IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Will EV Charging Infrastructure Be Ready for Cyber Attacks?

A Sandia National Laboratories study determined that electric vehicle charging stations are vulnerable to cyber attacks. What might happen next — and how hard will this be to fix?

EV charging station
Shutterstock/Matej Kastelic
Electric vehicle charging stations are vulnerable to a number of different cyber attack scenarios, according to Sandia National Laboratories. In a press release dated Nov. 15, 2022, a Sandia Labs research report described how a review of vulnerabilities helps prioritize grid protections and inform public policymakers. Here’s an excerpt:

“With electric vehicles becoming more common, the risks and hazards of a cyberattack on electric vehicle charging equipment and systems also increases. Jay Johnson, an electrical engineer at Sandia National Laboratories, has been studying the varied vulnerabilities of electric vehicle charging infrastructure for the past four years.

“Johnson and his team recently published a summary of known electric vehicle charger vulnerabilities in the scientific journal Energies. …

“Electric vehicle charging infrastructure has several vulnerabilities ranging from skimming credit card information — just like at conventional gas pumps or ATMs — to using cloud servers to hijack an entire electric vehicle charger network.”

MEDIA COVERAGE AND CONCERNS


The media coverage on this report was wide and global.

The Register (U.K.) led with the headline, “Shocker: EV charging infrastructure is seriously insecure,” and wrote:

“If you’ve noticed car charging stations showing up in your area, congratulations! You’re part of a growing network of systems so poorly secured they could one day be used to destabilize entire electrical grids, and which contain enough security issues to be problematic today.

“That’s what scientists at Sandia National Laboratory in Albuquerque, New Mexico have concluded after four years of looking at demonstrated exploits and publicly-disclosed vulnerabilities in electric vehicle supply equipment (EVSE), as well as doing their own tests on 10 types of EV chargers with colleagues from Idaho National Lab.”

GCN offered this analysis: “‘Right now, there’s a bit of a Wild West mentality out there,’ said Kayne McGladrey, field chief information security officer at security software company Hyperproof and a senior member of the Institute of Electrical and Electronics Engineers. ‘Companies are incentivized for being first to market, not necessarily most secure to market. Because security costs money and because it requires time and resources, naturally that becomes a lower priority.’

“EVs themselves have already been shown by researchers to be vulnerable to attack, but the cybersecurity of charging infrastructure has flown under the radar until relatively recently.”

Finally, states are also getting into the act. Michigan released this Electronic Vehicle Infrastructure Deployment plan in August 2022. The plan has a section on known risks and challenges, which includes cybersecurity risks. And this was a hot topic in October at the Michigan Cyber Summit, which I covered here.

FINAL THOUGHTS


I fully expect to revisit this topic in 2023 and beyond. But for now, government and especially states should be researching the cybersecurity issues surrounding EVs, and charging infrastructure is an important component.

This report from Sandia Labs is a good place to start.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.