As electric vehicles (EVs) – and the EV charging infrastructure that supports their use – have become more common, the security vulnerabilities of these charging systems have made them attractive targets for hackers. From exposed user and charger data to a lack of proper authorization keys, the weaknesses discovered through white-hat security research show a real need to strengthen defenses to protect drivers and fleet operators.
A recent survey of EV sector professionals showed 39% think security is the top challenge to adopting IoT-based EV infrastructure. This is one of the reasons the U.S. Department of Defense has started building robust cybersecurity requirements into RFPs for EV charging station projects.
There are several ways that attackers can compromise charging stations. For example, hackers can copy the Near-Field Communication cards customers use to handle billing. Elsewhere, a station’s communications networks might be using an out-of-date, unencrypted HTTP protocol, opening up the possibility of someone gaining root access without permission. Even USB ports at the stations themselves are vulnerable places through which bad actors can copy malware onto the station’s drive.
For EVs to become more widespread, drivers have to be confident they can charge them safely and securely. But the risks go beyond early adopters of this more sustainable mode of transportation – attacks on EV infrastructure could affect whole cities or regions.
Attacks on EV Infrastructure Can Put The Power Grid At Risk
Poor security for IoT-based EV infrastructure has the potential to not just affect the vehicles and charging stations themselves, but the entire power grid. In the U.S., for example, the grid comprises three interconnected regional systems that include more than 7,300 power plants, 160,000 miles of high-voltage power lines, and many distribution transformers and low-voltage power lines that deliver that energy to homes and businesses.
Compromised EV chargers can serve as a gateway to launch a large-scale denial-of-service attack on multiple charging sites. This could then potentially overload the grid, leading to localized or regional blackouts. If cities convert their emergency service fleets to EVs, those vehicles could be out of commission during an attack, disrupting critical services that could mean life or death.
As the number of EVs increases, the feasibility of a cyberattack on the grid through EV charging infrastructure will also rise. Such an attack could subvert the grid’s frequency stability, which varies as a power system’s load and amount of generation required to meet that load also change.
Government agencies have only recently examined how policy can protect the grid and ensure EV infrastructure is well-defended. Because the technology that drives EV chargers and the vehicles themselves is still relatively new, there are fewer standards for how they are manufactured and secured. This leaves room for policy solutions that set the bar for how EV infrastructure cybersecurity is managed.
How to Protect EV Charging Infrastructure
In absence of comprehensive policy guidance, the best way to protect EV charging infrastructure is to consider security a top priority from the planning stage through rollout. Here are some ways to mitigate risk within a charging network:
- 1/ Adopt A Zero Trust Mindset: Ensure good user authentication practices are in place at every layer of the IoT network, including hardware and software access points.
- 2/ Intrusion Detection Software: Making sure network administrators can see intrusion alerts across an EV charging network will help ensure any attack is caught and addressed quickly.
- 3/ Ensure IoT Device Security: Every IoT device on the EV charging network should be fortified with strong authentication protocols, updated password hashes, and secure string-handling functions. Eliminating hidden backdoors is important, as well.
- 4/ Eliminate Public and Fixed IP Addresses: Public IP addresses pose a considerable risk to IoT deployments, like EV charging station networks, that manage large numbers of devices. Eliminating them makes it harder for hackers to illegally access devices and the networks in which they operate. Remote access via Soracom’s Napter service is another way to ensure chargers within a network do not require fixed IP addresses or VPN access, making them effectively invisible to the Internet at large.
- 5/ Stay Current: The simplest and most effective way to protect your IoT network and connected devices is to run the most up-to-date software. Make sure software and firmware are regularly updated and patched, and change passwords from the default to boost security. Doing this via a secure remote-access tool can make this process faster and more efficient.
As EV charging infrastructure proliferates, these security measures will enhance the safety and security of EV charging networks and the grid within which they operate. That, in turn, will help build more confidence in the safe operation of personal EVs and electrified fleets.
……….
To hear more best-practice security considerations when deploying an EV charging solution to market, check out Taking Charge: EV Infrastructure Rollouts Done Right. This free webinar features our special guest, Petar Georgiev from EV solutions company AMPECO, who discusses how to anticipate and address the operational and technical challenges of EV charging infrastructure rollout.