Electric vehicle (EV) adoption is gaining speed, and the nation’s charging network is surging to keep up. On the heels of aggressive federal legislation in 2022, billions of dollars are beginning to flow toward growing the EV charging network to make it more accessible for anyone, anywhere.
Yet, with that aggressive expansion comes a new and serious concern: EV charging cybersecurity. Until recently, this issue hasn’t received enough attention. But in July 2022, Sandia National Laboratories released a report featuring research, funded by the U.S. Department of Energy, that brought it to the forefront of the national conversation.
The Sandia report called attention to numerous critical vulnerabilities within EV charging stations and their networks. And, although significant cyberattacks haven’t yet occurred, the report acknowledges the obvious: It’s only a matter of time. And the onus now is on legislators, EV charging manufacturers and station operators to shore up security so we’re ready when the inevitable happens.
What Is EV Charging Cybersecurity?
In the age of the internet, in which we’re all digitally connected across countless networks, cybersecurity is an important aspect of everyday life. Our personal information is available everywhere, whether it’s our credit card details in a retail store’s point-of-sale system or our Social Security numbers on the web. Protecting that sensitive information from cyber threats is critical for a functioning society.
Yet, it usually takes a significant cyberattack to expose vulnerabilities in any particular network, especially one that’s relatively new. Retailers, online gaming networks, and even credit bureaus have all been exposed in recent years, and each attack leads to new security measures.
The nation’s EV charging network is no different, in the sense that it represents another channel through which cybercriminals can attempt to steal sensitive personal information or damage a competitor. In some ways, though, the nature of the threat is different. What if someone could use a charging station to take control of an autonomous vehicle, for instance? EV charging cybersecurity is the art of designing a set of systems and processes to protect against these dangers.
Why Federal Officials Are Concerned About EV Charging Cybersecurity
So far, we haven’t seen a major attack on an EV charging station or network. Attacks do happen, though, and there is evidence that they’re growing in number.
In October 2022, Forbes reported that charging stations in Russia had been used to broadcast anti-Putin messages. Meanwhile, 2021 marked the first year that charging stations saw more hacking attempts from “black hat” actors with ill intent than “white hat” ones simply trying to expose vulnerabilities. Deloitte also reported that more than 50% of all cybersecurity-related automotive events — many of which involve remote vehicle access — have taken place in the last two years.
These threats only grow as the national EV charging network expands and more EV drivers take the road. And, although EV cybersecurity deals with more than just the charging infrastructure, the Sandia report identified several key cybersecurity threats to EV charging stations and networks. These include:
Vehicle-to-charger communications: Hackers can intercept communications between a vehicle and charger from up to 50 yards away. This leaves users vulnerable to having data stolen during a charging session or even having messages injected into their vehicle via the charger.
Inadequate firewalls and encryption: The report found that networks generally don’t follow best practices for data encryption or establishing firewall defenses. Ultimately, an attacker who breaks into one charger may be able to gain easy access to the entire network.
Malicious firmware: EV charging networks don’t have adequate protections in place to prevent attackers from deploying network-wide firmware that can give them control over the entire network. A bad actor could use this, for instance, to disable charging on a competitor’s vehicle fleet and disrupt their operations.
These are just a few of the key cybersecurity threats in EV charging stations and networks, and more are likely to develop. Many EVs are now capable of over-the-air software updates, for example. While this simplifies the process of deploying cybersecurity software updates, it also opens up these vehicles to a different attack channel.
Potential EV Cybersecurity Measures
The Sandia report ultimately outlines many potential problematic scenarios, and it’s clear much more work is needed to bolster EV charging cybersecurity. Its recommendations target best practices for several key players, from charging station manufacturers and network administrators to the businesses that operate each individual station.
EV Charging Station Equipment and Operations Security
The report recommends that manufacturers add tamper-detection systems and alarms for any enclosures or access points on EV charging equipment. Alarms must be prompt to ensure timely responses, and all information stored in the system must be encrypted. It also calls for manufacturers and software developers to follow secure software development practices
EV Charging Network Security
Charging networks need extensive security standards to adhere to cybersecurity best practices. This includes, for instance, better network segmentation, more extensive traffic encryption, and more limited access.
Business Network and Operations Security
Network and station security aren’t complete without the participation of the businesses that run them. To that end, the report calls for more secure coding practices, separation of privileges, and general cybersecurity best practices for things like internal assessments to mitigate insider threats.
Stay Secure With EV Connect
As the national EV charging infrastructure grows, EV charging security must be a top priority for everyone involved. If your business chooses to electrify its fleet or install public charging stations, you need to be confident you can do it securely.
EV Connect’s network offers that assurance. Our software makes it easy to secure station access, limiting it only to approved drivers and groups. Drivers can report station violations or misuse directly from the app. And we’re constantly updating software and firmware to ensure it meets current security standards. Our commitment to keeping our platform secure is based on the leading industry standards, and as standards upgrade and improve, we are always striving to stay ahead of the curve.
Rolling out EV charging stations doesn’t have to compromise security for your business or its customers. To learn more about how EV Connect can help you make sure it doesn’t, contact us today.
Sandia National Laboratories – Cybersecurity for Electric Vehicle Charging Infrastructure
Motorbiscuit – Hackers Are Targeting EV Charging Stations
Green Car Reports: Feds Examine EV Charging Cybersecurity as Infrastructure Grows