TY - GEN
T1 - EVSE Cybersecurity and Resilience
AU - Sanghvi, Anuj
PY - 2022
Y1 - 2022
N2 - Consequence-driven Cybersecurity Analysis for Extreme Fast Charging Electric Vehicle Infrastructure Electric vehicle (EV) development and associated charging infrastructure are expected to advance rapidly. Thirty percent of all global vehicle sales may be EVs and hybrid EVs by 2025, and they will rely on increasingly sophisticated strategies for grid integration. Next-generation EV charging infrastructure is expected to include interconnected renewable resources, such as photovoltaic (PV) arrays and battery storage systems, along with grid-edge devices. Although distributed energy resources (DERs) are useful in several ways, such as peak shaving at high demand times and backup supply for added resilience, the integration of vehicle charging and DERs could create more avenues for cyberattack. Physical and/or remote access to EV charging station components, including charge ports, power electronics, controllers, and local generation (e.g., PV and energy storage) could be paths to cause power fluctuations, leading to altered operations at the charging station, escalated privileges to administrative systems, exfiltration of financial information (including personally identifiable information), and reduced grid stability. One compromised EV supply equipment component can open the door to a variety of exploitable vulnerabilities. Cloud computing and mobile application control have the potential to expand the threat surface to non-repudiation and firmware integrity challenges. Vendor clouds have access to hundreds of chargers, and if compromised, can scale the attack surface exponentially. The high power and voltage levels of xFC infrastructure (e.g., 400 kW at 1000- V DC) increase the hazards and ability to impact the grid and vehicles more than lower-power charging systems. Legacy communications systems and protocols could also put EV infrastructure at risk of cyberattacks requiring a robust patch management process. Communications networks link EVs and chargers to several stakeholders - including charging station operators, grid operators, vendors/manufacturers, and aggregators - who have both physical and network access to share information for control, monitoring, and analytics. Information in these networks that is vulnerable to compromise includes the state of charge, charging duration, payment information, electricity price, and load control. Analyzing and prioritizing these interconnections risks could help address cybersecurity related to data leakage and manipulation.
AB - Consequence-driven Cybersecurity Analysis for Extreme Fast Charging Electric Vehicle Infrastructure Electric vehicle (EV) development and associated charging infrastructure are expected to advance rapidly. Thirty percent of all global vehicle sales may be EVs and hybrid EVs by 2025, and they will rely on increasingly sophisticated strategies for grid integration. Next-generation EV charging infrastructure is expected to include interconnected renewable resources, such as photovoltaic (PV) arrays and battery storage systems, along with grid-edge devices. Although distributed energy resources (DERs) are useful in several ways, such as peak shaving at high demand times and backup supply for added resilience, the integration of vehicle charging and DERs could create more avenues for cyberattack. Physical and/or remote access to EV charging station components, including charge ports, power electronics, controllers, and local generation (e.g., PV and energy storage) could be paths to cause power fluctuations, leading to altered operations at the charging station, escalated privileges to administrative systems, exfiltration of financial information (including personally identifiable information), and reduced grid stability. One compromised EV supply equipment component can open the door to a variety of exploitable vulnerabilities. Cloud computing and mobile application control have the potential to expand the threat surface to non-repudiation and firmware integrity challenges. Vendor clouds have access to hundreds of chargers, and if compromised, can scale the attack surface exponentially. The high power and voltage levels of xFC infrastructure (e.g., 400 kW at 1000- V DC) increase the hazards and ability to impact the grid and vehicles more than lower-power charging systems. Legacy communications systems and protocols could also put EV infrastructure at risk of cyberattacks requiring a robust patch management process. Communications networks link EVs and chargers to several stakeholders - including charging station operators, grid operators, vendors/manufacturers, and aggregators - who have both physical and network access to share information for control, monitoring, and analytics. Information in these networks that is vulnerable to compromise includes the state of charge, charging duration, payment information, electricity price, and load control. Analyzing and prioritizing these interconnections risks could help address cybersecurity related to data leakage and manipulation.
KW - charging
KW - distributed energy resources
KW - EVSE cybersecurity
KW - reference architecture
M3 - Presentation
T3 - Presented at the CEATI Distribution Conference, 4-5 October 2022
ER -