State Transport Units (STUs) are increasingly using electric buses (EVs) as a result of India's quick shift to sustainable mobility. Although there are many operational and environmental benefits to this development, like lower fuel prices, fewer greenhouse gas emissions, and quieter urban transportation, there are also serious cybersecurity dangers. The attack surface for potential cyber threats is expanded by the integration of connected technologies, such as cloud-based fleet management, real-time monitoring, and vehicle telematics. Although these systems make fleet operations smarter and more efficient, they are intrinsically susceptible to remote manipulation, data breaches, and unwanted access. This study looks on cybersecurity flaws unique to connected passenger electric vehicles (EVs) that run on India's public transit system. Electric vehicle supply equipment (EVSE), telematics control units (TCUs), over-the-air (OTA) update systems, and in-car networks (such as the Controller Area Network or CAN bus) are important areas of interest. Potential interruptions to vehicle functionality and passenger safety are examined in relation to common attack techniques such spoofing, data injection, denial-of-service (DoS), and remote code execution. In comparison to international standards like ISO/SAE 21434 and UNECE rules R155/R156, the report also assesses regulatory and compliance deficiencies in India. It lists the operational difficulties that Indian STUs encounter, including as antiquated infrastructure, a deficiency in cybersecurity knowledge, and a lack of established protocols.
The paper suggests a plan for installing a Cybersecurity Management System (CSMS) in STU-operated EV fleets in order to reduce these threats. Strong incident response mechanisms, focused training initiatives, and the creation of cybersecurity standards tailored to India are among the recommendations. Implementing these measures will enhance the resilience of electric vehicle infrastructure against emerging cyber risks. Furthermore, collaboration between government agencies, industry stakeholders, and academic institutions is emphasized to ensure a comprehensive cybersecurity framework.