Electric vehicles

A national EV charging network is coming. So are cybersecurity threats

The stations face familiar threats, like ransomware and account hacks
article cover

Francis Scialabba

· 5 min read

If all goes according to (President Biden’s) plan, the US will have 500,000 public electric vehicle charging stations by 2030, up from about 43,000 today. And millions more home charging ports are expected to be installed across the country, as the vast majority of EV drivers fuel up at home.

Most of these charging ports will have some form of connectivity. And with great connectivity comes great responsibility...to ensure no one is hacking into EV charging networks and holding them hostage, stealing payment data, or hijacking them to manipulate the power grid.

We spoke with EV charging companies and cybersecurity experts to understand the potential cyber risks that accompany these soon-to-be-rapidly-growing charging networks, and how companies are looking to protect their networks. The TL;DR: Charging networks and even individual at-home chargers are likely to face familiar security threats—ransomware attacks, data breaches—but they can also deploy familiar tools, like preexisting cybersecurity standards, to combat them.

Jeff Hutchins, chief information officer of EOS Linx, an EV charging company that also builds solar-powered digital kiosks at its charging stations, told us the end user and centralized charging networks are likely to be the key targets.

“Denial of service, and service attacks—that’s going to be No. 1. But No. 2 is going to be the account hack,” Hutchins said. “If you read the big news in the last five years or so, it’s been everybody [getting] a free monitoring service and a $14 check because they somehow got their accounts compromised. So you have to know that those are the things that are going to get gone after.”

Cybersecurity threats like denial-of-service attacks and account hacks are not at all unique to EV charging networks, but the fact that charging stations will soon be critical day-to-day infrastructure means the potential consequences of attacks are significant.

On the higher-stakes end, hackers could cause “serious impacts to the electric grid,” according to Tannaz Banisadre, chief operating officer of Shell–owned EV charging company Greenlots.

In late July, a UK–based cybersecurity firm called Pen Test Partners reviewed six home-charging networks, as well as some public charging networks, and found vulnerabilities that could potentially enable a bad actor to manipulate the power grid.

“Smart EV chargers were partly created to help stabilize the grid, by using car battery storage to balance power demand,” Ken Munro, founder of Pen Test Partners, told Emerging Tech Brew. “However, the security flaws we found create the opposite: Hackers taking control and switching large power loads synchronously by turning large numbers of chargers on and off. It doesn’t take much to tip a power grid over the edge at times of very high demand. Blackouts may result.”

Keep up with the innovative tech transforming business

Tech Brew informs business leaders about the latest innovations, automation advances, policy shifts and more to help them make smart decisions.

Munro added that “most of the issues we found have been fixed by the vendors we reported our findings to, but we’ve only looked at a small proportion of the various charger networks out there.”

And Ross Kinder, chief technology officer of identity-focused cybersecurity platform Nametag, told us that while he thinks it’s unlikely, this sort of grid manipulation could also theoretically be used by speculators to try and fix energy spot prices.

“You could have electric meters or battery chargers lie about how much energy they’re going to consume, and cause shifts in energy spot prices and things,” Kinder said. “Think, ‘What does the 2021 Enron look like?’ And maybe it looks something like that…[but] I think that’s not super likely to happen.”

On the lower-stakes end, a denial-of-service attack could shut down highway chargers along a major corridor, making life difficult for a driver who was banking on recharging while en route to their destination.

To protect against issues like this, some charging companies are proactively adopting existing cybersecurity standards, like constant monitoring for abnormalities, layering and abstracting data, and allowing for hacked pieces of the network to be isolated. Hutchins, for instance, said he followed many of the NERC-CIP best practices for EOS Linx, which are the standards used to protect bulk power systems in North America.

And Banisadre told us the EV charging industry is also working to define its own security protocols with groups like the Electric Power Research Institute (EPRI), Society of Automotive Engineers (SAE), ISO, and CharlN. She added that “cybersecurity of EV charging infrastructure will require collaboration across the entire ecosystem, including utilities, charging network operators, and automakers.”

There’s also a growing list of auto-focused cybersecurity providers—mostly based in the US and Israel—that aim to help charging companies, automakers, and other network operators keep their stations secure.

As Bloomberg Law notes, the beleaguered bipartisan infrastructure bill, which contains up to $7.5 billion in funding for public EV chargers, would require those who apply for funds to show proof of cybersecurity due diligence. But experts say stronger and broader standards and enforcement are still needed, with the Transportation Security Administration as a potential candidate to oversee things.

But, at least for now, the US has largely left EV charger security up to the markets.

Keep up with the innovative tech transforming business

Tech Brew informs business leaders about the latest innovations, automation advances, policy shifts and more to help them make smart decisions.