"Are We Building Cyber Vulnerability Into EV Charging Infrastructure?"

Electric Vehicle (EV) charging stations are vulnerable to hacks, potentially disrupting the grid or resulting in the theft of users' personal information. The consequences could be severe in the absence of significant technological upgrades, regulations, and standards. A recent Sandia National Laboratories (SNL) study detailed potential problems that echo similar concerns raised by other academic researchers. According to Sandia's research, hackers could gain access to charging stations and overload the grid, or they could shut down a station by convincing it that it has drawn all the energy it requires. Yet, with EV companies rushing to expand their vehicle and charging options as part of a nationwide push to electrify transportation, observers say cybersecurity is not getting the attention it needs. According to Kayne McGladrey, field CSO at the security software company Hyperproof and a senior member of the Institute of Electrical and Electronics Engineers, companies are incentivized to be first to market, not necessarily the most secure to market. Since security costs money and takes time and resources, it naturally becomes a lower priority. Researchers have already demonstrated that EVs are vulnerable to attack, but the cybersecurity of charging infrastructure has largely gone unnoticed until recently. At a White House forum hosted by the Office of the National Cyber Director, government and EV industry leaders agreed to collaborate to assess current cybersecurity standards associated with EVs, what else is needed to keep the ecosystem safe, and the state of research and development in this area. According to a White House readout of the meeting, participants also pledged to collaborate and identify opportunities for harmonization. The Michigan Department of Transportation (MDOT) stated in its August 2022 state plan for EV infrastructure deployment that risks continue to intensify as technology advances, but it places the onus on its third-party vendors to be responsible for cybersecurity. MDOT stated that it would update its procurement process to meet cybersecurity and privacy standards. McGladrey urged companies to invest more in upgrading their hardware and software, and conducting regular penetration tests to improve the cybersecurity of EV charging infrastructure. Too much infrastructure currently relies on wireless networks that connect to the Internet and deliver over-the-air updates, thus calling for a more secure alternative. This article continues to discuss EV charging infrastructure cybersecurity risks. 

GCN reports "Are We Building Cyber Vulnerability Into EV Charging Infrastructure?"