“With electric vehicles becoming more common, the risks and hazards of a cyberattack on electric vehicle charging equipment and systems also increases. Jay Johnson, an electrical engineer at Sandia National Laboratories, has been studying the varied vulnerabilities of electric vehicle charging infrastructure for the past four years.
“Johnson and his team recently published a summary of known electric vehicle charger vulnerabilities in the scientific journal Energies. …
“Electric vehicle charging infrastructure has several vulnerabilities ranging from skimming credit card information — just like at conventional gas pumps or ATMs — to using cloud servers to hijack an entire electric vehicle charger network.”
MEDIA COVERAGE AND CONCERNS
The media coverage on this report was wide and global.
“If you’ve noticed car charging stations showing up in your area, congratulations! You’re part of a growing network of systems so poorly secured they could one day be used to destabilize entire electrical grids, and which contain enough security issues to be problematic today.
“That’s what scientists at Sandia National Laboratory in Albuquerque, New Mexico have concluded after four years of looking at demonstrated exploits and publicly-disclosed vulnerabilities in electric vehicle supply equipment (EVSE), as well as doing their own tests on 10 types of EV chargers with colleagues from Idaho National Lab.”
GCNoffered this analysis: “‘Right now, there’s a bit of a Wild West mentality out there,’ said Kayne McGladrey, field chief information security officer at security software company Hyperproof and a senior member of the Institute of Electrical and Electronics Engineers. ‘Companies are incentivized for being first to market, not necessarily most secure to market. Because security costs money and because it requires time and resources, naturally that becomes a lower priority.’
“EVs themselves have already been shown by researchers to be vulnerable to attack, but the cybersecurity of charging infrastructure has flown under the radar until relatively recently.”
Finally, states are also getting into the act. Michigan released this Electronic Vehicle Infrastructure Deployment plan in August 2022. The plan has a section on known risks and challenges, which includes cybersecurity risks. And this was a hot topic in October at the Michigan Cyber Summit, which I covered here.
FINAL THOUGHTS
I fully expect to revisit this topic in 2023 and beyond. But for now, government and especially states should be researching the cybersecurity issues surrounding EVs, and charging infrastructure is an important component.
This report from Sandia Labs is a good place to start.