Cybersecurity risks pose a growing, system-wide threat to the Electric Bus Ecosystem (EBES), with cascading impacts across fleet operations, depots, charging infrastructure, and the operating environment. These risks include malicious cyberattacks, unauthorized access, manipulation of vehicle controls, disruption of charging schedules, compromise of passenger data, and interference with depot and control room systems. Such incidents may arise from ransomware, malware, phishing, denial-of-service (DoS) attacks, or manipulation of operational data, potentially leading to service disruptions and safety risks.
Explore the expendables sections to see detailed preventive, responsive and recovery measures for the Cyber Threat hazard and for each component (Fleet, Depot, Charging Infrastructure & Operating Environment).
Unauthorized remote access
Electronic Control Units (ECUs) are equipped with encrypted communication protocols & authentication mechanisms.
Manipulation of Vehicle Operations
Firewalls and real-time cyber audits
Operational Disruption
Combine real time data from the cyber and physical domains to improve awareness
Response plan for bus operations during Cyber attack-
Response plan for handling vehicle Hijack
Response Protocols for personnel safety and evacuation
PT- Planning Team/ IT Team/
Operator / IT
PT- Depot Manager, IT, Operator
State Police Dept
Data Theft and Data Breech
Restricted Access
Regular software updates
Employee training on cyber security
Manipulation of the operations schedule and of depot management systems
Implement Backup for important depot operations
Strong password and multifactor authentication for important depot access
SOPs for Depot operations during Cyber Attack
PT- Procurement Team & IT team
PT- Depot Manager, & IT Team
State Police Department
Physical Cyberattacks – Impersonations
Secure Human Machine Interfaces (HMI) such as touchscreens, card readers with multi-factor authentication.
Ransomware attacks, disrupting the charging cycles and causing operational disruption
SQL Injection -Use parametrized queries to distinguish code from data.
Provide cyber security related testing and assessment while installing EVSEs.
High Voltage load flow malfunction
The IP addresses should be validated & only pre-approved clients should be allowed to access the system
Response plan for charging infrastructure operations incase of Breach of Charging Infrastructure (Smart Chargers or EMS)
PT- Procurement team, Planning Department
OEMs, Charging Operators, IT Teams, Depot Manager
Potentially Disrupt Services, poses safety risk
Installation of firewalls, intrusion detection systems, and regular security audits
Compromise Passenger Safety
Aware staff about phishing mails and password security
Response plan for handling vehicle Hijack
SOPs for Drivers
PT- Planning and Procurement Team
PT- IT Team, Depot Manager and Driver
State Police Department
