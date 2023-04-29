



The Biden administration recently reaffirmed its commitment to electric vehicles (EVs), but questions remain about the charging infrastructure and the vehicles themselves’ ability to combat cyberattacks.

The challenge can be even greater when charging stations are considered critical infrastructure, especially as states add them to public property.

Many state and local agencies take out cybersecurity insurance to protect themselves from some of the financial costs of an attack on their IT systems, but insurance covering EVs and charging stations is relatively uncharted territory. is.

A recent report from the IBM Institute for Business Value touches on these new cybersecurity risks and their implications for insurance. Reports show that software-intensive EVs and their charging stations are in constant communication with other vehicles and the world around them, allowing them to rapidly deliver software updates and patch security gaps. But a large attack surface brightens the radar of cybercriminals.

The report also notes that the impact has permeated the insurance industry as it struggles to assess an unfamiliar array of risks and losses. An IBM spokesperson did not respond to a request for further comment. Mike Hamilton, chief information security officer at cybersecurity-as-a-service company Critical Insight, agreed that the unprecedented is troubling for the future of insurance.

The bigger question is how do we figure out how to price this insurance based on risk, if we don’t get the same benefits of 200 year old actuarial tables as we do with everything else What should I do? he asked. That’s what they need to understand.

Dan Leja, vice president of risk advisory and insurer Horton Group, has already written extensively on cybersecurity insurance issues related to EVs, as well as the interests of local governments that manage and insure their vehicles. pointing out.

If local governments are keen to electrify these vehicles, ensuring adequate insurance against potential cyberattacks is a top priority, Leja said.

If [governments] Are you driving incentives and government initiatives for electrification, are you considering the cyber exposures associated with this, and do you have enough case studies? [governments] where did you review [the EV fleet] Could it pose more threat than benefit? asked Leja.

The federal government may need to intervene and insure instances of serious cyber incidents through legislation, as Congress did after the September 11, 2001 terrorist attacks. The resulting Terrorism Risk Insurance Act created a program to provide joint public and private coverage for certain insured losses following a terrorist attack, and has since been reauthorized several times.

By expanding this scheme, which all insurers offer at an additional premium but is optional for insured persons, Leja said EV companies and charging station providers could benefit in the event of a debilitating attack. could help protect against huge losses.

Buy it if you want to actively cover your organization in the event that something like this happens. If you want to say no, say no, he said. But if something happens, you are in danger of the government stepping in and not helping you…unless you are covered.

This is particularly prescient given the lack of profitability in the auto insurance market. Meanwhile, cyber insurance premiums are also rising, with about half of municipalities receiving inadequate coverage. This could create a golden opportunity to step up federal intervention, especially given the amount of customer data at risk, Leja said.

To control this problem, insurers and EV manufacturers can standardize best practices as a way to assess cyber risk, said senior vice president of cybersecurity software development at technology firm IPKeys Cyber ​​Partners. Ronnie Christo said.

This includes ensuring the vehicle is fully up-to-date with required software patches and updates. This can be tracked in the same way that insurance companies use telematic devices to ensure policyholders are safe drivers.

I think at some point insurers will be able to see if they’re doing best practices for maintaining that technology because it’s so vulnerable. Is there a way to check that [the EV ecosystem] and affect it.

Just as insurers need to track software in cars to ensure safety, charging stations will also be subject to continuous monitoring, allowing insurers to really understand the risks, Hamilton said. I’m here. The self-assessments billing providers fill out to document their risks won’t help, he said.

Despite concerns about the cybersecurity of EVs and their charging infrastructure, observers believe that a large-scale cyberattack or other incident will take time to truly turn the attention of leaders to ensuring the safety of the technology. Similar to Pipeline cybersecurity investments, Hamilton said, which increased significantly after the Colonial Pipeline attack, describing the idea as managing by landmines. Christo agreed, noting parallels with pipeline cybersecurity.

If [an attack] You can lower the grid for that method [hackers] If Christo can create a massive pile-up because he’s attacking charging stations or using cars to kill many people, it becomes a bigger problem for elected officials, forcing them to act. . . That’s when things start, he added.

