Secure boot for UK electric car chargers isn't required until till next year

Electric car chargers will have to include secure boot and automatic network disconnection if unsigned software runs on the smart devices.

However the British government has said that is won't be until sometime 2023

New security requirements for smart chargers won't be enforced until the last day of this year, according to government papers.

While those changes are positive, and help protect against a deliberate cyber attack or a drive-by malware infection, the Electric Vehicles (Smart Charge Points) Regulations 2021, passed in December, gives industry a whole year before it has to meet the standards.

Schedule 1 of the regulations sets out the cybersecurity requirements new car chargers will have to meet and there's little to complain about there: secure boot; only running signed firmware; automatic checks for software updates; and a ban on "hard-coded security credentials."

This is all in line with the Product Security and Telecoms Infrastructure Bill's general approach to Internet of Things (IoT) device security. Yet there's a hole in the smart charger regulations with the 12-month grace period.


Electric Vehicles and the Tesla Model 3: Expanded, Revised and Updatedamazon uk

A government consultation carried out last year said "many of the legislative requirements are already being met by UK industry."

Current electric car chargers, however, aren't required to comply with mainstream cybersecurity standards.

Thus we see the government statement: "Compliance with cyber requirements may require a longer timeframe, to ensure that the supporting changes can be implemented by industry."

Designing a secure product does take time and effort, though the 12-month grace period could lead to a year of free-for-all installing of substandard chargers to beat the deadline. Which is a genuine concern for all electric car owners.

Photo by Ernest Ojeh on Unsplash

Editor
Environmental Tech specialist, with years of experience in previous senior IT roles who cares very much about the environment.