Scientists from Sandia and other US National Laboratories “recently published a summary of known electric vehicle charger vulnerabilities in the scientific journal Energies.” The vulnerabilities range from payment card skimming to taking control of an EV charger network. The paper includes proposed fixes and changes to the EV charging infrastructure.
Note
- Remember that even the systems controlling good old gas pumps are still vulnerable. Why would anybody expect that companies will learn from old mistakes and do things “right” if they work faster and cheaper done vulnerable.
- This pretty much reads like early studies of the lack of security being built into Internet of Things. The good news is that funding to improve cybersecurity and safety overall of EV charging systems is included in the National Electric Vehicle Infrastructure Formula Program under the US Federal Highway Administration.
- While many of us consider the risk or EV charging from the perspective of load on the grid or power where the owner has the car parked, this report focuses on the technology behind that charging. Skim the paper to get a sense of all the technologies involved in EV charging. As such, the researchers were able to use low power SDR to interrupt the car charging, use RFID cloning to allow charging on someone else’s account, let alone exploiting insecure web interfaces discovered. This feels like the familiar story of time to market and cost to deliver versus security. The fixes aren’t unsurprising including securing access to physical ports, using proper encryption, removing unneeded services and keeping components updated. It is hoped that standards and best practices emerge from ongoing research between the Sandia, Idaho and Pacific Northwest National Labs. You may want to take a pause and reflect to see if you have projects which could benefit from increased attention to cyber hygiene.
- Cybersecurity has been both a board and executive leadership team focus area for several years. Any new product that is internet connected, has to be reviewed for security vulnerabilities prior to release; it’s part of the development cycle and factors into the risk management process. Cybersecurity best practices exist today—use them.
Read more in
