EVSE Cybersecurity and Resilience

Research output: NRELPresentation


Consequence-driven Cybersecurity Analysis for Extreme Fast Charging Electric Vehicle Infrastructure Electric vehicle (EV) development and associated charging infrastructure are expected to advance rapidly. Thirty percent of all global vehicle sales may be EVs and hybrid EVs by 2025, and they will rely on increasingly sophisticated strategies for grid integration. Next-generation EV charging infrastructure is expected to include interconnected renewable resources, such as photovoltaic (PV) arrays and battery storage systems, along with grid-edge devices. Although distributed energy resources (DERs) are useful in several ways, such as peak shaving at high demand times and backup supply for added resilience, the integration of vehicle charging and DERs could create more avenues for cyberattack. Physical and/or remote access to EV charging station components, including charge ports, power electronics, controllers, and local generation (e.g., PV and energy storage) could be paths to cause power fluctuations, leading to altered operations at the charging station, escalated privileges to administrative systems, exfiltration of financial information (including personally identifiable information), and reduced grid stability. One compromised EV supply equipment component can open the door to a variety of exploitable vulnerabilities. Cloud computing and mobile application control have the potential to expand the threat surface to non-repudiation and firmware integrity challenges. Vendor clouds have access to hundreds of chargers, and if compromised, can scale the attack surface exponentially. The high power and voltage levels of xFC infrastructure (e.g., 400 kW at 1000- V DC) increase the hazards and ability to impact the grid and vehicles more than lower-power charging systems. Legacy communications systems and protocols could also put EV infrastructure at risk of cyberattacks requiring a robust patch management process. Communications networks link EVs and chargers to several stakeholders - including charging station operators, grid operators, vendors/manufacturers, and aggregators - who have both physical and network access to share information for control, monitoring, and analytics. Information in these networks that is vulnerable to compromise includes the state of charge, charging duration, payment information, electricity price, and load control. Analyzing and prioritizing these interconnections risks could help address cybersecurity related to data leakage and manipulation.
Original languageAmerican English
Number of pages11
StatePublished - 2022

Publication series

NamePresented at the CEATI Distribution Conference, 4-5 October 2022

NREL Publication Number

  • NREL/PR-5R00-83767


  • charging
  • distributed energy resources
  • EVSE cybersecurity
  • reference architecture


Dive into the research topics of 'EVSE Cybersecurity and Resilience'. Together they form a unique fingerprint.

Cite this