EV Charging Threats, Cybersecurity & The EV Charging SystemMarch 5, 2019
A Market Growing Faster than EVs
It’s no surprise that the growth of the EV charging ecosystem will outpace the growth of plug-in battery electric vehicles (BEVs). Range anxiety is one of the primary fears of potential EV owners and therefore the ubiquitous deployment of EV charging stations—and all of their supporting infrastructure—is critical for mainstream adoption of electronic vehicles. But the element of EV charging threats must also be taken into account if there is to be a safe and steady adoption of electric vehicles by a broader set of drivers.
In a fast developing market like EV charging, cybersecurity is often underestimated by vendors that have limited knowledge of cyber threats in general, and EV charging threats; specifically, the gaps between technical silos that are open for exploitation by criminals. With heavy investments and incentives from governments and the private sector, the number of both public and private charging stations is set to grow drastically in the coming years, as the EV infrastructure market grows from $3.22 billion in 2017 to $140 billion in 2029, at a CAGR of 36.94 %.
A Shift from Home Charging to Commercial Charging
As EVs become mainstream, they will be increasingly affordable—and purchased—by middle- and lower-class households. Unlike the early adopters of EVs, these EV owners will live in more dense urban environments, including multi-dwelling units (MDUs), and they will lack the space required for personal, home charging devices. As such, EV charging will begin to shift from home charging to commercial public charging on streets and in parking garages. In markets, such as China. where individual homes are less common or even rare, public charging stations already serve as the primary form of EV charging.
Electric Charging Complexities, Risks & EV Charging Threats
Home charging with Level 1 and Level 2 EV charging systems is relatively straightforward. Most risks associated with home charging focus on the necessity of purchasing a solution that has received safety approval from a nationally recognized testing laboratory such as Intertek (ETL mark) or Underwriter’s Laboratory (UL mark). The electricity for the EV is added to the monthly invoice from the local electric company and apps are available to schedule for overnight charging during low-cost hours.
Commercial public charging with Level 2 and 3 EV charging systems is much more complex as commercial systems are supported by a variety of billing, charging and transactional processes. The higher cost of fast charging EV systems provided by Level 2 and Level 3 chargers can be offset by enabling property owners, businesses and municipalities to offer public usage with a variety of pricing and access schemes:
- Flexible pricing charged by time-of-day, charge duration, kWh or any combination thereof. Different rates can apply for different drivers or groups of drivers at different times of the day.
- Access control that enables employees, customers or residents to charge their cars through a third-party service, eliminating the accounting overhead
- Waiting lists that are automatically managed through custom phone apps that let drivers reserve a charging time, notifies drivers when a station becomes available, maintains the “reservation” until the driver arrives, and invoices the driver’s account after recharging.
As the electric charging station market develops, the EV charging ecosystem includes a variety of businesses and service providers (not including the power suppliers to the grid):
E-mobility Service Providers (EMSPs or EMPs) offer EV charging services to EV drivers and enable access to a variety of charging points around a geographic area. EMSPs help EV drivers locate charging stations and pay for charging. EMSPs may direct drivers to their own charging stations or to stations owned by others.
Charge Point Operators (CPOs) operate and maintain a collection of charging points and connect smart charging devices to EMSPs. Charge Point Operators may own the infrastructure, merely provide connection to EMSPs, or sometimes own infrastructure as well as provide access to other charge owners.
While some companies focus on specific areas of the ecosystem, such as owning the charging stations, others may perform multiple services such as EMSPs that provide services for locating a charging station, manage the payment, and actually own the EV charging stations.
ChargePoint operates more than 60,000 total charging spots and more than 1,000 Express DC fast spots (Level 3 charging stations). In addition to operation, the company designs, builds, and supports all of their network’s technology, from charging station hardware to energy management software to the mobile app. They sell and lease a large variety of solutions for home users, high-density residences, parking lot operators, vehicle fleets, workplaces, and more. They offer programs that help monetize the charging stations as well as offer charging-as-a-service.
Protocols and Standards
In addition to proprietary solutions, several vendors are working to create standard protocols for interoperability between various vendors that supply the charging infrastructure.
For example, in 2018, ElaadNL, the smart charging infrastructure lab founded by Dutch grid operators developed the IOTA Tangle Distributed Ledger Technology (DLT), an open-source protocol facilitating novel Machine-to-Machine (M2M) interactions, including secure data transfer, fee-less real-time micropayments. The solution eliminated the need for a back-office or communication protocol for operating the charging station. All transactions are exchanged directly without the use of a charge card or subscription.
Cyber Threats in the EV Charging Ecosystem
The commercial public EV charging ecosystems face numerous potential cyber and EV charging threats like other networked systems, such as corporate networks, mobile phones or connected vehicles. DDoS attacks, ransomware, trojan viruses, OTA file updates and app vulnerabilities that can be used for the theft of personal and financial data or the theft and hijacking of goods—such as electricity or electric vehicles.
Whether performed by criminals, disgruntled employees or hackers, there are many potential soft targets for initiating cyberattacks, including:
- EV charging system hardware or physical interfaces (including publicly accessible USB ports)
- EV charging system software
- Apps for locating charging stations and paying for services
- Wireless communication links
- Physical communication links
GuardKnox Cybersecurity for EV Charging Threats
GuardKnox’s solutions offer comprehensive cybersecurity protection against any type of known and unknown cyberattack including EV charging threats specific to electric vehicles. With a full software stack and hardware architecture that adhere to the most stringent security (ISO 15408) and safety (ISO 26262) standards, GuardKnox solutions provide holistic automotive cybersecurity that be used across the EV charging ecosystem, including:
- Physical interfaces connecting vehicles to charging stations
- Physical interfaces connecting charging stations to the local electrical utility
- Wireless or physical communication links connecting charging stations to billing systems
- Wireless or physical communication links connecting charging stations to metering systems
GuardKnox’s patented three-layer Communication Lockdown™ methodology deterministically verifies communications between each element of the EV charging ecosystem. Examining all messages on the routing layer, the content layer and the contextual layer, GuardKnox permits only allowed “legal” communication while dropping all unauthorized or improper communication.
This ensures that EV charging systems and other elements of the ecosystem continue to operate only as specified by the manufacturer, without the need for constant updates or configuration. This makes GuardKnox uniquely ideal for installation in millions of devices dispersed over wide geographic areas, including electronic vehicles of all types (i.e., cars, trucks, motorcycles and buses) and numerous elements of the EV charging ecosystem.
To learn more about securing the EV market, read our blog on Vehicle-to-Grid (V2G) communications.