According to recent reports, EV chargers are vulnerable to hacking, raising concerns among cybersecurity experts. While many in the EV charging field support online connectivity for reasons such as remote diagnostics and user information, being connected to the internet also opens up the possibility of being hacked.
Several incidents of hackers compromising public chargers have been reported, resulting in the display of offensive messages on the user interfaces. A video posted by YouTube channel The Kilowatts showcased how an Electrify America station’s operating system could be manipulated.
Although the pranks played by EVSE hackers have been relatively harmless so far, experts warn of the potential for more serious consequences. Cybersecurity researchers have identified numerous security vulnerabilities in chargers. Some studies have outlined severe vulnerabilities in charger systems, including issues with charger security and critical security flaws.
If hackers gain unauthorized access to chargers, they could potentially access vehicle data, consumer credit card information, or even stop or start charging processes. The scale of the problem is significant, as compromising thousands or millions of chargers simultaneously could potentially disrupt an entire electrical grid.
Experts advise against connecting home chargers to the internet to mitigate security risks. However, public chargers require online connectivity for payment handling and reliability purposes. Thus, EVSE manufacturers and charge point operators need to enhance their security measures.
Charge point operators have shown responsiveness by addressing vulnerabilities promptly upon identification. However, more coordination is necessary, and regulation is lacking in this area. Although cybersecurity measures have been included in the 2021 Bipartisan Infrastructure Law, experts argue that they do not meet the required standards. The Federal Highway Administration has implemented a rule mandating states to adopt cybersecurity strategies for chargers funded under the law. Nevertheless, critics argue that the requirements are vague and lack specificity.
To address these issues, the National Institute of Standards and Technology is developing a framework for fast charging, which is intended to guide future regulation. Experts suggest that adopting regulations similar to those in the 2022 Protecting and Transforming Cyber Health Care Act could improve baseline security standards for EVSE.
While the EV charging industry presents numerous opportunities for growth, it also poses security risks. Increased collaboration between regulators, standards bodies, and industry stakeholders is crucial to ensure the development of robust cybersecurity measures that can stay ahead of potential threats.