EV Charging Infrastructure Potentially Unprepared for Cyberattacks – EQ Mag

Electric vehicle charging stations are vulnerable to a number of different cyberattack scenarios, according to Sandia National Laboratories. In a press release dated Nov. 15, a Sandia Labs research report described how a review of vulnerabilities helps prioritize grid protections and inform public policymakers.

“With electric vehicles becoming more common, the risks and hazards of a cyberattack on electric vehicle charging equipment and systems also increases,” the press release stated. “Jay Johnson, an electrical engineer at Sandia National Laboratories, has been studying the varied vulnerabilities of electric vehicle charging infrastructure for the past four years.

“Johnson and his team recently published a summary of known electric vehicle charger vulnerabilities in the scientific journal Energies. …Electric vehicle charging infrastructure has several vulnerabilities ranging from skimming credit card information — just like at conventional gas pumps or ATMs — to using cloud servers to hijack an entire electric vehicle charger network.”

The media coverage on this report was wide and global. The Register (U.K.) led with the headline, “Shocker: EV charging infrastructure is seriously insecure,” and wrote, “If you’ve noticed car charging stations showing up in your area, congratulations! You’re part of a growing network of systems so poorly secured they could one day be used to destabilize entire electrical grids, and which contain enough security issues to be problematic today.”

“That’s what scientists at Sandia National Laboratory in Albuquerque, New Mexico have concluded after four years of looking at demonstrated exploits and publicly disclosed vulnerabilities in electric vehicle supply equipment (EVSE), as well as doing their own tests on 10 types of EV chargers with colleagues from Idaho National Lab.”

GCN offered this analysis: “ ‘Right now, there’s a bit of a Wild West mentality out there,’ said Kayne McGladrey, field chief information security officer at security software company Hyperproof and a senior member of the Institute of Electrical and Electronics Engineers. ‘Companies are incentivized for being first to market, not necessarily most secure to market. Because security costs money and because it requires time and resources, naturally that becomes a lower priority.’ ”

“EVs themselves have already been shown by researchers to be vulnerable to attack, but the cybersecurity of charging infrastructure has flown under the radar until relatively recently.”

Finally, states are also getting into the act. Michigan released its Electronic Vehicle Infrastructure Deployment plan in August. The plan has a section on known risks and challenges, which includes cybersecurity risks. And this was a hot topic in October at the Michigan Cyber Summit.

Source: PTI