Managing Cybersecurity Risks for Fleet Electrification – TRC Companies

Report on Cybersecurity Risks in Fleet Electrification and Implications for Sustainable Development Goals

Executive Summary

The rapid expansion of fleet electrification, with annual growth exceeding 10%, is a significant step towards achieving Sustainable Development Goal 13 (Climate Action) and SDG 11 (Sustainable Cities and Communities). However, this transition introduces substantial cybersecurity risks that threaten the stability of energy infrastructure, directly impacting SDG 7 (Affordable and Clean Energy) and SDG 9 (Industry, Innovation, and Infrastructure). This report analyzes the escalating cyber threats associated with Electric Vehicle (EV) charging infrastructure and outlines critical considerations for integrating robust security measures into electrification strategies to safeguard progress towards the SDGs.

The Nexus of Electrification, Cybersecurity, and Sustainable Infrastructure

Escalating Threats to Energy and Transport Systems

The integration of EV fleets creates new, unprecedented demands on national power grids. This expanded network of connected vehicles, charging stations, and energy management systems presents a larger attack surface for malicious actors. The security of this infrastructure is paramount for achieving resilient and sustainable systems as envisioned by the SDGs.

• Threat to SDG 7 (Affordable and Clean Energy): A 70% year-over-year increase in cyberattacks on the U.S. electric grid (2023-2024) highlights the vulnerability of our energy supply. Unsecured EV charging points can serve as gateways for attacks, potentially disrupting energy access for entire communities.
• Impact on SDG 9 (Industry, Innovation, and Infrastructure): The 2025 Upstream Global Automotive Cybersecurity Report indicates a sharp rise in attacks on mobility assets. Over 60% of these incidents had a large-to-massive impact, with 74% causing service disruptions, undermining the goal of building resilient and reliable infrastructure.

These vulnerabilities demonstrate that without a foundational focus on cybersecurity, the infrastructure built to support clean transportation could compromise the very energy security it depends on, hindering progress towards multiple Sustainable Development Goals.

Strategic Recommendations for Secure Electrification Aligned with SDGs

To ensure that fleet electrification contributes positively and securely to the 2030 Agenda for Sustainable Development, organizations must adopt a security-first approach. The following considerations are critical for building a resilient framework that supports long-term sustainability.

1. Fostering Resilient Infrastructure (SDG 9) through Systemic Understanding

A comprehensive understanding of the interconnected software and hardware ecosystem is the first line of defense. Malicious actors can exploit any point of connection, from the vehicle to the charging station and the grid itself. To build truly resilient infrastructure, organizations must:

• Invest in organizational knowledge of EV connectivity and software protocols.
• Identify all potential entry points for cyber threats within the charging ecosystem.
• Implement mandatory employee training on security protocols for vehicle charging and maintenance, strengthening institutional capacity to manage risks.

2. Integrating Cybersecurity into Energy Security for SDG 7

The security of EV charging assets is inseparable from national energy security and the goal of ensuring access to affordable, reliable, and modern energy for all. Cyber disruptions can be as damaging as physical grid outages.

• Risk Management: Develop comprehensive risk assessments and threat intelligence plans specifically for EV infrastructure as part of any electrification strategy.
• Supply Chain Integrity: Procure charging technology from reputable vendors. The 2024 suspension of Spanish EV chargers in the UK due to non-compliance with cybersecurity regulations serves as a critical case study. Such vulnerabilities could allow hackers to manipulate thousands of chargers simultaneously, destabilizing the national grid and jeopardizing energy security.
• Universal Vulnerability: Recognize that organizations of all sizes are targets. Smaller entities, often less protected, can be compromised and aggregated into large-scale botnets, creating systemic risks that threaten the stability of the clean energy transition.

3. Establishing a Security Foundation for Climate Action and Sustainable Communities (SDG 11 & SDG 13)

A secure foundation is non-negotiable for the long-term success of fleet electrification as a strategy for climate action and sustainable urban development. Organizations embarking on this journey should integrate the following security governance questions into their planning and operations:

1. Has EV charging infrastructure been fully integrated into the organization’s comprehensive risk management and threat intelligence framework?
2. Is there a complete and documented understanding of how existing and planned onsite energy assets (generation, storage, management systems) connect to the broader electrical grid?
3. What internal and external resources (IT/OT, risk management, facilities) are assigned to monitor and mitigate security threats to fleet and energy assets, and is there clear internal ownership of cyber oversight even when services are outsourced?

SDGs Addressed in the Article

• SDG 7: Affordable and Clean Energy – The article discusses the strain on the electric grid due to EV charging and the critical need for energy security and reliability, which are central to this goal.
• SDG 9: Industry, Innovation, and Infrastructure – The focus is on the vulnerabilities of new, innovative infrastructure (EVs, charging stations) and the necessity of building resilient systems to withstand cyber threats.
• SDG 11: Sustainable Cities and Communities – Fleet electrification is a key component of sustainable transport systems in cities. The article highlights cybersecurity risks that could disrupt these essential urban systems.
• SDG 13: Climate Action – The transition to EVs is a significant climate action measure to reduce emissions. The article addresses cybersecurity as a major challenge that could undermine this transition.

Specific SDG Targets Identified

SDG 7: Affordable and Clean Energy

• Target 7.1: By 2030, ensure universal access to affordable, reliable and modern energy services. The article directly addresses the “reliability and security” of energy, noting that cyber disruptions can cause “grid outages” and threaten the stability of the power network that EVs depend on.

SDG 9: Industry, Innovation, and Infrastructure

• Target 9.1: Develop quality, reliable, sustainable and resilient infrastructure. The entire article is a call to action to make EV charging infrastructure resilient against cyberattacks. It warns that “unprotected and unmonitored EV charging systems” are a significant vulnerability and stresses the need to integrate a “strong security lens” into planning.

SDG 11: Sustainable Cities and Communities

• Target 11.2: By 2030, provide access to safe, affordable, accessible and sustainable transport systems for all. Fleet electrification is a move toward sustainable transport. The article highlights how cyberattacks, which cause “service disruptions” and target “system controls,” threaten the safety and reliability of these emerging transport systems.

SDG 13: Climate Action

• Target 13.2: Integrate climate change measures into national policies, strategies and planning. The article advocates for making cybersecurity a foundational element of fleet electrification strategy, stating that “each step in your electrification journey needs to account for the cybersecurity risks.” This represents a critical integration of security measures into a key climate action plan.

Indicators for Measuring Progress

Target 7.1 (Reliable Energy)

• Frequency of cyberattacks on energy infrastructure: The article provides a direct metric, stating that “Check Point Research reported a 70% increase in cyber attacks on the U.S. electric grid year-over-year (2023-2024).”
• Rate of service disruptions from cyber incidents: The article implies this indicator by citing a report that found “74% of incidents causing service disruptions.”

Target 9.1 (Resilient Infrastructure)

• Inclusion of cybersecurity in risk management plans: The article implies this can be measured by asking organizations, “Have you considered EV charging in your risk management and threat intelligence plan?”
• Compliance with cybersecurity regulations: This is indicated by the example of the “UK’s Office for Product Safety and Standards (OPSS) suspended sales of Spanish EV chargers” because they “failed to comply with current cybersecurity regulations.”

Target 11.2 (Sustainable Transport)

• Rate of fleet electrification growth: The article provides a baseline indicator for the adoption of this sustainable transport system, noting “year-over-year (2023–2024) growth estimates exceeding 10% annually.”
• Number of cyberattacks on mobility assets: Progress can be measured by tracking the number of attacks. The article notes that “cyberattacks targeting automotive and mobility assets have increased sharply, impacting thousands to millions of connected vehicles and charging assets.”

Target 13.2 (Climate Action)

• Integration of security into electrification planning: The article suggests measuring this by whether organizations have internal ownership and resources (“IT/OT, risk management, facilities, etc.”) to “identify and monitor cyber and other security threats for your fleet and energy assets.”

Summary of SDGs, Targets, and Indicators

Source: trccompanies.com