Vulnerabilities of electric vehicle charging infrastructure

With electric vehicles becoming more common, the risks and threats of cyberattacks on electric vehicle charging systems and equipment also increase. Jay Johnson, an electrical engineer at Sandia National Laboratory, has been studying various vulnerabilities of electric vehicle charging infrastructure for the past four years.

Johnson and his team recently published a summary of known electric vehicle charger vulnerabilities in the journal Energy.

“By conducting this survey on electric vehicle charger vulnerabilities, we can prioritize recommendations to policymakers and inform them about security improvements,” Johnson said. which is necessary for the industry”.

“The bipartisan Infrastructure Law allocates $7.5 billion for electric vehicle charging infrastructure. As part of this funding, the federal government requires states to implement cybersecurity strategies. and physical. We hope our review will help prioritize enhancement requests established by states. Our work will also help federal government standardize best practices and prescribe a minimum level of security for electric vehicle chargers in the future. “

Compile vulnerabilities

Electric vehicle charging infrastructure has a number of vulnerabilities, from skimming credit card information — like at gas pumps or regular ATMs — to using cloud servers to take over entire networks. electric car charger.

The Sandia researchers are working with experts from the Argonne, Idaho and Pacific Northwest national laboratories; National Renewable Energy Laboratory; and others as a national security laboratory group.

“We’re focused on the larger impacts on critical infrastructure as we electrify more of the transportation industry,” Johnson said. “We studied the potential effects on electricity networks. Also, like executive and other government agencies considering switching to tramWe’ve been thinking about how not being able to charge the car might affect performance. “

Brian Wright, a Sandia cybersecurity expert on the project, agreed on the scale of the challenge.

“We don’t want bad things to happen to the grid, and we want to keep electric vehicle drivers safe and protect people working on equipment,” said Wright.

“Can the grid be affected by electric vehicle chargers? Absolutely. Is that a challenging attack? Yes. It’s within the range of what the bad guys can and will do. in the next 10 to 15 years. That’s why we need to stay ahead of the curve in solving these problems.”

The team looked at several input points, including vehicle-to-charger connectivity, wireless communication, electric vehicle operating interface, cloud computing service and charger maintenance ports. They looked at regular AC chargers, DC fast chargers, and ultrafast chargers.

The survey noted several vulnerabilities per interface. For example, vehicle-to-charger communication can be blocked and charging sessions end more than 50 yards away. The electric vehicle owner interface is mostly prone to skimming personal information or changing charger prices.

Most electric vehicle chargers use firewalls to isolate themselves from the Internet for protection, but Argonne National Laboratory researchers discovered some systems do not. Additionally, an Idaho National Laboratory team found some systems to be vulnerable to malware updates.

The multi-lab team found multiple reports of Wi-Fi, USB, or Ethernet charger maintenance ports allowing system reconfiguration. Johnson said local access could allow hackers to switch from one charger to an entire charger network via the cloud.

Patches and next steps

In the paper, the team proposed a number of fixes and changes that would make the US electric vehicle charging infrastructure less vulnerable to exploitation.

These suggested fixes include enhanced electric vehicle owner authentication and authorization, such as with Plug-and-Charge public place infrastructure, Johnson said. They also recommend removing unused charger access ports and services and adding alerts or warnings to notify charger companies when changes are made to chargers, such as if charger cabinet is open.

For the cloud, they recommend adding a network-based intrusion detection system and updating the code signing firmware to demonstrate that the update is authentic and unmodified before it’s installed. Sandia has created a best practice document for the charging industry.

Now that this review has been completed, the Sandia team has received follow-up funding to address some of these gaps. They are working with the national laboratories of Idaho and the Pacific Northwest to develop a system for electric vehicle chargers. The system will use network-physical data to prevent bad actors from tampering with electric vehicle charging infrastructure.

The team has another research project that involves evaluating public key infrastructures for electric vehicle charging, making tougher recommendations for charging the infrastructure network owners, develop training programs on electric vehicle charging network security, and assess the risk of various security vulnerabilities. Risk analysis looks at both the likelihood of something bad happening and the severity of that bad thing to determine which changes will have the most impact.

“The government can say ‘safe power generation’ transport Wright said.

“Instead, the government can directly support the industry by providing fixes, advisories, standards and best pratice. It is not possible to create a solution if you do not understand the state of the industry. That’s where our project comes in; We did the research to find out where we are and what gaps would be filled with the fastest and most impact. ”