There has been considerable debate over the viability of New York's recent announcement that it will join the list of states that have banned the sale of light-duty internal combustion engine vehicles starting in 2035.
Achieving this ambitious goal will require significant infrastructure investments. The electric grid must be able meet the increased demand while transitioning away from fossil fuels, and the network of changing stations must quickly expand – an effort that is already years behind schedule.
There's a third critical element inherent to ensuring the switch to electric vehicles is both successful and safe, and it is too often overlooked: Protecting against the threat of cyberattacks.
Though the U.S. is moving to shore up domestic production, allocating $2 billion in the recently approved Chips and Science Act for legacy chips used in automobiles and defense systems, the vast majority of critical components used for EVs, chargers and batteries are currently manufactured in China. This leaves open the possibility for manufacturers with malicious intent to create entry points for the collection of sensitive data.
The heart of any EV infrastructure will be a network of charging stations. Nationwide, the Inflation Reduction Act provides $7.5 billion to install 500,000 stations by 2030. These stations are connected to a central control unit —known as "the backend" — that communicates over wireless network SIM cards. This allows chargers to collect and transmit payment and location data that might include email addresses and IP numbers — a considerable benefit for drivers, but also an opportunity for bad actors.
Hackers could steal financial data from the networks serving EV customers or hold emergency responders, school buses or utility providers' vehicles hostage in ransomware attacks. We have already seen school districts, libraries and municipal governments paralyzed by these sorts of attacks.
More connected vehicles could increase risk to the electric grid. The grid of the future will not only affect our lights and heating at home, but also the ability to move emergency vehicles, transit systems and more.
Someone bent on wreaking havoc could disrupt individual vehicles or fleets. Years ago, a team of white hat hackers demonstrated that they could take over the controls and shut down a 2015 Jeep Cherokee speeding down the highway. That team was helping the industry identify vulnerabilities, but the real-world nightmares are easy to imagine.
Drivers are already accustomed to the benefits of connected car technology. Over-the-air software updates can add or improve car features overnight. Real-time traffic updates calculate the fastest or most energy efficient routes, plotting charging stops along the way if needed — often with data showing how many other vehicles are using a charging station and how many spots are free.
All of this requires a real-time connection to the internet. Each of these vehicles represents a point of vulnerability, and the flood of EVs expected to hit our streets in the coming decade will make this challenge infinitely worse.
Modern vehicles have more than 100 independently developed software and hardware components — each with their own manufactured and supply chain. The "Internet of Things" is giving way to the "Internet of Car Parts," leaving our cars vulnerable to hacks.
Governments invest billions in protecting critical infrastructure from cyber threats. The EV infrastructure should be no different. We need common cyber security criteria and stronger rules managing the complex automotive supply chain.
Like it or not: the EV conversion is happening. Electric vehicles accounted for more than 7% of new car sales in July, about 62% higher than last summer. Experts predict the number of EVs on the road will expand to 125 million worldwide by 2030. In the U.S. alone, President Biden has set a goal of 50 percent EV sales by that same year.
This shift includes all types of vehicles. New York is working to make its fleet of 50,000 school buses 100% electric by 2035. The Metropolitan Transit Authority is committed to deploying a zero-emissions bus fleet by 2040. Even street sweepers and fire trucks are going electric. While this transformation is under way, we need to take a step back and look at the system as a whole to ensure we aren't creating vulnerabilities that will be difficult to address down the road.
Russell Davies is Senior Program Director for Electrification and Alternate Fuels at Parsons. Juan Espinosa is a principal project manager leading major cybersecurity initiatives for Parsons.
Russell Davies and Juan Espinosa