Steve McEvoy, Expleo , discusses the current cybersecurity threats the EV market is facing and what more the industry could be doing.

Global engineering, consulting, and technology company, Expleo provides the automotive industry with knowledge and innovation across the sector. The company offers solutions in digitalisation, autonomous driving, and e-mobility to assist with the future of automotive engineering.

With the risk of cybersecurity becoming an increasingly prominent issue within the automotive industry – particularly when looking at EVs – the company has been looking into this issue. 

We spoke to Steve McEvoy, vice president, automotive, Expleo, to find out more about the cybersecurity risks faced by EVs and what more the industry should be doing to combat these threats.

Steve McEvoy

Just Auto (JA): Could you provide some background on the company and your role?

Steve McEvoy (SM): I joined Expleo in 2016, my professional qualifications in engineering, sales and marketing helped me in my role of business development director before taking on the full operational responsibility as the business unit director for automotive and transportation. I’m now vice president of automotive for the company, leading the business to offer end-to-end engineering and quality solutions to benefit manufacturers.

At Expleo, we work to drive the future of the automotive sector. We provide a range of services including developing operating systems, battery and hydrogen solutions, connecting the automotive ecosystem to IT-ecosystems, and more.

At present what are the current prominent cybersecurity risks the automotive industry is facing?

The concept of cybersecurity in the automotive sector is still relatively new and developed rapidly off the back of the acceleration in digital transformation across the industry.

Many industries have witnessed exponential growth in security threats over the last few years – but it’s particularly important for automotive and even more so as we head towards full autonomous driving.

There is a very real increasing threat of cyber attackers aiming to breach the network these systems run on, which could lead to serious safety issues for drivers and passengers.

As connectivity and information sharing are part of autonomous driving, many of the risks revolve around data theft and the safety of the connection being compromised as a result. The consequences of vehicle failure or a cyber-attack could be critical, so it is important for the industry to be confident when handling security constraints.

Although some of the automotive industry have been slow to recognise these threats there are new Automotive Cyber Regulations UNECE WP.29 that have been adopted by the EU and will be mandatory for all new vehicles in the EU from July 2022. The standard will also become regulation in South Korea and Japan as the UN push for automotive cyber security standards to be as non-negotiable as traditional safety standards.

Are newer cars and EVs more at risk?

With new cars and electric vehicles being more connected and automated than ever before, they are also at higher risk of cybersecurity attacks.

EV vehicles do not need to be inherently more at risk than a modern ICE vehicle – it is just that an EV vehicle to maximise its performance will naturally be using the most modern electrical architecture including all manner of connectivity which by its nature can create a greater level of risk. 

My concern is that many cybersecurity measures and protocols can easily be overlooked as the complexity of the EV electrical architecture continues to increase and manufacturers try to keep up with the demand.

The supply chain is also vulnerable and as more materials and technology are sourced from overseas; there will be new opportunities for cyber-attackers to collect sensitive data and use backdoor entry points within this ecosystem to hack automotive manufacturers.

When looking at EVs specifically what are the biggest risks posed by cybersecurity hacking?

The EV infrastructure is as vulnerable to cyber-attacks as any other connected device and because of this, one of the biggest risks from EVs are the charging stations themselves.

Charging points and system operators need to take particular care to implement safety measures and security protocols to ensure users can experience safe and secure charging. They must ensure that security is strengthened on the software installed in the station and that firmware is consistently updated.

Without knowing what the network has been exposed to, connecting a device to the station can be risky. Like any device, the charge point communicates through the access points when it is connected. To make sure that cyber attackers don’t interfere with this connection, charge point operators should use encrypted communication functions.

What more do you think manufacturers should be doing to address this issue?

To avoid surprises down the line, manufacturers also need to be responsible for addressing cybersecurity at the design and development stages – to build more secure systems.

Working with cyber analysts at design stage will enable the analyst to run checks and recommend changes or improvements to manufacturers, such as retrofit enhancements. Approaching these risks earlier on in the process will save manufacturers valuable time and money while offering drivers greater protection.

What do you think the future holds for this issue?

Cybersecurity is a major road bump in the industry’s future, but keeping passengers and the public safe should be the number one priority for automotive manufacturers – and cyber now plays a part in that. There are a vast number of interfaces and interactions that still need to be tested on their cybersecurity capabilities, which adds a significant technical complexity to the development process.

Automotive companies can close the gap by working with third-party experts to help ensure quality control and safe design in the build stages. These consultants can help organisations innovate and make best use of emerging technologies, while considering cybersecurity as part of the end-to-end approach of autonomous control systems: from the design stage to real-life testing.

Big automotive firms also need to work together to advance technology and collaborate to achieve innovation, helping to bolster cybersecurity across the industry. By pooling its knowledge, the industry can create more effective and cyber secure products – while adopting a customer-centric approach.