In recent years, electric vehicles have emerged like mushrooms, and related security issues have become increasingly important. This topic will provide a comprehensive overview of the cybersecurity issues that arise from electric vehicles, including communication protocols between charging stations and electric vehicles, related cloud architectures, and various potential attack surface that could emerge in the future.

The ISO/SAE 21434 standard is an important reference for building cybersecurity and resilience for vehicle manufacturing. However, simply introducing a cybersecurity solution does not improve resilience, but rather requires a planned approach.

It is difficult to plan a system with good cybersecurity resilience if inconsistent information exists during the design, implementation, and verification phases. Therefore, we propose a framework for importing an attack knowledge base, which can help synchronize the information in different phases and achieve consistent information delivery. An attack knowledge base is a database for recording and organizing information security attacks that can help automakers more accurately assess threats and provide feasible solutions during the design, implementation, and verification phases. We will discuss in detail how to introduce the framework of the attack knowledge base and discuss its contribution to cybersecurity resilience in the automotive industry with case studies.

The nature of the past year’s vehicle security incidents (ex: SiriusXM, MyHyundai/MyGenesis, and VW ID.4 back-connect) makes clear that the developmental focus of internal combustion and electric automobiles has to expand beyond transportation considerations alone and must now include defending against various attacks targeting vehicle software. The impact of vehicle security incidents is not limited to just car owners but impacts everyone in society. Evolving consumer expectations vis-à-vis vehicles are driving automotive manufacturers to transform themselves into software developers. This trend has converted automobiles from engines with wheels to computers with wheels, whereby the functionality of these vehicles depends on increasingly complex software, resulting in Software Defined Vehicles (SDV). This is accompanied by new risks in the software development process. In light of this, a new tool is needed to measure risk - the Software Bill of Materials (SBOM). In this talk, I discuss the role played by SBOM in vehicle security, how it can help the vehicle industry develop safer vehicles, and potential problems that may come in its wake.

In this talk, the speaker will provide an overview of electric vehicle charging and related knowledge, including charging piles and charging stations. The speaker will introduce the composition, components, software, and management methods of charging piles on the market. The talk will then focus on several famous cybersecurity incidents related to charging piles in recent years, including vulnerabilities in free charging, electric vehicle ransomware attacks, and alternative DOS attacks targeting charging piles. The speaker will explain the principles behind these cybersecurity threats and provide guidance on how to respond. Finally, the talk will cover future trends in electric vehicle charging and the impact of current cybersecurity regulations on the charging ecosystem. This presentation is essential for anyone interested in electric vehicle charging and the associated security risks.