Last summer a technical report from a project that intended to provide the power, security, and automotive industry a strong technical basis for securing the EV charging infrastructure by developing threat models, determining technology gaps, and identifying or developing effective countermeasures. For example, a cybersecurity threat model and a technical risk assessment of electric vehicle supply equipment (EVSE) assets across multiple manufacturers and vendors were created, so that automotive, charging, and utility stakeholders could better protect customers, vehicles, and power systems in the event of new cyber threats.
However, concerns about the ongoing electrification of the transport sector are still rising over the cybersecurity of electric vehicle (EV) charging infrastructure as cyberattacks targeting vehicle charging actually have the potential to impact several critical infrastructure sectors including power systems, manufacturing, medical services, and agriculture.
For example, charging stations must communicate via grid operators, vehicles, OEM vendors, charging network operators, etc. in order to authorize charging, sequence the charging process, and manage load. This makes the related research challenging, especially since there are the interests of many end users, stakeholders, and software and equipment vendors involved.
Additionally, recent research has identified vulnerabilities in the Open Charge Point Protocol (OCPP) which could allow hackers to carry out distributed denial-of-service (DDoS) attacks or steal sensitive information. Also, an Idaho National Laboratory survey identified outdated Linux versions, unnecessary services, and inadequate controls.
Hence, cybersecurity experts claim that cybersecurity measures and a comprehensive charging infrastructure must be implemented. And something that they underline is that many EV chargers are considering an IoT technology which should at least ensure encrypted communications to maintain security.
Due to the limited best practices adopted by the EV/EVSE industry and no comprehensive EVSE cybersecurity approach, there is an incomplete industry understanding of the attack surfaces, interconnected assets, and unsecured interfaces. Comprehensive cybersecurity recommendations founded on sound research are therefore necessary to secure EV charging infrastructure.
According to this article, experts are hence suggesting that the U.S. government should strengthen cybersecurity with standards and best practices. Several initiatives are recommended to strengthen cybersecurity, including improving EV owner authentication and authorization, adding more security to the cloud component of the charging infrastructure, and hardening the actual charging units against physical tampering.
Other interesting reading related to the cybersecurity within the automotive domain:
- The Wall Street Journal writing about if EVs can be hacked.
https://www.wsj.com/articles/could-electric-vehicles-be-hacked-71a543e3 - Vulnerabilities in API security of connected cars.
https://www.openaccessgovernment.org/api-security-risks-automotive-industry-connected-cars/153052/