Electric-Vehicle Growth Expands GM Cyber Chief’s Concerns to Charging Stations

The shift from gasoline-powered vehicles is pushing the auto maker into electric infrastructure. Shielding that grid from cyberattacks will soon be part of Kevin Tierney’s brief

By guest author James Rundle from the Wall Street Journal

March 23, 2023

Hummer EVs on the production line at a GM plant in Detroit. Photo: JONATHAN ERNST/Reuters


Electric vehicles are taking General Motors Co. ’s cyber chief into new territory.

Kevin Tierney, the auto maker’s chief cybersecurity officer, often finds himself monitoring risks across information-technology systems, autonomous vehicles and manufacturing plants. Now, he’s adding power-grid security to his day-to-day work.

His added brief is mostly due to the sweeping shift away from gas-powered cars. California, among several states, has mandated zero-emission vehicles by 2035, and GM is significantly upgrading its EV production capacity, including with a USD 650 million investment in Lithium Americas Corp. as part of a plan to develop a mine in Nevada and secure access to a mineral key to the batteries used in EVs. The company plans to release several new electric models this year, and aims to install thousands of charging stations across the U.S. by 2025.

“We’re moving, really, from just being a vehicle manufacturer to a vehicle manufacturer and infrastructure provider,” Mr. Tierney said.

That, in turn, creates new cyber risks. Research funded by the Energy Department, published in July, found that hackers could use vulnerable security at charging stations to skim credit-card details and even hijack entire charging networks. Hackers have shown a willingness to target the U.S. power grid, and a string of physical attacks have also disrupted operations.

The cyber vulnerabilities of EV and energy security have gained attention in Washington. In October, the Office of the National Cyber Director held a meeting on the subject of EV security. The U.S. Senate Committee on Energy and Natural Resources hosts a hearing Thursday on cybersecurity in the energy sector.

On Tuesday, Mr. Tierney was appointed to the Cybersecurity and Infrastructure Security Agency’s cybersecurity advisory committee, a group of private-sector specialists from companies across critical infrastructure operators that advises CISA Director Jen Easterly.

Mr. Tierney said public-private partnerships designed to draw on specialists across sectors will be critical. Given that GM’s operations cross into advanced manufacturing, transportation and now energy distribution, he said, cyber resilience means companies need to cooperate on core issues.

“I think we have to figure out a little bit better, across sectors, where our touchpoints are and where we can make our forces more cumulative, instead of maybe doing the same things over and over again,” he said. He cited third-party security as an issue common to all companies, which could benefit from a collaborative approach.

Agencies such as CISA have promoted consensus-building with businesses. CISA’s Joint Cyber Defence Collaborative, for example, brings together public and private sector cyber experts to analyse intelligence.

“It’s truly an issue that is going to take everyone working together to get ahead of,” Mr. Tierney said.