Researchers find new electric vehicle chargers have significant cybersecurity issues
Billions of dollars are now being pumped into electric vehicle infrastructure across the nation to address climate change and curb dependence on fossil fuels.
New research from Sandia National Laboratories finds some of these new electric vehicle chargers have significant cybersecurity issues. Their research is published in the journal Energies.
Newly installed electric vehicle chargers can fall prey to credit card skimmers, which steal personal card information, and can be exploited by hackers who could hijack entire EV networks.
“Well, you can imagine that anybody with a bright-colored worker vest or something like that could pop one of these things open and not be questioned,” said Jay Johnson, a cybersecurity researcher with Sandia.
His team looked at all types of chargers ranging from traditional AC to DC fast chargers and even extreme fast chargers. All of them had security flaws.
Johnson said the scale of tackling this challenge is enormous, with larger implications for the electric grid itself in 10 to 15 years when EV infrastructure is more commonplace.
The departments of Transportation and Energy are developing EV rules and regulations that all states must follow. That will require states to create cybersecurity plans for EV infrastructure.
That, he said, is worrisome because cybersecurity could look different depending on each state and its needs, fracturing security requirements and potentially endangering the electric grid.
Sandia researchers are working with experts from Argonne, Idaho and Pacific Northwest national laboratories; the National Renewable Energy Laboratory; and others as a national security laboratories team. They have proposed strengthening electric vehicle owner authentication and authorization and removing unused charger access ports and services. They also recommend adding alarms or alerts when changes are made to a charger. For the cloud, they suggest intrusion detection systems and firmware updates.