On April 23rd, Mobena hosted a webinar dedicated to a pressing topic: cybersecurity in the electric vehicle (EV) ecosystem. Over the course of 90 minutes, experts from GIREVE, ETAS, Vedecom, Thales and Hubject shared insights on current threats, regulatory requirements, and best practices to secure the fast-evolving EV landscape.

Why talking about cybersecurity in EV?

As electric vehicles and public charging infrastructures become more widespread, the digital attack surface continues to grow: charging points in public areas, communication flows between actors, payment processes, personal data… Every link in the chain can be vulnerable.

Jean-Marc Rives (GIREVE) opened the session with a clear message: “Cybersecurity in e-mobility isn’t just about preventing attacks. It’s about anticipating risks across the entire ecosystem — from users to the power grid.”

Tightening regulations across Europe

Michael Klinger (ETAS) highlighted the regulatory shift underway. Europe is raising the bar with the Cyber Resilience Act, effective from 2026, in addition to the RED Directive, NIS2, and GDPR. Key requirements include: 

– Systematic risk assessments
– Secure update mechanisms
– Incident notification within 24 hours
– Penalties of up to €15 million or 2.5% of global turnover

(see our related article)

A fragmented ecosystem lacking end-to-end security

Steffen Rhinow (Hubject) provided a comprehensive overview of the complex EV ecosystem, where multiple protocols such as OCPP, OCPI, and ISO 15118 coexist.

The issue? While these protocols may be individually secure, there is no unified, end-to-end cybersecurity framework. “Every weak spot is a potential entry point. Aligning and harmonizing protocols is essential to achieve native, built-in security.”

Risk analysis and threat actor profiling

Yassir Dahmane (Vedecom) presented Mobena’s use of the EBIOS RM method for conducting risk analyses. Key attacker profiles identified include:
– Organized cybercriminals
– Malicious insiders
– Hacktivists
– Opportunistic users

Special attention was given to both digital and physical vulnerabilities in public charging stations.

Hardware-based security: a cornerstone

Gilles Chèné (Thales) wrapped up with a deep dive into securing charging stations at the hardware level:
– Embedding secure elements (SEs) and hardware security modules (HSMs)
– Cryptographically protected certificates and keys
– Mutual authentication with CSMS platforms
– Secure provisioning of certificates via trusted third-party servers

Key takeaways

✔️ The EV ecosystem is complex, interconnected — and exposed

✔️ Regulatory pressure is increasing: proactive compliance is crucial

✔️ Cybersecurity must be embedded at the product design stage

✔️ Public charging stations are high-risk entry points

✔️ Existing standards must be harmonized and enforced end-to-end

📣 Mobena will continue its work with 15 partners through 2026. Want to learn more or join the initiative? Join Mobena.