The Power Grid Must Be Protected, But Are EV Charging Stations Secure?

GIUSEPPE SERIO

VP Market Development

February 23, 2023

The widespread adoption of electric vehicles (EVs) depends on a robust and reliable network of charging stations. However, as the number of EVs on the road increases, so does the scale and potential impact of attacking the charging infrastructure for utilizing it to cause public disruptions. 

In April 2022, researchers from the University of Oxford and Armasuisse S+T disclosed a new technique known as “Brokenwire”, which could potentially disrupt the ability to charge EVs on a large scale. The researchers revealed details of a new attack technique against the popular Combined Charging System (CCS) that could potentially disrupt the ability to charge electric vehicles at scale. The method interferes with the control communications that transpire between the vehicle and charger to wirelessly abort the charging sessions from a distance of as far as 47m (151ft). The attack works by disrupting the charging process of a targeted vehicle by transmitting harmful wireless signals. Specifically, this attack aims to interfere with the communication between the charger and the vehicle’s Combined Charging System DC rapid charging technology. As a result, the charging process is hindered and the vehicle may not be able to charge properly. The researchers explained that while it may only be an inconvenience for individuals, interrupting the charging process of critical vehicles, such as electric ambulances, could have life-threatening consequences. The researchers added that Brokenwire had immediate implications for many of the over 16.5 million EVs estimated to be on the roads worldwide — and profound effects on the new wave of electrification for vehicle fleets, both for private enterprise and for crucial public services.

 

Could Electric vehicle (EV) charging stations be used to interrupt the electric grid?

Electric vehicle charging stations may seem like harmless pieces of infrastructure, but when they are networked, they can become a potential tool for attackers to destabilize the local power grid. A single EV charging station alone cannot carry that great impact, but a network of charging stations can be weaponized by an attacker, drawing more power than the grid allotted them and causing instability in the form of fluctuations.

In one attack scenario, an adversary would utilize a large number of compromised EV charging stations to launch synchronized charging operations simultaneously. The objective is to destabilize the grid through a sudden increase in charging demands, which can lead to cascading failure and a drop in the system’s frequency.

Another attack scenario involves the reversal of electric flow back to the grid by discharging a large number of connected EVs through compromised EV charging stations. The Vehicle-to-Grid (V2G) technology that enables this feature is intended to support the grid when power is required, but attackers could exploit it. In this instance, synchronizing large-scale discharging operations destabilizes the power grid by causing a sudden growth in electric supply, disrupting the grid’s power demand/supply balance.

Lastly, an attacker could combine the two attack scenarios by alternating charging and discharging operations within a short period. Such an attack could cause sudden and switching frequency disturbances, leading to cascading failures. Here the grid doesn’t restore its frequency to normal, which may result in significant implications for continued operations and the restoration of power overall,

Given the potential risks, it is important for EV charging network operators and government agencies to take steps to safeguard against attacks and ensure the security of the electrical grid. This could include measures such as increased monitoring and control of charging stations, as well as the use of advanced cybersecurity technologies to prevent unauthorized access to the charging network. By taking these steps, it may be possible to minimize the risk of an attack and ensure that the benefits of EV charging stations are not outweighed by their potential downsides.

 

The entire EV ecosystem needs to adopt a proactive approach in protecting charging infrastructure

There are several entry points that can be used to access an electric vehicle (EV) charger and potentially be hack it and impact the grid:

  • Physical tampering: An attacker could physically tamper with the charger in order to gain unauthorized access to its systems or to manipulate its functionality.
  • Network vulnerabilities: If the charger is connected to a network, an attacker could potentially exploit vulnerabilities in the network to gain access to the charger.
  • Malware: An attacker could potentially introduce malware into the charger’s systems in order to gain access or manipulate its functionality.
  • Unsecured communications: If the charger uses unsecured communication protocols or does not have strong authentication and authorization controls, an attacker could potentially intercept the communications and gain access to the charger.
  • Charging network management system (CNMS): An attacker could gain access to a compromised CNMS could potentially use it as a foothold to launch a more significant attack on the electric grid.

 

To prevent these types of attacks, it is important for OEMs, EV charging station manufacturers and operators to implement robust EV charging-specific security measures to protect against unauthorized access and tampering. This includes using monitoring and detection to recognize anomalies that indicate threats, using secure communication protocols, implementing strong authentication and authorization controls, and regularly updating and patching the charger’s software to fix any vulnerabilities or security issues that are discovered.

Newsletter Icon

Upstream’s 2024 Global Automotive Cybersecurity Report

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Mike Lexa Joins Upstream Security Advisory Board to Accelerate Cybersecurity Resilience in the Automotive & Mobility IoT Sector

The mobility ecosystem is experiencing a profound digital transformation. The increasing reliance on mobility services and Internet of Things (IoT) devices is not just reshaping…

Read more

7 Key Financial Implications of Automotive Cybersecurity Risks

In June 2023, a leading Taiwan-based semiconductor manufacturer disclosed a cybersecurity incident involving a ransomware group and one of its IT hardware suppliers, which led…

Read more

Newly Discovered IoT Vulnerabilities in ELDs Raise Risk for Fleet-Wide Attacks

In late March 2024, The Register published a unique coverage, describing multiple new vulnerabilities and elaborating on the cyber risks in ELDs (electronic logging devices)…

Read more

Navigating the Evolving Automotive Cybersecurity Regulatory Landscape

The automotive industry’s digital transformation has ushered in an era of unprecedented connectivity and technological advancement. Yet, it is also exposing mobility assets to a…

Read more