ALBUQUERQUE, NM – With the proliferation of EVs, the risks and threats of a cyber attack on EV charging facilities and systems are increasing. Jay Johnson, an electrical engineer at Sandia National Laboratories, has been investigating the multiple vulnerabilities of electric vehicle charging infrastructure for the past four years.
Johnson and his team recently published a summary of known vulnerabilities in electric vehicle chargers in the trade journal Energies.
“By conducting this survey of EV charger vulnerabilities, we can prioritize recommendations to policymakers and inform them of what safety improvements are needed by the industry,” Johnson said. “The bipartisan infrastructure bill provides $7.5 billion for EV charging infrastructure. As part of this funding, the federal government is asking states to implement physical and cybersecurity strategies. We hope our review will help prioritize hardening requirements set by states. Our work will also help the federal government standardize best practices and mandate minimum safety levels for electric vehicle chargers in the future.”
EV charging infrastructure has multiple weaknesses, ranging from skimming credit card information — just like at a traditional gas pump or ATM — to using cloud servers to take over an entire EV charging network.
Sandia researchers are collaborating with experts from Argonne, Idaho and the Pacific Northwest National Laboratories; the National Renewable Energy Laboratory; and others as the National Security Laboratory Team.
“We are focused on larger impacts on critical infrastructure as we electrify more parts of the transportation industry,” Johnson said. “We have investigated possible effects on the power grid. As law enforcement and other government agencies consider moving to electric vehicles, we also considered how the inability to charge vehicles might impact operations.”
Brian Wright, a Sandia cybersecurity expert on the project, agreed on the scale of the challenge.
“We don’t want bad things to happen to the power grid, and we want to protect EV drivers and protect the people who work on the equipment,” Wright said. “Can the power grid be affected by charging stations for electric vehicles? Absolutely. Would that be a challenging attack? Yes. It’s in the realm of what villains could and would do in the next 10 to 15 years. So we need to be ahead of the curve in solving these problems.”
The team examined a few entry points, including vehicle-to-charger connections, wireless communications, EV operator interfaces, cloud services and charger service ports. They looked at traditional AC chargers, DC fast chargers, and ultra-fast chargers.
The survey identified multiple vulnerabilities on each interface. For example, communication between the vehicle and the charging station could be intercepted and charging sessions terminated from a distance of more than 50 meters. EV owner interfaces were mainly vulnerable to skimming private information or changing charging prices. Most electric vehicle chargers use firewalls to disconnect from the internet for protection, but researchers at Argonne National Laboratory found that some systems didn’t. Additionally, a team from the Idaho National Laboratory found that some systems were vulnerable to malicious firmware updates.
The multi-lab team found many reports of Wi-Fi, USB, or Ethernet service ports for chargers allowing for system reconfiguration. Local access could allow hackers to jump from one charger to the entire charger network via the cloud, Johnson said.
Patches and next steps
In the paper, the team proposed several fixes and changes that would make the US electric vehicle charging infrastructure less vulnerable to exploitation.
Those proposed fixes include strengthening EV owner authentication and authorization, such as with a plug-and-charge public key infrastructure, Johnson said. They also recommended removing unused charging access ports and services and adding alarms or alerts to notify charger companies when changes are made to the charger, e.g. B. when the charging cabinet is opened. For the cloud, they recommended adding network-based intrusion detection systems and code-signing firmware updates to prove an update is authentic and unmodified before installing it. Sandia has created a best practices document for the charging industry.
With this review complete, the Sandia team has secured follow-on funding to fill some of these gaps. They are working with national laboratories in Idaho and the Pacific Northwest to develop a system for electric vehicle chargers. This system will use cyber-physical data to prevent bad guys from affecting EV charging infrastructure.
The team is conducting another research project that includes evaluating public-key infrastructures for EV charging, providing security recommendations to owners of charging infrastructure networks, developing training programs on cybersecurity in EV charging, and assessing the risk of the various vulnerabilities includes. Risk analysis looks at both the likelihood of something bad happening and the severity of that bad thing to determine which changes would have the greatest impact.
“Government can say ‘make secure electric vehicle chargers,’ but budget-minded companies don’t always go for the most cyber-secure implementations,” Wright said. “Instead, the government can support the industry directly by providing fixes, advice, standards and best practices. It’s impossible to come up with solutions if you don’t understand the state of the industry. This is where our project comes in; We did research to find out where we stand and which gaps would be the fastest and most effective to fix.”
This work was supported by the Department of Energy Vehicle Technologies Office and the Office of Cybersecurity, Energy Security and Emergency Response.
Sandia National Laboratories is a multipurpose laboratory operated by National Technology and Engineering Solutions of Sandia LLC, a wholly owned subsidiary of Honeywell International Inc., for the US Department of Energy’s National Nuclear Security Administration. Sandia Labs has significant research and development responsibilities in the areas of nuclear deterrence, global security, defense, energy technologies and economic competitiveness, with principal facilities in Albuquerque, New Mexico and Livermore, California.
Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of the press releases published on EurekAlert! by contributing institutions or for the use of information about the EurekAlert system.