The Power Grid Must Be Protected, But Are EV Charging Stations Secure?

GIUSEPPE SERIO

VP Market Development

February 23, 2023

The widespread adoption of electric vehicles (EVs) depends on a robust and reliable network of charging stations. However, as the number of EVs on the road increases, so does the scale and potential impact of attacking the charging infrastructure for utilizing it to cause public disruptions. 

In April 2022, researchers from the University of Oxford and Armasuisse S+T disclosed a new technique known as “Brokenwire”, which could potentially disrupt the ability to charge EVs on a large scale. The researchers revealed details of a new attack technique against the popular Combined Charging System (CCS) that could potentially disrupt the ability to charge electric vehicles at scale. The method interferes with the control communications that transpire between the vehicle and charger to wirelessly abort the charging sessions from a distance of as far as 47m (151ft). The attack works by disrupting the charging process of a targeted vehicle by transmitting harmful wireless signals. Specifically, this attack aims to interfere with the communication between the charger and the vehicle’s Combined Charging System DC rapid charging technology. As a result, the charging process is hindered and the vehicle may not be able to charge properly. The researchers explained that while it may only be an inconvenience for individuals, interrupting the charging process of critical vehicles, such as electric ambulances, could have life-threatening consequences. The researchers added that Brokenwire had immediate implications for many of the over 16.5 million EVs estimated to be on the roads worldwide — and profound effects on the new wave of electrification for vehicle fleets, both for private enterprise and for crucial public services.

 

Could Electric vehicle (EV) charging stations be used to interrupt the electric grid?

Electric vehicle charging stations may seem like harmless pieces of infrastructure, but when they are networked, they can become a potential tool for attackers to destabilize the local power grid. A single EV charging station alone cannot carry that great impact, but a network of charging stations can be weaponized by an attacker, drawing more power than the grid allotted them and causing instability in the form of fluctuations.

In one attack scenario, an adversary would utilize a large number of compromised EV charging stations to launch synchronized charging operations simultaneously. The objective is to destabilize the grid through a sudden increase in charging demands, which can lead to cascading failure and a drop in the system’s frequency.

Another attack scenario involves the reversal of electric flow back to the grid by discharging a large number of connected EVs through compromised EV charging stations. The Vehicle-to-Grid (V2G) technology that enables this feature is intended to support the grid when power is required, but attackers could exploit it. In this instance, synchronizing large-scale discharging operations destabilizes the power grid by causing a sudden growth in electric supply, disrupting the grid’s power demand/supply balance.

Lastly, an attacker could combine the two attack scenarios by alternating charging and discharging operations within a short period. Such an attack could cause sudden and switching frequency disturbances, leading to cascading failures. Here the grid doesn’t restore its frequency to normal, which may result in significant implications for continued operations and the restoration of power overall,

Given the potential risks, it is important for EV charging network operators and government agencies to take steps to safeguard against attacks and ensure the security of the electrical grid. This could include measures such as increased monitoring and control of charging stations, as well as the use of advanced cybersecurity technologies to prevent unauthorized access to the charging network. By taking these steps, it may be possible to minimize the risk of an attack and ensure that the benefits of EV charging stations are not outweighed by their potential downsides.

 

The entire EV ecosystem needs to adopt a proactive approach in protecting charging infrastructure

There are several entry points that can be used to access an electric vehicle (EV) charger and potentially be hack it and impact the grid:

  • Physical tampering: An attacker could physically tamper with the charger in order to gain unauthorized access to its systems or to manipulate its functionality.
  • Network vulnerabilities: If the charger is connected to a network, an attacker could potentially exploit vulnerabilities in the network to gain access to the charger.
  • Malware: An attacker could potentially introduce malware into the charger’s systems in order to gain access or manipulate its functionality.
  • Unsecured communications: If the charger uses unsecured communication protocols or does not have strong authentication and authorization controls, an attacker could potentially intercept the communications and gain access to the charger.
  • Charging network management system (CNMS): An attacker could gain access to a compromised CNMS could potentially use it as a foothold to launch a more significant attack on the electric grid.

 

To prevent these types of attacks, it is important for OEMs, EV charging station manufacturers and operators to implement robust EV charging-specific security measures to protect against unauthorized access and tampering. This includes using monitoring and detection to recognize anomalies that indicate threats, using secure communication protocols, implementing strong authentication and authorization controls, and regularly updating and patching the charger’s software to fix any vulnerabilities or security issues that are discovered.

Newsletter Icon

Upstream’s 2024 Global Automotive Cybersecurity Report

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Upstream Participates in TISAX, Accelerating Customer Onboarding & Ensuring Data Protection

In the fast-evolving landscape of the automotive industry, ensuring robust information security practices is paramount. Recognizing the significance of TISAX, the Trusted Information Security Assessment…

Read more

Revving Up Safety: UN Regulation R155 Now Covers Motorcycles

On Jan. 26, the UNECE decided to include motorcycles, scooters, and electric bicycles in the scope of UNECE WP.29 R155. With this move, the UNECE…

Read more

NIS2 Directive’s Impact on the Smart Mobility Ecosystem

The NIS2 Directive, expected to become mandatory in October 2024, aims to significantly enhance the cybersecurity framework within the European Union. It broadens the scope…

Read more

CEO View: Yoav Levy on Future of Automotive Cybersecurity

DLD 2024 (Digital-Life-Design) is a world-renowned innovation conference, that provides a platform for people eager to change the world in the digital era. Yoav Levy,…

Read more