Welcome to the new Energy Central — same great community, now with a smoother experience. To login, use your Energy Central email and reset your password.

A Hacker Target – Cyberattacks on EV Charging Systems

In a recently-released report by Sandia National Laboratories, some disturbing vulnerabilities were found in vehicle charging infrastructure. As many more EVs arrive on the roads and charging points are rolled out nationwide, these issues need to be addressed.

Electric vehicle charging infrastructure has a number of weak spots, ranging from criminals stealing credit card information in the same way as at conventional gas stations or ATMs, to more sophisticated hackers infiltrating cloud servers to seize control of an entire electric vehicle charger network.

Sandia researchers are collaborating with experts from Argonne, Idaho and Pacific Northwest national laboratories; the National Renewable Energy Laboratory; and others to create a national security laboratories framework to resist these cyber attacks.

“With electric vehicles becoming more common, the risks and hazards of a cyber-attack on electric vehicle charging equipment and systems also increases,” says Jay Johnson, an electrical engineer at Sandia National Laboratories . He has been studying the vulnerabilities of electric vehicle charging infrastructure for the past four years.

The team found many instances of insecure charger USB, Wi-Fi, or Ethernet maintenance ports, allowing hackers entry to reconfigure the system. This access could allow malicious actors to move from one charger to the whole charger network via the cloud.

In the paper, the team proposed several upgrades and changes that would make the nation's electric vehicle charging infrastructure less open to cyber-attack.

These proposed improvements include strengthening electric vehicle owner authentication and authorization such as using the well-tested public key infrastructure for charging stations. The report also recommended removing unused charger access ports and services and adding alarms or alerts to notify charger owners when changes are made to the charger, for example, if the charger cabinet is opened. For the discovered cloud vulnerabilities, Sandia recommended adding intrusion detection systems and code-signing firmware updates to ensure that an update is authentic and unmodified before being installed.

Sandia has published its guidelines for best-practices in the charging industry. Click here to download.