Published on June 8, 2023
The industry is in the midst of a rapid expansion phase. New EV charging stations are popping up in parking lots and on street corners the world over. However, the new installations could prompt cyber attackers to target EV charging networks, the vehicles themselves, and/or the connected power grids. Even here in India, where the Indian Computer Emergency Response Team (CERT-In) has received reports of vulnerabilities in products and applications related to electric vehicle charging stations.
For many connected devices, the race-to-market has translated to cyber security measures that were ‘bolted on,’ but not ‘built in’. In other words, cyber security was largely an afterthought. In the case of electric vehicle chargers, that’s a particularly unsettling prospect, as EV chargers are interlinked with other infrastructure.
The National Institute of Standards and Technology (NIST) has commented on the enormity of the cyber safety concern pertaining to electric vehicle charging stations:
“EVSE [Electric Vehicle Supply Equipment] is supported by electronics, both for charging the vehicle and facilitating communications, so EVSE is susceptible to cyber security vulnerabilities and attacks. EVSE also ties together two critical sectors — transportation and energy (specifically, the grid) — that have never been connected electronically before. This creates the potential for attacks that could have significant impacts in terms of money, business disruptions and human safety.”
Cyber attacks that exploit EV charging station weaknesses may be able to cause power fluctuations and power outages, as attacks would suddenly alter the demands of EV charging networks. Alternatively, might a cyber attack completely disable EV charging infrastructure, stranding drivers? This would be similar to cutting off the fuel supply, which almost occurred on the East Coast of the U.S, during the Colonial Pipeline attack.
The examples above represent just a handful of the ugly scenarios that cyber security and electric vehicle supply equipment researchers have written about. A few researchers have already come across vulnerabilities that could allow cyber criminals to remotely shut down EV chargers or steal electricity.
As a society and within the cyber security community, we must work together to address this type of cyber risk.
While this list might not be comprehensive, it offers strong starting points…
Over a million lines of code are embedded into many of today’s cars. Automotive software has never been more complex. Now, the challenge is how to secure all of it.