[02:24] Electric Vehicles: Impact the Environment in a Positive Way

Rachael: We've got Matt Bianco. He is president of FedWay Consulting joining us today and he knows everything there is to know about electric vehicles, electric vehicle charging integration with US government. And he's going to break it all down for us today. Welcome to the podcast, Matt.

Matt: Very nice to meet you guys. And I'm looking forward to this. It's nice to get the message out and there's a lot of miscommunications around this type of subject. So, I'm excited. Thanks for having me.

Rachael: So, Matt, tell us what's going on here in the EV market because it's all you hear about lately, and particularly government. I think our listeners can be really fascinated what's happening there.

Eric: Blows my mind that the government's thinking about EVs. And then, you think about it, it makes total sense. But what's going on, Matt?

Matt: When you have a gigantic fleet, I mean, what way to impact the environment a positive way than to take us whatever the fleet is at now, 680 or 700,000 vehicles and electrify it. I mean, it can make a huge, huge, huge impact. So, there's a couple of different sides here.

 

Electric Vehicle Supply Equipment

Matt: There's the side that we hear a lot on the news right now about which is the infrastructure bill and the federal grants and money that is around that. And they talk about $5 billion, and all of this, which is outstanding.

That's going to be the sight of really the states and municipalities and some private sector, where they're going to be applying for these grants and taking the federal money and implementing corridors for fast charging. So people are comfortable on long trips with their EVs, also some workplace charging and some things like that. That's that side.

So, I don't get as involved in that. That's going to be a little bit different side of the coin. But with what I'm involved in, it's more of the electrification of the federal fleet and get that electrify, getting EVSE at federal sites and at federal agencies, military bases, VA hospitals, you name it. The list goes on.

Eric: And Matt, I want to stop you for a second just to make sure we're all on the same page. EVSE?

Matt: Electric Vehicle Supply Equipment.

 

 

Electric Vehicles in the Federal Government

Eric: Really, the charging infrastructure and chargers as we should think about it?

Matt: Correct.

Eric: I'm in the market myself as we shared beforehand, so I'm up with it. But I was like, that was a newer one to me. I just thought of it as electric vehicle chargers. I would have made it EVCs. So, electric vehicle supply equipment and 700,000 vehicles in the federal government motor pools?

Matt: A little shy of that, but I think something in the 680,000 range or something like that. That does include the Postal Service, which is a whole another can of worms with electrifying that. And you can read the news about that. I can't really talk too much about that. But they have 180,000 themselves. So, the rest is the rest of the federal fleet.

But military's got a large fleet, even some of these Department of Energy labs. I mean, this is like the light-duty motor pool type of vehicles, but then you've also got lots of trucks and buses. Federal Law Enforcement Training Center has lots of buses that they're going to be electrifying, things like that. So, there are some pretty large vehicles. Then you've got the whole tactical side of military that probably more 2050 is when they're going to get to the point where they can fully electrify that.

 

 

Substantial Savings in Using Electric Vehicles

Eric: And you're talking Humvees, tanks, and the like for that type?

Matt: Correct.

Eric: But just to substantiate what you're saying, I mean, there's almost 700,000 vehicles in the federal motor pools, not counting Postal. And we have companies like Amazon, FedEx, UPS. They're driving hard on electric vehicles to save cost. It's probably a good move for the government is what I'm trying to get to.

Matt: Absolutely.

Eric: At least commercial industry says, "It's a good move for us." You would think the government would say, "Well, is it a good move for us?" Probably. Let's think about that.

Matt: And take away the climate impact, just the maintenance of the vehicles and not having to deal with oil changes every three months and not dealing with all the different issues that come with 800 moving parts compared to something like 80 in an EV. I'm not an expert on that. It's a significant difference. So, Yes, just the maintenance itself, take away the climate impact.

Eric: So, the government sees a substantial savings in going to electric vehicles over traditional internal combustion engine vehicles. Maintenance and cost, and fuel reduction requirements, and everything else, right, which commercial industry supports.

Matt: Correct.

Eric: Because they're all going there.

 

 

The First Step in Getting Electric Vehicles

Matt: Exactly. Long term, that's the goal. The vehicles are a little more expensive upfront right now. Battery costs are coming down. Vehicle costs are coming down as the options. You've got Kia and Hyundai, and some of these vehicles that are a little bit less expensive. And Ford's got their Mustang Mach-E. That's on GSA Schedule. So, there's lots. The more options there are, the costs will come down and even more impactful.

Rachael: I think there's a Hummer EV too, right, that's coming out?

Eric: It's $130,000 I think, Rachael.

Rachael: Well, you could sleep in it. Just make it your home and there you go.

Eric: Or just order five of those, right?

Matt: It does the crab walk too, though. You got to look up the crab walking diagonally.

Eric: It does do that. I saw that. It does do the crab walk. We think financially it's a good idea is what we're saying for the government to go in this direction probably quickly. Are they going? What's the holdup? I mean, if commercial industry is saying it's good, and we need to do it, what's the holdup?

Matt: They are. So, the first step was, two things, get vehicles on GSA Schedule for the agencies to purchase. So, they've got to have access to the vehicles, get these companies to produce vehicles maybe at a little quicker rate because the government's going to buy in volume. They'll get an order for a couple of thousand electric vehicles from Army or something like that. That's just an example. Trying not to name names of agencies here, so I get in trouble, but just in general.

So, they've got to get the production up. And then, you've got to have the EVSE, the service equipment, the chargers, in place because it's like chicken and egg theory. You've got to have the chargers there to charge the vehicles before they get there. And a utility-tied charger takes sometimes upwards of a year and more to get in place. There's options to suppress that. But in any case, that's the first step, getting your vehicle.

 

[10:07] A Long Tale for Electric Vehicles

Eric: Why does it take so long? I mean, they're commercially available.

Matt: It's the permitting. It's the digging. You've got to do construction. I always say that I help agencies from concept to completion. So, the concept is, hey, what power do we have available even? Do we have enough power in this area? Where do we want to put them? Then you've got to start permitting for it. You've got to get contracts in place to do the construction work, to do the digging, to pull the electrical. It's quite a process.

Eric: Well, and even getting on the GSA Schedule, I know from the government work we do, takes a long time. Just from a vehicle perspective, or an EVSE charging perspective, you've got to prove commerciality. You've got to learn how to work with the government. Commerciality, meaning this is what we typically sell it for. So, you can't put a new vehicle on GSA until you can prove that there's a set market price for it. So, this is a long tale.

Matt: You got to give them the best price too on top of that. So, you've got to give them a discount, assuming that you're going to have volume.

Eric: Right. So, long tale here, great idea still takes a couple of years to do it. It's not super easy. It's complex.

Matt: Right, exactly. And the other side is, these vehicles are often leased by GSA, or they're potentially owned, but they have a lifecycle. And they've already planned five, seven years ago for the lifecycle of that vehicle. So, they're going to start replacing them as they come up for cycle.

 

Executive Order 13693

Matt: They're not going to jump ahead and say, "Hey, these vehicles aren't going to be supposed to be replaced until 2024. We're going to do it now." You're going to replace the vehicles that are ready to be replaced and trickle it in.

Rachael: That's prudent. So, what's the current fleet? Have we talked about that? I mean, how much is currently electric? I know Biden has set some goals more on the commercial side, but what does that landscape look like today, Matt?

Matt: Great, great question. So, just to bump backwards, the Obama administration had one Executive Order 13693 which the goal then, which looking back is funny to look at, was 25% of new purchases by 2020. So those vehicles cycling back in. And when they're buying a vehicle or leasing a new vehicle, it was supposed to be 50% percent by 2020.

Eric: And when did that come out?

Matt: That was 2014, I believe.

Eric: So, you said, in six years, we're going to get 25% of the vehicles turned over and electric. But what's the average life of a government vehicle? Do we know?

Matt: I want to say somewhere in the 10-year range. That, I would have to confirm, but seven to 10 years.

Eric: So, somewhat realistic. Did it happen?

Matt: No, it didn't. So, we had a little delay, and it was about at one percent. Right now, about one percent is electrified. So, we're well behind what it should be. I can give example.

Eric: Plus, the 10 grand.

 

 

Executive Order 14057

Matt: Yes, it's pretty low. It's probably between 10 and 20, 000 vehicle stops. The numbers have changed recently. There's been a lot more purchases. So, I'm going off of what I've heard maybe a few months ago. So, hopefully, it's increased just in the last few months since this new executive order came out that we'll talk about.

But actually, that's a good parlay. I might as well talk about it. The new executive order is Executive Order 14057, which is catalyzing clean energy and basically around federal sustainability. So, there's a lot of items, reducing CO2 emissions around buildings, around any type of power that you're generating and that type of thing and using.

So, it's broader than just electric vehicles. But the EV piece of it, they put a federal sustainability plan out, and there's three pillars. And one of the pillars is the electrification of the federal fleet. So, the numbers for that, by 2027, the goal is to have a hundred percent of light-duty vehicles. That's your motor pool sedans, that type of thing.

Eric: So, like the Chevy Malibu equivalent and army recruiter might use to drive to see a candidate?

Matt: Correct, things like that. So, that's by 2027, the goal is to have a hundred percent of purchases. That's looking at new purchases though. So, it's not like the whole fleet will be there. It's just by 2027, we want to make sure that every new purchase is going to be an EV.

And that's probably a third of the federal fleet. I'd have to look the numbers up and refresh my memory. But it's a pretty large chunk of it. Now, they do have the medium. It might even be closer to two-thirds. It's between a third and two-thirds, or maybe even closer to a half of the federal fleet. Say, 3 to 400,000 of them are of the 680,000 that are out there now are light duty.

 

 

The Goal for 2035

Matt: Then you get into the medium and heavy-duty. And the goal they've put for that is 2035 100% new purchases for the federal fleet. And that's just because the options are not there. Now, they have options everywhere. We had a little beginning conversation prior to this about Rivian and some of those. The delivery timeframes in getting these to market, they're announcing them a lot quicker than they're producing them.

But Volvo has construction vehicles that you can see in the news, all kinds of buses. So, buses will be fairly easy to work with. But then, you've got the long-haul trucks and different things that are involved with the federal fleet as well. So then, that's medium and heavy-duty. That doesn't count army tactical vehicles and tanks, and things like that. But medium heavy duty would be more like trucks, buses, construction equipment, that type of thing.

Eric: And is it possible? Can they legitimately hit those targets?

Matt: That's a really good question. It's definitely lofty. It's a goal. My background, I've always been a very goal-oriented person, but you don't always hit your goals. But I think it's doable. It's not an unreachable goal.

And I think they looked at the numbers. As vehicles are cycling, there's a federal fleet report that you can Google and find that GSA puts out that's got the number of vehicles at each agency and what types of vehicles they are and that type of thing. So, if anyone's interested, you can find that information pretty readily.

 

[16:48] Procurement Logic of Electric Vehicles

Eric: So, a couple of questions come to my mind. Are there enough vehicles being made that they could actually buy them? If everything else is perfect, could they actually buy them? How do they get them into the federal supply chain? And we talked about GSA, but what does it do to motor pool contracts? And how they deal with that, they need less mechanics. They need less fueling. I mean, I've seen fuel depots on lots of bases. Do you curtail the need for that?

What about the EVSE, the charging infrastructure that we were talking about the opening of the show here, can they have that in place? Light-duty vehicle, you buy a car, but you can't charge it, what do you do? The other thing, and just random thoughts here, Rachael, if an electric vehicle is $20,000 more than the equivalent internal combustion engine vehicle, how do they justify a higher price? I mean, I guess they'd have to write into the specs. 

Rachael: You have to look at the lifetime though, right?

Eric: You're using logic. I'm extrapolating this out to government procurement logic or whatever you call that. Someone's going to say we can get a Chevy Malibu which we've been buying for three decades for, I'll just make this up, $32,000 GSA pricing. We've now got a electric vehicle supply here fleet that we can pull from, but the average vehicles price is $50,000.

The best price says we give it to the Chevy Malibu all day long. Somebody's got to educate in that whole process, Rachael. And I'm betting, Matt, you've got a lot of experience with that. I do from the cybersecurity and IT side. It's not easy though. Education has to be applied.

 

Electrify the Fleet

Matt: And there needs to be the guidances and the orders to do this, which are there. So, that comes into play. They're being told they have to electrify the fleet. It's a very, very large goal of theirs. So, the fact that they're going to spend a little bit more money on a vehicle, as long as they're available via GSA Schedule, they're all set. And there are several vehicles available already.

So, there's plug-in hybrids which is a PHEV. So, it's got a gas engine, but then it also got a battery that can go 20, 30, 40 miles of range. They are implementing some of those. There's some hybrid vehicles, but there's so many more electric options already.
They do have all the Tesla models on GSA Schedule. They've got the Ford Mustang Mach-E. They've got the Hyundai Kona and the Kia Niro, and all these different vehicles. So, they probably got a good 15 or 20 pure electric vehicles available to them. So, the availability is there.

Eric: Okay. So, they have some.

Matt: There's another free-competed, pre-vetted. They can just go and purchase off that schedule. So, they're available. And that cost that's extra gets balanced out a little bit over time. And like you said, looking up front, it is a little more expensive. But there are ways for them to purchase them even though they are more expensive. But then, you look at the lifecycle, to Rachael, is point the no oil changes and no real maintenance for at least the first three to five years of that vehicle, many less moving parts and that type of thing.

 

 

There Are Fewer Headaches in Using Electric Vehicles

Matt: It actually gives fleet managers less headaches too. So, it frees up some of their time because they don't have to pester these guys and these girls that are fleet drivers in the federal workplace to get these in for maintenance and that type of thing. So, it eases a lot of pressure on their side of things. But there's a lot of availability.

But you did talk about chargers. That is the big predicament. They've got to have this infrastructure ready for these vehicles. They've got to get the budget for the vehicles too. That's the other thing, it's budgeting their money to do that. There's no federal budget really passed currently. So, they'll start a sprint here in the next few months to get some things done.

But yes, the chargers take a little time to implement. There's ways to circumvent that, but you've got to have the infrastructure ready to charge it or you'll be left in a little bit of a lurch. So, I think that's why some agencies are choosing those plug-in hybrids because, hey, at least peace of mind, they've got the gas engine to back them up as needed. But then, what happens is they let the battery deplete and then they just, "We won't even charge it. And we'll just use the gas." So, it defeats the whole purpose.

Eric: When you have all the same maintenance issues and everything else, but you probably have a slightly additional cost, I've not want to do half-step. So, I haven't really looked into it. You're talking about like the Prius category. There's type of vehicles where you've got an engine but a battery.

 

[21:53] Battery Electric Vehicles

Matt: There's hybrid fuel vehicles. Prius has those, but they also have a plug-in where it's got an actual battery. But I agree, I don't believe in half steps either. I don't think the government's really going to lean that way. There's enough pure electrics. They call them BEVs, battery electric vehicles. So, that's a full electric. I think that's the way they'll go. It's just getting these vehicles cycled out and getting the infrastructure in place to charge them.

And I've mentioned a few times, there's quick ways. There's something on the market called the EV ARC from a company called Beam Global that is drop it and go. So, a lot of military sites are liking that. There's an article in the news about the Marine Corps buying some of these. And that's a quick way for them to deploy, where they don't have to dig.

It's not real property. They can put this solar charging station in. And it's really, really, really well suited for fleets, where you're driving 5, 10, 15, 20 miles a day. And you plug it in every night, and it's just purely solar and contained into a parking space. So, they can get those implemented in a matter of two or three months compared to sometimes a year or two for a utility project to go full cycle.

Eric: What are the cybersecurity implications of going to BEVs, battery electric vehicles? The more modern technology, you've got the EVSEs, the charging infrastructure that I'm assuming is connected to the internet or online at least. So, what are the considerations that customers need to think about as they're employing this new modern technology?

 

ISO 15118

Matt: And that's a great question. There's a couple of different things here at play. So, there's the vehicle itself and the connected vehicle. I'm not so much an expert on the connected vehicle side of it. Tesla is far and away further along with the connection of the vehicle than some of these others doing over the air updates to the vehicle and all that type of stuff.

It's the same thing with charging too, and I'll get into that. But there's something related to that called ISO 15118, which is a security protocol for vehicles focused on vehicles and the vehicle charging.

So, to parlay that or to I guess going to go into the actual charging station, which I'm an expert more on, is there's two things. There's plug-in charge, which Tesla has its own closed ecosystem. So, a car goes in, plugs their vehicle in. If the vehicle communicates with the charging station, it's got the person's credit card information. It's got the vehicle information.

There's a little bit more risk involved in plug-in charging at ISO 15118. So, I worked for a company called ChargePoint for four or five years. They're the market leader in level two charging. Now, there's a lot of companies on the market similar and they all fall into the same boat. There's EVgo, Electrify America, Summit Connect, the Blink, ChargePoint. I mean, I can keep naming the list.

Eric: Which are level three chargers which allow you to commercially plugin, right?

Matt: Right. There are actually, in some cases, level two and level three. But you're right. 

Eric: And they're not chargers. They're charging systems infrastructure, where regardless of your car, you can pull up to an Electrify America charging station.

Matt: Correct.

 

 

Level Two and Three Charging

Eric: Put your card in, tap your card, do whatever you need to do and fill up essentially.

Matt: And that's where the security comes in. That's the perfect segue. The security comes into when you're tapping your card to charge. You're correct. Tesla's got their own plug like Apple has their own with phones. 

So, they use a different connector. The level two connector outside of that is universal. It's called the J plug or the J 1772. So, every vehicle outside of a Tesla in North America has this J plug. Then there's level three. Level three charging is DC fast. So, level two is 25 miles of range per hour being replenished into your vehicle.

It's more for, hey, you're charging overnight, or you're charging at work, and you just want to get a few hours of charging in to get your commute mileage back or whatever it may be. It's long dwell time charging. Level three charging is now your 50 kilowatts and above, ranging from 200 miles of range per hour up to probably eventually you're 1500 to 2000 miles of range per hour.

So, there's different plugs associated to that. There's the CCS Combo, they call it, which is CCS one which is like the European manufacturers and American vehicles. And then, there's something called the CHAdeMO. Nissan LEAFs used to have them. They're going to make the switch to CCS here soon is what I'm reading about. But it's a lot of the Asian manufacturers that were using that CHAdeMO.

 

 

Vehicle and Charger Security

Matt: So, there's a little bit of nuance when you get into fast charging. EVgo especially is all fast charging. They don't really have any level two. But most of the other companies have level two options to where they'll put stations in a town center or something like that. Where you're going to the coffee shop, and you're going to charge for an hour or two and get 25, 50 miles of range back into your vehicle. It's just a different behavior.

I've driven an EV for six years now. I used to let my gas go down to under a quarter of a tank and then go ahead. You'd be late for work. You have to go fill up your tank, but here, you're just plugging it in wherever you go. So, you're keeping your battery between 20 and 80% filled. And you're going to these stations as you see them.

So, that's the background there. I worked for a couple of different cyber companies. I worked for an encryption company, but also a company called HackerOne that does researcher-based white hat hacking bug bounty programs, that type of thing, which the company I do a lot of my work with is ChargePoint. And they use HackerOne to work on this stuff.

So, let's back up. You've got the vehicle security. So, that's the connected vehicle, a little different. Now, on this side, you've got the charger security. Let's forget about Tesla and plug-in charge and ISO 15118. Let's just think about everything else.

 

 

The Cybersecurity Concern in Using an EV

Matt: Now, it's just an electric signaling to the vehicle. So, you take the plug out of the station. You plug it in. The station is saying, "I have this much power to give." The car is saying, "I can accept this much power." It's always going to match. And there's a signal that goes on.

And there's not much cyber concern when it comes to that. You can't hack into the grid by way of that. Plug-in charge opens up a whole another can of worms. That's something potentially in the future. But right now, it's not going that way because it's just too tough. You've got all these manufacturers. You got all these different types of vehicles. Tesla can do it because they've got this close ecosystem.

So, you've got to signal where the security comes into play and where federal is really digging in now more in the last year or two. I've worked with federal agencies on this stuff since 2014. So, we're approaching eight years that I've been doing it.

So, the biggest concerns are, you're tapping the RFID card or using your phone to start a session or whatever it may be, what happens to all that data? If it's a fleet vehicle, there's data being captured for that fleet vehicle. But the key there is, it's really unclassified data. So, it's dummy data. It's whatever vehicle you assign to this serial number on this RFID card.

And that's the fleet side. So, really, it's just, how much power is being pulled? How much energy is being used? How long are the charging sessions? Very, very minor data, not really sensitive.

 

 

FedRAMP Certified

Matt: The personally owned vehicle side, when they tap the RFID card, now it's going to capture credit card information and make a payment and things like that. So, that's packeted. All the data is packeted and sent over the airwaves. It's encrypted at rest and in transit.
Typically, most of these companies are using AWS and hosting their data on AWS servers. So, it lands there. It's encrypted and protected. And government loves FedRAMP. So, those servers are FedRAMP certified, and all of that good stuff.

But the latest and what GSA is really digging into right now is, do these companies that provide software, like a ChargePoint, like a Summit Connect, like a Blink, whoever has their software package. Greenlots is a software-only type of application. Do they need to be FedRAMP certified? 
And I think the general consensus is starting to be, no, that's more of a cloud hosting company that they're hosting data. And it's potentially classified data and some other types of things, government data. This government data is really non-sensitive.

Eric: I mean, the FedRAMP PMO might argue that if it's hosted by a CSP, a cloud service provider, and it's government data, it needs to be hosted on a government, a FedRAMP platform, I think is what they would say.

Matt: Correct. 

Eric: I don't want to speak for them, but that's what I suspect that they say.

 

[32:11] Blanket Purchase Agreements

Matt: No, and that's what I've been engaged in. That's a great point because that's what they're trying to determine. There's a contract that is actually due. There's an RFQ that's due to GSA by EVSE companies by 5:00 PM today. So, there's going to be a lot of people responding to that. And they're going to put together what's called a several blanket purchase agreements to make it easy for the agencies to procure these charging stations, part of that process, which is really essentially public.

You have to have your product on GSA Schedule currently to respond to this. But there were some drafts that went out in the past that we're potentially going to be in full and open competition, but they're comparing. There's a comparison questionnaire, FedRAMP versus NIST 800-171. So, NIST 800 is more of a self-assessment that they prefer you use a third party or FedRAMP 3PAO to go through this gap assessment and see what the issues are.

So, I can't really get into a lot of that just because of the contract that's on the streets right now as far as how that's playing out. But prior to that, and just in general, the general consensus is that we're thinking that maybe NIST 800-171 will be sufficient. So, they're digging into it.

Eric: That's controlled unclassified information as I remember.

Matt: Right. Correct, CUI.

Eric: So, the mechanisms required for that, I mean, I don't want to get into that on the show. There are definitely concerns to think about. So, let me ask you a question then. 

 

FAST Act

Eric: When you're talking to procurement shops or customers, GSA, the like, and I don't want any specifics of course, are they thinking about cybersecurity? Are they thinking about protecting information? 801-71, FedRAMP, and the like, it sounds like they are.

Matt: Yes, absolutely. They're digging in really heavily. So, you've got the DIB.

Eric: Defense Industrial Base.

Matt: So, you've got GSA and DHS working together. And they are definitely digging into this very heavily and just trying to figure out what's going to be appropriate, but not put constraints on the industry too because there's a lot of small companies involved in this too. Sadly, it's a lot of money. You look at a FedRAMP certification.

Eric: It takes millions of dollars, it's years. It's really difficult. And once you get in, you just made a market. So, the first company that gets in has massive advantage over everybody else. It just takes a while to get in.

Matt: Correct. So, now you've got that conundrum. If it's going to take a couple of years to get FedRAMP certified, there's no product FedRAMP certified, how do you get these electric vehicles in place? And you can't just put a dumb non-network plug because now you can't control who uses the station.

You can't pull reports to see how much energy is being used. You could, but it's very difficult.

There's so many things that come with networking at charging station. There's something called the FAST Act, Fixing America's Surface Transportation Act, that allows agencies to let personal vehicles charge. But the only way you can charge them and do the whole billing process to that and allow people on the station is through a network charging station.

 

 

CUI: Controlled Unclassified Information

Matt: But they're realizing two things. The connection is very nonabrasive, so it's via cellular. Typically, you're not going to touch any government network. There's no wi-fi connection or ethernet connection. It's usually done through cellular. So, that makes it a little bit easier as well. But then, the CUI is very minimal. It's very non-sensitive data.

I've got an example of an agency where, for instance, they have their RFID card with a serial number virtually attached to a vehicle, but they don't even put what the vehicle is. It's like vehicle one.

Eric: Right. But if it's marked as CUI, it's CUI. And they're costly. And when I say expensive, it's more than just the cost, right? It's how do you manage it? What systems do you need to have in place? What networks are you on? It does raise the price.

Where my mind keeps going, Matt, is back in the early days of smartphones, iPhone and the Google devices, the government thought it had the ability to regulate how they're used. But the reality is the commercial demands on these providers, Apple, and Google, Samsung, and the like, they just blew right past the government. The government couldn't mandate anything because commercial just went and bought it.

I'm wondering if the same thing happens here with the different networks and the different systems, where they're like, "Look, we've got such a global demand. US government, with your 700,000 vehicles and all your complexity, and we just don't have the time to deal with you. Take it or leave it. This is what you're getting right now."

Because you're right. FedRAMP would take them two years. I mean, ChargePoint would take two years to get through FedRAMP. They'd have to have a parallel system probably. And what could they do in two years to leapfrog the competition? And I'm just picking at ChargePoint.

 

 

Leapfrog the Competition

Matt: And it isn't even worth it with the data that you're collecting.

Eric: Well, that was the cellphone thing, right? Do we do all this stuff for the government requirements? I think at the time, this is 2010 maybe, there were 600 million potential smartphone users that was the total addressable market. Let's call the US government. I don't know. Let's call it four million people. Two million DoD, two million civilian loosely. Not all of them would get a government-issued smartphone.

The government is like, "Hey, we got our two million people. And we want you to do what we want you to do." And I remember talking to a lot of providers from a security perspective, and they were like, "Look, we got a $600 million device TAM. We don't have time to adhere to the government's requirements. We're doing it and they'll fall in line because they want phones."

I'm wondering if we're going to do it and they'll fall in line because they've got the Executive Order 14057. They've got the mandates. And they're just going to have to comply.

Matt: No, great point. And they are thinking about it.

Eric: And I don't know the answer.

Matt: And doing something that's maybe protecting them but not making companies go through that lengthier process is that NIST 801-71, which seems to be falling in line. But that still takes a good six to eight months and still costs a company a couple of $100,000 to do this.

 

 

Six Months to Move Forward

Eric: I mean, we're going through right now. You've got to set a parallel. The amount of work to protect controlled unclassified information is incredible. I mean, it's not classified information, but you almost have to treat it on a separate network. And not really a separate network. You got to handle it separately or differently than you would a general chit-chat over email and everything else. The way you store the information, it's crazy. So, there are some security components here.

Matt: Absolutely. And they are thinking about it. And they've been thinking about it for a good year or so. So, I think it's all going to come to a head here in the next couple of months with this GSA RFQ and the awards that go around it. They're going to give companies about six months of a ramp to get an ATO with GSA to be able to move forward and sell-off of this contract.

Now, that doesn't take into account that there's already a few thousand charging stations out there. And then, there will be a group of people that say, "Well then, let's just put in a non-network station." And then, what happens is some random person comes in and plugs their personal vehicle in at a military site that you think that thing is behind a fence.

They plug in, and it's like, "Oh, but they're plugging in and they're getting free gas or free fuel, free electricity." And then, it becomes a really major issue. So, you need those access controls. So, you need them to be connected. But then, that opens up the security can of worms. But I think they're getting a good grasp around it.

And then, the whole supply chain risk management is starting to come into play. There's a lot of rules around that, and having your CRM plan and all this different stuff. There's a lot. We know there's a lot of requirements, but there's a lot that they're looking at related to EVSE as well.

 

 

[41:04] Infrastructure vs. Government Security Requirements

Matt: Again, that plug-in charge also will change the game even further because now the car is communicating with the station. And one last thought, when you get into telematics and a lot of these EVSE can talk to the telematics, now you've got the GPS telematics, data, and that type of thing. So, you can know where the vehicles are. So, that's going to start to come into play as well. And they're thinking ahead on that to some extent.

Eric: Okay, Rachael, question for you. We had the Sudhakar on from SolarWinds. In December, we've had a number of guests talking about, since the show started really, building security in from the beginning. Sudhakar talked about security by design.
What happens here where the infrastructure is not necessarily in alignment with government security requirements. But the government is driving to make things more efficient, reduce costs, modernize, adopt green technologies, and security may slow down that 25% adoption. I think it was 25% by 2027.

Matt: It's a hundred percent light duty.

Eric: Thank you. A hundred percent, right. So, what's going to win out, Rachael?

Rachael: Hey, I mean, sometimes you got to move at speed to get it done. I know you said climate aside, but these things are really, really important. And if we're going to hit targets, sometimes you have to work in parallel. 

 

The Mission Needs to Supersede the Requirement

Eric: So, we're moving away from security built-in from the beginning because the mission needs to supersede the requirement to adhere to government security requirements. That's really the discussion they're going to have to have. 

Matt: One good example that came up with an agency. I don't want to name company names. And it stinks because it's pretty obvious when I said it. But ride-sharing programs, compared to a telematics provider. Telematics, it's no brainer. FedRAMP is really, really applicable, but a ride-sharing program may not be. That's a comparison that I had on a conversation with a federal IT security person, where they compared it to that.

So, being that the rideshare program, it's not as important to have the security around it and that type of thing. They're trying to take this ball and put it into a bucket or whatever and fit it nice and tidy. But it's very unique. And like I said, the data is pretty insignificant.

So, theoretically, it seems like it's an added as-a-service. And I've heard government IT professionals say that too. Theoretically, it's an as-a-service. But the software really, it's not really providing any real significant federal data.

Eric: The government doesn't have that distinction. If we were dealing with a commercial company, somebody could very easily say, "Okay, hey, the risk is clearly worth the reward." And I think what we're arguing here, Matt, is this is a no-brainer. The commercial industry is doing it. We've got 700,000 vehicles. We've got to do it.

 

 

Electric Vehicles Is the Right Way to Go

Eric: The FedRAMP team may be like, "Hey, no problem. Do it the way we say." And then, their response is, "But it'll take too long," And they'll say, "Well, that's the way..." There's a trade-off here. Someone's going to have to make that decision.

I agree with you. What's the risk? I mean, I think the risk is greater that the cars have microphones and cameras and all kinds of sensors in them that you could tap into potentially. Then getting fueling data or charging data. I agree with you. I hope somebody does make the right decision because we could save the country a lot of money here. We can improve our services.

I fundamentally believe that as someone who's about to step into the electric vehicle market myself. I absolutely believe this is the right way to go. It's just how do you do it securely.

Matt: I agree. You hit the nail on the head with everything you just said. So, I agree.

Eric: And I think government organizations are going to need help. The typical facilities or procurement person may not know how to take, "Hey, we're going to be a hundred percent BEV by 2027." It strikes me as early, I don't know, it's probably 2010, '12 when the government's cloud first.

And all of a sudden, everybody just started pouring things into the cloud without understanding cost and security. How to optimize and how to leverage really the benefits of what the cloud brought them, the pros and cons. I think we'll be better off here because people understand it commercially a lot better. I hope so.

 

 

Part Two in September

Matt: Absolutely. And I'm happy to do part two, by the way, if we want to. Because I think a follow-up would be good once this GSA RFQ is awarded in April, supposedly prior on mid-April, then the next six months after that. So, going into the end of the federal fiscal year into October, that's when companies that are awarded this contract have to be up to cybersecurity wise based on the requirements in the RFQ and getting that ATO at GSA.

So, in, say, six to seven months, I think a lot of the questions we have that we're talking about right here will be answered as to which way they're going to go. And then, there's a whole supply chain.

Eric: Okay. It's a date. August, September, what do you want?

Matt: Something in September would more than likely tell us the bigger picture on this. It's going to be really interesting.

Matt: The fact that the federal fleet, they want a 25% by two years ago, and they're only at one percent.

Eric: How many Studebakers are still in the federal fleet? That would be a question I'd want to know. Probably not a lot. But '76 Malibu, I'm betting there are a couple lying around.

Matt: There's probably some that fell through the cracks. There are some really old cars. Well, there's numbers. I mean, some of these really large federal fleets. Again, I won't name names. Because I've been doing this for eight years, I've had some really interesting conversations with some really interesting fleet managers and groups. And anyway, one of the larger fleet-sized groups said that 50% of their fleet is five miles or less per day, which is crazy.

 

 

RFQ

Eric: And those aren't bicycles.

Matt: No, they're not. So, they average less than five miles a day. And then, there's obviously some of the federal fleet where they're driving a couple of hundred miles a day. Another thing that opens up, and I know we've got to go, but the infrastructure bill is going to help that because these agencies for those types of vehicles will have to use infrastructure that's in place for the private industry.

How do you do that? You use the charging station by connecting your WEX card, which is a way to express your fueling card, to fuel up at electric vehicles’ charging station as well. And so, that integration is coming, is in play with all of this too. So, those longer vehicles are going to need to leverage infrastructure outside of their federal site.

Eric: Right, because you're not driving from base to base, or government building to government building. So, September, we'll follow up there. 

Rachael: Good luck with your RFQ. What does the Q stand for?

Matt: Request for quote. So, really, what that means is it's GSA Schedule holder, so they call it an RFQ instead of an RFP.

Eric: That usually means it's closer to the finish line, than an RFP, request for proposal, or an RFI, which is a request for information. Any of the three, it usually means they're more serious and more likely to do something in the near term.

Rachael: Awesome. I love it. All right, cool. So, thanks to our listeners again for joining us this week as always. And again, don't forget to subscribe. You get Matt delivered fresh to your inbox on Tuesdays. And you're not going to want to miss this episode or the follow-up in September. 

 

 

About Our Guest

Matt Bianco is a thought leader within the US Federal Government ecosystem related to Electric Vehicle (EV) Charging integration which includes strong knowledge of POV/GOV programs (workplace/fleet), hardware/software solutions, infrastructure, policy, etc. With partnerships across the industry including ChargePoint, Apollo Sunguard (SDVOSB), Beam Global, Freewire, etc, Matt has the ability to assist in formulating a plan that will cover every aspect of executing a flawless and easy Federal EV charging program. Other focuses include Cybersecurity initiatives and software solutions.