Evaluation Framework for Electric Vehicle Security Risk Assessment

Electric Vehicles (EVs) seem promising for future transportation to solve environmental concerns and energy management problems. According to Reuters, global car makers plan to invest over half a billion in more efficient and intelligent EVs and batteries. However, there are several challenges in EV mass production, including cybersecurity. Due to the cyber-physical nature of EVs and charging stations, their security and trustworthiness are ongoing challenges. In this study, we identify gaps in the security profiling of EVs and categorize them into five components: 1) charging station security, 2) information privacy, 3) software security, 4) connected vehicle security, and 5) autonomous driving security. Our study provides a comprehensive analysis of identified vulnerabilities, threats, challenges and attacks for different EV security aspects, along with their possible surface/subsurface and countermeasures. We develop a comprehensive security risk assessment framework by first using EV security profiles and mapping identified vulnerabilities to a well-known threat model, STRIDE. Then, we classify the risk levels associated with each vulnerability by setting ground criteria for the impact and likelihood of the threats. Finally, we validate our risk assessment framework by applying the same criteria to eight real-world EV attack scenarios. As a result, researchers can adapt the proposed risk assessment framework to discover threats and assess their risks in EVs and charging station ecosystems.