Cybersecurity for Electric Vehicle Charging Infrastructure
As the U.S. electrifies the transportation sector, cyberattacks targeting vehicle charging could impact several critical infrastructure sectors including power systems, manufacturing, medical services, and agriculture. This is a growing area of concern as charging stations increase power delivery capabilities and must communicate to authorize charging, sequence the charging process, and manage load (grid operators, vehicles, OEM vendors, charging network operators, etc.). The research challenges are numerous and complicated because there are many end users, stakeholders, and software and equipment vendors interests involved. Poorly implemented electric vehicle supply equipment (EVSE), electric vehicle (EV), or grid operator communication systems could be a significant risk to EV adoption because the political, social, and financial impact of cyberattacks — or public perception of such — would ripple across the industry and produce lasting effects. Unfortunately, there is currently no comprehensive EVSE cybersecurity approach and limited best practices have been adopted by the EV/EVSE industry. There is an incomplete industry understanding of the attack surface, interconnected assets, and unsecured inter faces. Comprehensive cybersecurity recommendations founded on sound research are necessary to secure EV charging infrastructure. This project provided the power, security, and automotive industry with a strong technical basis for securing this infrastructure by developing threat models, determining technology gaps, and identifying or developing effective countermeasures. Specifically, the team created a cybersecurity threat model and performed a technical risk assessment of EVSE assets across multiple manufacturers and vendors, so that automotive, charging, and utility stakeholders could better protect customers, vehicles, and power systems in the face of new cyber threats.