EV-111-2022: Security threat analysis for EV charging infrastructure [DRAFT]

This document provides a threat analysis for electrical vehicle charging infrastructure. It analyzes information assets, access control policies and threats to derive security objectives for the infrastructure and its operational environment.

Electric vehicle charging is quickly becoming an essential service to our society. As we are transitioning to electric vehicles, more and more people will rely on charging for their mobility. If the charging infrastructure is not working, people cannot use their cars. So, cyber-attacks on the infrastructure can lead to major societal damage.

Moreover, the EV charging infrastructure could be used to attack the power grid. Large charge point operators (CPOs) remotely control hundreds of thousands of charging stations throughout Europe. If attackers gain control of a CPO’s infrastructure, they could switch the power of the connected charging stations on and off. The switching could also cause grid imbalances in the supply and demand for electricity. If these imbalances are large enough, they could lead to severe power outages.

Making sure the EV charging infrastructure is secure is, hence, critical. This document analyzes the threats to these systems and defines security objectives to counter these threats. Objectives are defined for both the EV charging infrastructure itself and for the environment in which it operates.