As the electric vehicle market continues to rapidly grow in the U.S. and around the world, a new report out of Sandia National Laboratories shows the state of charging stations' cybersecurity vulnerabilities, and what businesses should do to secure their charging networks.
Four researchers at Sandia National Laboratories published an article in May, titled "Review of Electric Vehicle Charger Cybersecurity Vulnerabilities, Potential Impacts, and Defenses."
One of the most surprising findings in the article, said Jay Johnson, its main author, is the "broadness" of different approaches companies are taking to make their charging stations secure.
"We saw a very wide range of security practices," Johnson, principal member of technical staff at Sandia National Laboratories, said. "Everything from startup companies that hadn't even considered security to more established companies that have developed pretty substantial cybersecurity programs."
And while he wasn't as surprised by the range of security practices, Brian Wright, a cybersecurity researcher at Sandia and co-author of the article, said that some smaller companies being involved in deploying charging stations was surprising.
"I was a little shocked by the selection of some of the smaller companies getting deployed on a larger scale, emphasizing the need for smaller companies to consider cybersecurity events," Wright said. "A couple of insecure chargers is not a huge deal, but if you have a couple of insecure companies deploying nationally, it starts to become an issue."
To protect charging stations, the article lists a wide number of cybersecurity defense recommendations. These include improving user authentication on electric vehicle operator interfaces, building stronger encryption techniques, developing transport layer security technologies and removing external ports from electric vehicle system equipment hardware.
These recommendations protect against the wide range of different cybersecurity vulnerabilities identified in the article. Vulnerabilities can be in the equipment used in electric charging stations or the actual interfaces that customers interact with at the stations, according to the article.
For instance, customers could have their credit cards skimmed while using charging stations, data on customers could be extracted from equipment components or chargers could be disabled completely.
One example of EV chargers' potential vulnerabilities came this February when Russian charging stations were hacked using a backdoor in the chargers' control systems. Hackers disabled the chargers and programmed them to display pro-Ukrainian messages.
The potential impacts of charging station vulnerabilities being exploited range from corporate espionage to compromised payment data to damaged vehicle batteries. And these impacts become more significant as more privacy-sensitive systems look to electrify, Johnson said.
"As we're electrifying more of the [Federal Bureau of Investigation], law enforcement and other critical infrastructure fleets, it's become much more critical that the chargers are online, operational and secured," he said.
The U.S. deployed nearly 92,000 slow chargers and 22,000 fast chargers across the country in 2021, an International Energy Agency report shows — both numbers are increases over the previous year. A plan to develop electric charging stations for medium- and heavy-duty trucking fleets along Interstate 10, and several new charging stations in northern New Mexico funded by state grant money, are two examples of this EV charging growth in the Land of Enchantment.
This growth makes research into these stations' cyber vulnerabilities particularly important, Johnson said.
"There's a big push for public [direct current] fast-charging electric vehicle chargers," Johnson said. "Because of that there are renewed concerns, especially within the government, about these systems."
John Smart, acting program manager for the guidance, standards and requirements team in the U.S. Joint Office of Energy and Transportation, said that up to $7.5 billion dollars from the Bipartisan Infrastructure Law will go toward deploying charging infrastructure around the country. He said that ensuring this money is put toward developing safe charging stations is important.
"Our goal is to create a national charging network that is convenient, affordable, reliable and equitable," Smart added. "A big component of reliability is that the charging infrastructure is secure."
Sandia completed penetration testing on more than 10 electric vehicle chargers, Johnson said, as part of the article's research. The lab also conducted a survey on electric vehicle charging station providers.
The U.S. Department of Energy Vehicle Technologies Office and the Office of Cybersecurity, Energy Security and Emergency Response provided some of the money for Sandia's research, Wright said. The Department of Energy couldn't be reached for comment about the report by the time of publishing.
