Is Africa's EV infrastructure prepared for cyber threats?

From the newsletter

South Africa is witnessing a growing number of electric vehicles and charging infrastructure. However, experts warn that this rapid growth could leave charging networks vulnerable to cyberattacks due to overlooked cybersecurity measures. As internet-connected technology, charging stations require robust security protocols.

• Earlier this month, Zero Carbon Charge, a company focused on providing off-grid charging solutions, announced plans to construct 120 off-grid charging stations across South Africa. 

• Other companies like Rubicon and GridCars have also been expanding their networks. By September 2024, GridCars had 171 charging stations, while Rubicon had over 83, with plans to build 179 more by February 2025.

More details

• South Africa has been at the forefront in formulating policies to attract EV investments, but even its most advanced white paper failed to address cybersecurity. William Petherbridge, a systems engineering manager at Fortinet, warns that the rapid growth of the EV market could lead to businesses prioritising speed over security. As companies race to establish themselves in the EV charging sector, they risk neglecting cybersecurity measures.

• This is a serious concern because EV charging infrastructure relies heavily on internet connectivity and software, making it vulnerable to cyberattacks. Hackers could disrupt charging operations, manipulate pricing, steal personal data and credit card information, or even take control of charging stations and the vehicles connected to them.

• To combat these threats, experts recommend a multi-layered security approach that protects charging points, operating systems, and networks. This includes implementing segmentation features to prevent attackers’ lateral movement within the system. Collaborating with reputable operational technology security vendors is also crucial for mitigating risks across the entire EV charging environment.

• Kenya is attempting to create cybersecurity regulations through electric vehicle charging and battery-swapping infrastructure guidelines. These guidelines state that Public Charging Station (PCS) and Battery Swapping Station (BSS) operators must implement physical and cybersecurity strategies in line with their EV infrastructure deployment plans. This will ensure that station operations protect consumer data and prevent harm to, or disruption of, the charging/swapping infrastructure and the electricity grid.

• Companies like Spiro are implementing cybersecurity measures to protect their charging networks and electric motorcycles. Last month, they held an awareness campaign in Togo, Nigeria, Kenya, Uganda, and Rwanda.

Our take

• It's still early to worry, but the right time to embed cybersecurity measures is now, as Africa grows its network of charging infrastructure. The "build first, then secure" approach won't work for EV charging networks due to their complexity and the vast number of interconnected components.

• Strong policies and regulations are essential for managing these risks. Unfortunately, no African country currently has adequate cybersecurity measures in place for EV infrastructure. They need to act quickly to establish these safeguards and avoid potential threats.