The NMFTA releases new information on electric truck cybersecurity
JUN 15, 2018
BY: SHARON REYNOLDS CHIEF INFORMATION SECURITY OFFICER
The National Motor Freight Traffic Association (NMFTA) educates its members on topics that are important in the ever-changing motor freight industry. The mission of the NMFTA is to “promote, advance, and improve the welfare and interests of the motor carrier industry and the motor carriers operating in commerce, both domestically and/or internationally.” As data breaches and cyber-attacks are on the rise, the NMFTA has released new, publicly-available information to help its members avoid risk.
The transportation industry has seen great change, including the introduction of technologies like connected, automated, and electric vehicles. With these new technologies and infrastructure changes come new sets of risks.
The NMFTA recently updated their heavy vehicle cybersecurity program website to give its members information about their program and electric vehicle cybersecurity. The organization recently posted a 263-page paper, “Medium and Heavy Duty Electric Vehicle and Charging Infrastructure Cyber Security,” that describes key cybersecurity issues associated with the electrification of heavy vehicles and provides recommendations.
Because there is so much activity around electric vehicles (with multiple groups and stakeholders working at once) and a high projected growth in electric trucks on the road, the NMFTA considers it important to establish a single group to address cybersecurity issues.
Because medium- and heavy-duty electric vehicles connect to electric vehicle supply equipment (EVSE) — which connects to building energy management systems, utility grids, telecommunications networks, and billing systems — they can pose serious cybersecurity challenges when charging. The paper outlines several examples such as charging stations spoofed into giving free services, privacy issues when linking into Smart Grid, intentional overcharging or discharging of batteries, and onboard malware.
The NMFTA references several NIST standards that could help groups improve cybersecurity, stating that there is a lack of medium- and heavy-duty electric vehicle cybersecurity best practices and controlling body.
The NMFTA recommends several projects that will address these challenges. The proposed projects will:
Create a risk assessment regarding Extreme Fast Charging (xFC) units
Test and implement secure electric vehicle supply equipment (EVSE) over-the-air firmware updates
Develop a medium-duty and heavy-duty charging station intrusion detection system
Research cybersecurity mitigations of current and near-term medium- and heavy-duty chargers and develop best practices
Create an incident response plan for medium- and heavy-duty electric vehicles
Develop a cybersecurity design best practices for wireless charging systems
According to Navigant Research, electric trucks are expected to grow from 40,000 worldwide this year to 371,000 by 2027. Considering that number with what we know about the potential cybersecurity risks of electric vehicles, there is a need for the industry to join together and create solutions. The NMFTA’s actions to educate the industry are important steps in the process. To read this important new paper, as well as “A Survey of Heavy Vehicle Cyber Security,” visit www.nmfta.org/pages/HVCS.