected network to facilitate data collection, access, and reliability. To be considered for the program, the stations must be non-proprietary, allow for open-access payment methods, be publicly available to authorized commercial motor vehicle operators from more than one company, and be located along designated FHWA Alternative Fuel Corridors.
Maintaining Grid Health & Monitoring for Charging Site Cybersecurity
While this program is designed to help meet the growing demand of EV charging, local utilities must be prepared to keep up with grid integrity and services. As more drivers rely on gas stations, convenience stores and service stations that install public chargers using NEVI funding — these entities rely on electric utilities for timely service and upgrades. With utilities focused on grid health as a result of the uptick in EV charging demand, there are additional parameters to be aware of, including cyberattacks. This is a complex challenge that will require public and private efforts to solve but one that must be urgently addressed. The Bipartisan Infrastructure Law, which supported the launch of the NEVI program, also introduces obligatory cybersecurity implementation and guidance that must be included in all NEVI site proposals. Specifically, a site applying for NEVI funding must ensure that the station or vehicle is not compromised by rogue actors.
EV charging infrastructure could enable hackers to disrupt or disconnect a single charging station, or possibly all charging stations connected to a network. So, what role do electric utilities play in advancing the NEVI mission and its cybersecurity measures? They can lessen the burden for service upgrades and ensure safe, reliable service that is also free from the dangers of cybersecurity as there are various threats posed on the U.S utility infrastructure. There are solutions to filling in these gaps in the infrastructure, and it’s vital for the industry to take cybersecurity considerations in high-regard throughout the deployment and operations process.
As more NEVI sites are identified and receive funding, cybersecurity programs can offer scalable solutions for detecting, preventing and mitigating cyber attacks and vulnerabilities that cyber attackers could exploit at these locations. Cybersecurity companies are actively providing holistic solutions for monitoring and managing the security of EV charging stations and other distributed energy resources (DERs). Integrating these platforms into charging sites will provide operators with an increased chance of funding through the NEVI program, and supply sites with the tools they need to prevent data and energy theft, manipulations, hardware damage and grid impact - a win for local utilities, site operators and customers. The ability to monitor and flag attacks in real-time will also provide operators with a thorough analysis of suspicious behaviors while also adding a layer of security to stop hackers in their tracks.
By utilizing third-party cybersecurity platforms, site operators receive comprehensive protection across all charging stations, including NEVI site, energy storage solutions, energy management systems, as well as overall customer data security.
Ramping Up Cybersecurity Protocols
While all OEMs have stringent cybersecurity standards, specifically to ensure their vehicles electronics aren’t compromised, there is a lack of existing frameworks to protect charging stations and DERs at a NEVI site. As the NEVI corridor becomes an important piece of U.S. infrastructure it will be vital to ensure the network of national charging stations is secured as well. It will also behoove local utilities to support and in many cases lead the cybersecurity effort, given the potential impact to their large service territories. As this industry continues to expand,, the government is working to bring a reliable network of charging stations for more Americans to access EV equipment.
The Biden Administration has acknowledged its plans to improve cybersecurity across the country’s critical infrastructure by working closely with key sectors including transportation, banking, water and healthcare to help stakeholders better understand cyber threats and push site’s to adopt security standards as most of the infrastructure is privately owned and operated. As more Americans transition to EVs, the threat of hackers will only grow stronger. Let’s not wait until a major event forces system-wide outages to work together to address this growing problem, as ensuring the reliability and resiliency of EV charging sites is a common goal for all of us.
Ron Tiberg-Shachar has served in several elite tech units in the Israel Defense Forces (Mamram, Cyber Defense Division, IMoD’s MAFAT), worked with Israel’s Former Cabinet Secretary and MP, Zvi Hauser, and Served as a senior executive at the Cortica and Autobrains Group (AI-based companies), before founding, with his partners, SaiFlow, a cybersecurity startup focusing on protecting the EV charging networks and sites.