Why is cybersecurity a major issue for corporate charging points?
The charging stations The latest generation of "intelligent" charging stations give you real-time access to a wealth of valuable information: electricity consumption, next maintenance date, access management, recharging time, and so on. Thanks to these advanced communication capabilities, managing and controlling your recharging infrastructure is simplified. But the data you access travels to your PC via external networks, usually the Internet. It is precisely this connection that exposes your business to security breaches.
Far from being an epiphenomenon, cyber attacks have exploded in recent years. L'ANSSI (Agence nationale de la sécurité des systèmes d'information) reports that 4,386 safety events in 2024. This trend is accelerating with the use of AI, making attacks increasingly sophisticated.
While CIOs are right to focus their efforts on the architecture of their company's IT system, there are other points of vulnerability.
According to the Zscaler platform, cyber attacks targeting IoTs (Internet of Objects) have increased by 400 % in 2023.
This means that all connected equipment linked to terminals or to a company's cloud is liable to be hacked or corrupted. Your charging points, especially when linked to monitoring software, can therefore become a target for hackers.
What are the most common IT risks associated with corporate charging stations?
The safety risks associated with charging stations on company premises depends on the type of equipment installed, the extent of the network and, above all, the usage (strictly private or open use, charging, etc.). Here are the main threats you need to anticipate:
Interception and theft of sensitive data
The charging stations are required to collect, process and transmit a large amount of sensitive information. This may include personal data This data includes information about users, payment information if a charge is made for recharging, as well as more subtle information, such as employee attendance times. If this data is compromised, the consequences could be far-reaching, particularly given the regulatory context of the RGPD (General Data Protection Regulation), which requires companies to protect the confidentiality of the data of their employees, suppliers and customers, and to report any leakage of personal information without delay.
Hijacking the operation of terminals
Insofar as they communicate with your company's servers or a third-party application, your charging points can serve as a gateway for hackers wishing to break into your information system. The modus operandi can vary from firmware modification to discreetly hijack the terminal's initial functions by installing a malicious program for the purposes of espionage or ransomware.
Denial of service attacks
The denial of service attacks (DDoS) attacks involve deliberately overloading a service to make it unavailable or unusable. In the case of recharging infrastructures, this type of attack can prevent user authentication, block payments or disable supervision tools. In the worst-case scenarios, massive activations/deactivations lead to the total destabilisation of the network.
Billing fraud
If you have joined a billing system to monetise the charging of your employees or visitors, you need to be vigilant. Whatever payment system you choose (authentication by badge, QR codes or integration of a banking application), charging stations are particularly vulnerable to man-in-the-middle attacks. Payment information can be collected and then misappropriated through phishing. Users are redirected to fake pages or QR codes and enter their bank details, unaware that they are in fact disclosing them to crooks.
How can you ensure effective maintenance of your company's recharging points?
Like IT maintenance, which corrects vulnerabilities before they can be exploited by cybercriminals, the maintenance of recharging points is an essential step in limiting security risks.
Reactive and predictive maintenance
In practical terms, maintenance is like a "medical check-up" for your terminals. It starts with a visual inspection to identify any cracks, corrosion or damage to the connectors. Then come the functional tests: simulating a charging session ensures that everything is working properly and that safety has not been compromised. A thorough dusting of the internal components may be necessary to avoid any mechanical malfunctions. Monitoring software should also be regularly updated to correct potential security flaws and ensure optimum performance. Ideally, every intervention is recorded in a maintenance logbook to give the company a clear view of the state of its infrastructure and help it better anticipate its future needs.
Another approach that is becoming increasingly widespread is the integration of solutions for predictive maintenance upstream of distribution network design. By analysing the data collected by the terminals and using advanced algorithms, it becomes possible to identify the warning signs of a fault or malfunction. Technicians can then intervene before the problem becomes critical.
Who can maintain your charging points?
Le decree of 12 January 2017 on charging infrastructure for electric vehicles stipulates that all installation and maintenance work on charging points for electric vehicles must be carried out by a IRVE certified technician. This obligation applies to all charging systems with a power rating of over 3.7 kW. Over and above the regulations, relying on expert technicians guarantees you a rapid response that complies with safety standards. You'll also benefit from expert advice on how to extend the life of your equipment and optimise its day-to-day performance.
What good cyber security practices should be applied to corporate charging stations?
The first thing to do is to put your infrastructure on the same footing as your computer terminals. You would never put a new workstation into service without having activated the firewall, installed an antivirus and checked the integrity of downloaded software and applications. In the same way, a number of precautions need to be taken upstream of theinstalling charging stations in your company.
Best practice no. 1: Secure connections
The use of secure communication protocols such as TLS (Transport Layer Security) is an essential basis for securing connections between charging stations and your backend or company cloud. This protocol is a standard used by billions of websites and platforms around the world.
To go even further, you can combine the TLS protocol with data encryption using robust encryption keys (AES or RSA type). In this way, communications between your terminals and your computer terminals will be completely undecipherable. They cannot be intercepted or hijacked by ill-intentioned individuals.
Best practice no. 2: update your monitoring tools
An often underestimated aspect of charging station security is the regular updating of their software and firmware. Applying security patches helps to detect vulnerabilities and improve system response to emerging threats. These updates can be scheduled or automated to avoid any disruption to service, so that every charging point installed in your car park is equipped with the latest software version.
Best practice no. 3: Set up an access management system
Preserve the integrity of your charging points company fleet also requires the deployment of access management systems. It is essential to establish a hierarchy of rights between administrators, who need to interact with the recharge systems, and users, who only need access to the functions they require. This separation of privileges considerably reduces the risk of security breaches and limits the risk of intrusions.
Best practice no. 4: anticipate incidents
In the event of an incident, it's essential to act quickly and in the right way. In an emergency situation, the responsiveness of your technical teams can make all the difference. That's why we recommend including a section dedicated to your charging infrastructure (and, more broadly, all the IoT used within your organisation) in your PRA (Disaster Recovery Plan) to define protocols for responding to interruptions.
What are the costs and impacts for a company in the event of the failure of its recharging stations?
Costs associated with service unavailability
The malfunctioning of your charging points naturally has a direct impact on user satisfaction. If your employees can no longer recharge their vehicles at their place of work, they will no longer be able to carry out their planned journeys or rounds. If this happens, they will have to use public charging points, which will mean additional costs for your company. If you charge your employees or visitors for recharging, the interruption of this service will result in a loss of income.
Costs associated with data loss
As we saw earlier, charging stations collect a great deal of essential information, such as usage history, payment details and the identity of subscribers to the service. A charging point failure linked to a cyber attack can lead to the disclosure and theft of confidential user data. On the one hand, targeted companies must finance recovery operations. On the other hand, financial penalties may apply in countries that have to comply with the law. compliance with the RGPD.
Costs associated with piracy
The most critical scenario is that of a large-scale cyber attack. A compromised terminal can become the entry point for malicious software or ransomware, putting the company's IT network at risk and exposing your data. The financial consequences can be considerable, including the cost of repairing equipment and compensating victims. Not to mention the collateral damage, such as the loss of confidence of your customers and partners, resulting in an effective drop in your sales.
your charging point
What innovative solutions are there to protect charging points in companies?
Artificial intelligence is playing an increasingly important role in cybersecurity. While it makes threats more numerous and more difficult to detect, AI also offers many ways of improving resilience in the face of attack.
In the case of corporate charging stations, AI tools can probe thousands of pages of history to detect suspicious behaviour, such as attempted connection outside normal opening hours, excessive electricity consumption or multiple charging sessions by the same user.
Thanks to this evolving "real-time" mapping, threats can be blocked at source, before they can cause any damage.
Although the advances brought about by AI are promising, they are not yet being deployed on a large scale. That's why we recommend that you rely on a reliable, tried-and-tested tool to control your recharging infrastructure remotely and in complete safety.
How can we anticipate future regulations on charging points and their safety?
Today, existing standards focus mainly on defining best practice in terms of security. For example, they specify how to protect infrastructures and secure data exchanges between charging points and vehicles. There is as yet no strict legal framework requiring the use of specific cybersecurity solutions or tools. However, there is every chance that regulatory constraints will become stricter in the future, particularly to increase the protection of users and their personal data.
It is therefore in your interest to anticipate these changes rather than wait for them to come into force.
The best strategy is to integrate safety requirements upstream, right from the charging point installation phase. This means choosing equipment that complies with reference standards:
- ISO 15118 This is the framework for communication between the electric vehicle and the charging point. It guarantees secure authentication and limits the risk of identity theft or fraud.
- IEC 61851 defines electrical safety protocols. Its aim is to prevent overloads and short circuits.
- IEC 62196 standardises charging connectors and guarantees universal compatibility between charging points and the various models of electric and plug-in hybrid vehicles.
At Beev, we only offer certified recharging stations that meet all current standards and are installed in your car parks by an IRVE-certified technician.
Charging stations installed in your car parks can expose your information system to various types of cyber threat: data theft, denial of service attacks, billing fraud, etc. The risks are real and must be anticipated.
Implementing good cyber security practices, combined with regular maintenance by IRVE-certified technicians, is essential to preserving the reliability of your infrastructure.
By adopting a proactive approach, you can not only increase the protection of your users, but also stay one step ahead of future regulatory obligations.
Would you like to install a recharging point?
Beev can help you find the charging point and installer you need, at the best price.
