Today, about one in seven cars sold worldwide is electric, according to a report by the International Energy Agency (IEA). While this is good news for the environment—with the potential to decarbonize road transport, which accounts for 16% of total carbon emissions—this also presents a rising threat of cyberattacks targeting EV charging stations.
The interconnectedness of EV charging stations, data flow networks and utility power distributors leaves users and the EV and grid infrastructure particularly vulnerable to various cyberattacks. With transportation and energy (the electric grid) now connected electronically for the first time, there’s a higher degree of risk and little precedent available to inform best practices and proactive measures.
This invites a perfect storm for vulnerabilities, from criminals stealing credit card information, much like they can at conventional gas stations or ATMs, to hackers reconfiguring EV infrastructure through insecure USB chargers, Wi-Fi and ethernet maintenance ports. EV charging stations connected via mobile applications carry the same risks as other internet of things (IoT) devices, but the consequences of an attack can be particularly significant since EV chargers are integrated into the transportation network. And when EV charging stations are connected to public networks, communications must be encrypted to ensure security and public confidence.
The impacts of a charging station cyberattack can be far-reaching, ranging from failure to charge a vehicle to information theft, damage of EV batteries or other components, compromise of electric vehicle supply equipment (EVSE) life-safety systems, the shutdown of the entire charging network and misconfiguration of EVSE infrastructure that creates damaging or dangerous conditions.
Fortunately, there remains hope for a secure future if certain measures are followed. For starters, charging communication and testing standards must address and validate safety and performance between EVs and EVSE. In addition, establishing best practices can help companies prevent cybersecurity vulnerabilities. Performing technical security assessments can reveal and address vulnerabilities before hackers can take advantage. These factors should be considered as early as the design phase for vehicles, sensors, charging stations and supporting infrastructure.
With about 16.5 million electric cars in operation worldwide, the EV charging infrastructure is quickly expanding to keep up with demand. Given this rapid growth, it’s paramount that communication and testing standards are established to validate the safety of electric cars and charging stations.
The dangers that can result from a lack of cohesive standards extend far beyond just EVs and their chargers. As the transportation sector undergoes electrification, attacks on EV charging could reach critical infrastructure sectors such as power systems, medical services, manufacturing and agriculture. As charging stations increase power delivery capabilities, this risk is poised to grow.
A greater push for standardization would help ensure EV charging infrastructure is interoperable and meets a minimum standard for cybersecurity in both hardware and software. When it comes to validating e-mobility charging interfaces, modern design must meet standards set forth by organizations such as the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). This ensures safety, efficiency and interoperability for each electric car and the EVSE ecosystem. The National Institute of Standards and Technology (NIST) also provides a cybersecurity framework of standards and guidelines for the EV ecosystem within the U.S.
The EV and EVSE industry have limited best practices in place to prevent cyberattacks, but there’s a solid understanding that “comprehensive cybersecurity recommendations founded on sound research are necessary to secure EV charging infrastructure,” explained a recent cybersecurity report published by Sandia National Laboratories. In fact, Sandia developed threat models — which address spoofing, tampering, data breach and denial of service — as well as determined technology gaps and identified and developed effective countermeasures. This provided the industry with a strong technical basis for securing the EV charging infrastructure.
According to Sandia, some of the most recommended best practices include implementing secure coding practices, ensuring the NIST Cybersecurity Framework is used for cyberhygiene, encrypting all information storage devices, using network segmentation and virtual local area networks (VLANS) to isolate EVSE installations and utilizing secure trust principles like secure firmware and software, among others.
Performing technical security risk assessments across manufacturers and vendors helps to identify potential vulnerabilities quickly. In turn, this better protects customers, vehicles and power systems from cybersecurity threats.
During this process, a variety of factors are weighed, such as whether a hacker can pivot between components, systems and networks, how much damage can be done to the EV and EVSE ecosystem, how much knowledge is required by the attacker for specific actions, and whether suspects can synchronize their attacks to affect large portions of the grid simultaneously. These assessments unveil specific details such as the skill level and time it would take hackers to execute certain cyberattacks.
Security assessment tools help uncover potential risks within the EVSE, as well as in supply chains, business operations, cloud systems and development processes. Since the EVSE ecosystem is so intertwined, a singular vulnerability in one area holds the risk of impacting multiple additional areas.
As the race toward electrification continues, companies should focus not only on being first to market but on being secure. By emphasizing security as a top priority starting in the design phase of EVs, sensors, charging stations and supporting infrastructure, threats can be mitigated as overall confidence and trust in EVs and charging stations flourish.