Charging Ahead with Caution: The Hidden Risks to EV Infrastructure

Author: Denis Avetisyan

A new study demonstrates how sophisticated cyberattacks could compromise electric vehicle charging networks, highlighting the need for robust security measures.

Researchers present PHANTOM, a physics-aware framework for simulating adversarial attacks against federated learning-coordinated electric vehicle charging management systems.

While increasingly reliant on data-driven control, the resilience of modern power grids remains vulnerable to sophisticated cyberattacks. This paper introduces ‘PHANTOM: Physics-Aware Adversarial Attacks against Federated Learning-Coordinated EV Charging Management System’, a novel framework for simulating stealthy false data injection attacks targeting federated learning-enabled electric vehicle charging station management. Results demonstrate that learned attack policies can induce cascading voltage instabilities across transmission and distribution networks, bypassing conventional detection mechanisms. How can we proactively integrate physics-informed cybersecurity measures to safeguard large-scale vehicle-grid integration from these emerging threats?

The Expanding Attack Surface of Electric Mobility

The expanding reliance on electric vehicles necessitates a robust and secure charging infrastructure, but this very infrastructure presents a novel attack surface for malicious actors. Unlike traditional, centralized power systems, EV charging is highly distributed, with countless charging stations acting as potential entry points. Compromising these stations, or the communication networks connecting them, could allow attackers to manipulate charging loads, introduce false data into grid management systems, and ultimately destabilize the power grid. This vulnerability isn’t merely theoretical; the increasing interconnectedness of EV charging with the broader energy ecosystem creates tangible risks to grid stability and the reliable delivery of electricity, potentially hindering the widespread adoption of electric vehicles if not proactively addressed.

Conventional grid management systems, designed for centralized power generation, face significant challenges accommodating the influx of distributed energy resources like electric vehicle (EV) charging stations. These systems rely on accurate data from various points to maintain stability, but the sheer volume and variability of EV charging – influenced by driver behavior, charging speeds, and station availability – create a complex and rapidly changing data landscape. This complexity introduces vulnerabilities to false data injection attacks, where malicious actors manipulate reported charging loads or grid conditions. By feeding inaccurate information, attackers can disrupt real-time monitoring, overload circuits, or even trigger cascading failures across the grid, potentially leading to widespread blackouts and eroding public trust in the reliability of electric vehicle infrastructure.

The increasing reliance on electric vehicle charging introduces a novel risk: the potential for malicious cyberattacks to trigger cascading failures within the power grid. Unlike traditional, centralized power systems, EV charging represents a highly distributed load, making the network more susceptible to disruption through compromised data. A successful attack – such as the injection of false charging demands or grid status information – could overwhelm system safeguards, initiating a chain reaction of outages that spreads rapidly across connected infrastructure. Such widespread and unexpected disruptions not only inconvenience drivers but, critically, erode public trust in the reliability of electric vehicles and the stability of the supporting energy infrastructure, potentially hindering the widespread adoption necessary to meet climate goals.

Physics-Informed Modeling: A Foundation for Resilience

Accurate power system modeling is fundamental to both optimizing performance and ensuring operational security. Power systems are characterized by non-linear, time-varying interactions between generation, transmission, and load; therefore, models must represent these complex dependencies to facilitate reliable analysis. Optimization relies on precise models to minimize costs, reduce losses, and maximize efficiency in areas like unit commitment and economic dispatch. Security analysis, including contingency analysis and stability assessment, demands accurate representations of system behavior under both normal and stressed conditions to prevent cascading failures and maintain grid reliability. The accuracy of these models directly impacts the effectiveness of control strategies and the ability to predict system responses to disturbances, necessitating continuous refinement and validation against real-world data.

LSTM-PINN leverages the complementary capabilities of Long Short-Term Memory (LSTM) networks and Physics-Informed Neural Networks (PINNs) for power system modeling. LSTM networks, a type of recurrent neural network, excel at capturing temporal dependencies and dynamic behaviors within sequential data, such as time-series measurements of system states. PINNs, conversely, incorporate underlying physical laws – expressed as partial differential equations – directly into the neural network’s loss function. This integration ensures that the model’s predictions adhere to established physical constraints, even with limited or noisy data. By combining these approaches, LSTM-PINN offers enhanced accuracy in forecasting system dynamics while maintaining physical consistency, addressing limitations inherent in purely data-driven or physics-based models. The model’s architecture typically involves an LSTM layer to process temporal data, followed by a neural network structure informed by the power system’s governing equations, such as $\frac{d\mathbf{x}}{dt} = \mathbf{f}(\mathbf{x}, \mathbf{u})$ , where $\mathbf{x}$ represents the state vector, $\mathbf{u}$ the input, and $\mathbf{f}$ the system dynamics.

The incorporation of Physics-Informed Loss Functions within the LSTM-PINN hybrid model directly improves both predictive performance and state estimation reliability by minimizing the discrepancy between the model’s output and known physical laws governing power system behavior. These loss functions, typically based on the power flow equations or system dynamics $\frac{d\mathbf{x}}{dt} = \mathbf{f}(\mathbf{x})$ , constrain the neural network’s learning process to adhere to these fundamental principles. This constraint reduces the solution space, preventing physically implausible predictions and enabling accurate state estimation even with limited or noisy data. The resultant reduction in prediction error is particularly noticeable in extrapolative scenarios and under conditions of system stress, where traditional data-driven methods may fail to generalize effectively.

The integration of LSTM-PINN modeling establishes a framework for advanced power system management by facilitating the development of control strategies resilient to unforeseen disturbances and uncertainties. Accurate state estimation, enabled by the model’s physics-informed component, allows for predictive control actions that maintain system stability under varying conditions. Furthermore, deviations from expected system behavior, as defined by the incorporated physical laws, can be flagged as anomalies. This anomaly detection capability is achieved by monitoring the residual between the model’s predicted states and the actual observed states, providing an early warning system for potential equipment failures or cyberattacks. Consequently, the enhanced predictive and diagnostic capabilities contribute to improved grid reliability and security.

Adversarial Validation: Probing System Defenses

PHANTOM is a physics-aware adversarial network developed to assess the robustness of federated learning-coordinated Electric Vehicle (EV) charging systems. This network simulates malicious actors capable of manipulating the charging process to induce system stress. Its “physics-aware” designation indicates that PHANTOM incorporates models of power grid dynamics, allowing for the generation of realistic and effective attack strategies that account for the physical limitations and interdependencies within the transmission and distribution network. The network is designed to specifically target vulnerabilities arising from the coordination implemented by federated learning, providing a quantifiable measure of system resilience against coordinated attacks.

PHANTOM utilizes Multi-Agent Reinforcement Learning (MARL) to develop attack strategies by modeling each electric vehicle (EV) charging station as an independent agent. Two primary reinforcement learning algorithms are employed: Deep Q-Network (DQN) and Soft Actor-Critic (SAC). DQN, a value-based method, learns an optimal Q-function to maximize cumulative rewards through experience replay and target networks, enabling the agents to select actions based on predicted future outcomes. SAC, an actor-critic method, incorporates entropy maximization to encourage exploration and robustness, learning both a policy (actor) and a value function (critic). The simultaneous implementation of both algorithms allows for a comparative analysis of their performance in crafting effective, coordinated attacks against the federated learning-coordinated EV charging infrastructure, identifying strategies that exploit system vulnerabilities.

Transmission-Distribution Co-Simulation was utilized to assess the effects of coordinated adversarial attacks on a federated learning-coordinated electric vehicle charging system. Results from these simulations indicate that such attacks can induce a frequency deviation of 0.036 Hz within the power grid. This level of frequency deviation is indicative of substantial system stress and represents a significant operational concern, potentially leading to instability or cascading failures if not addressed. The simulations were designed to realistically model the interaction between transmission and distribution networks under attack conditions, providing quantifiable data on system vulnerability.

Simulation results utilizing the PHANTOM physics-aware adversarial network demonstrate the vulnerability of federated learning-coordinated electric vehicle charging systems to coordinated attacks. Specifically, analyses conducted through Transmission-Distribution Co-Simulation revealed that even sophisticated, multi-agent reinforcement learning-based attacks can induce a frequency deviation of 0.036 Hz within the system. This level of deviation indicates substantial system stress and potential instability, confirming that current security measures are insufficient to guarantee operational resilience. Consequently, the development and implementation of proactive defense mechanisms are critical for safeguarding the integrity and reliability of these increasingly complex power grid infrastructures.

Towards a Resilient and Secure Electric Mobility Future

The safeguarding of critical infrastructure, such as electric vehicle (EV) charging networks, demands a sophisticated approach to cybersecurity. Recent research highlights the synergy between physics-informed modeling and adversarial machine learning as a powerful defense strategy. By incorporating fundamental physical laws governing the charging process into the security framework, systems gain an inherent understanding of expected behaviors. This allows for the development of robust anomaly detection systems capable of distinguishing between legitimate fluctuations and malicious data injections. Simultaneously, adversarial machine learning techniques proactively identify potential attack vectors by simulating intelligent adversaries. This iterative process of attack and defense strengthens the system’s resilience, enabling it to anticipate and neutralize threats before they can disrupt operations or compromise the integrity of the EV charging network. The integration of these two methodologies moves beyond reactive security measures, establishing a proactive and adaptable defense posture for this vital component of modern infrastructure.

The increasing reliance on electric vehicle (EV) charging infrastructure introduces vulnerabilities to false data injection attacks, where malicious actors manipulate operational data to disrupt service or cause damage. Research indicates a proactive approach to security, centered on comprehensive understanding of potential attack vectors, is crucial for mitigation. This involves not simply reacting to threats, but anticipating them through detailed modeling of the charging network and its communication protocols. By identifying weaknesses in data streams – such as manipulated charging rates or grid frequency reports – and developing defense strategies like robust data validation and anomaly detection, the resilience of EV charging infrastructure can be significantly enhanced. Such strategies aim to ensure continued, reliable operation even under adversarial conditions, safeguarding both the grid and the vehicles it supports.

Initial investigations into Long Short-Term Memory (LSTM)-based anomaly detection systems for electric vehicle (EV) charging infrastructure revealed a limited capacity to withstand sophisticated attacks. While these systems offered some mitigation against malicious data injection, experiments demonstrated that adversarial agents could successfully learn to craft attacks specifically designed to evade detection. Notably, even with LSTM anomaly detection implemented, a measurable frequency deviation of 0.001 Hz persisted within the system – a significant improvement from the 0.0025 Hz deviation observed without any anomaly detection, but still indicative of a vulnerability that could potentially disrupt grid stability or compromise charging operations. This finding underscores the necessity for more robust security measures and adaptive defense strategies capable of anticipating and neutralizing increasingly complex attack vectors targeting critical infrastructure.

The security of electric vehicle (EV) charging infrastructure hinges on robust communication protocols, and the Open Charge Point Protocol (OCPP) currently serves as the dominant standard. However, vulnerabilities within OCPP can be exploited to compromise the entire charging ecosystem. Malicious actors could potentially manipulate charging sessions, disrupt grid stability, or even gain unauthorized access to connected vehicles. Addressing these weaknesses requires a multi-faceted approach, including rigorous security audits, the implementation of secure communication channels – such as Transport Layer Security (TLS) – and the development of intrusion detection systems tailored to OCPP’s specific message formats. Proactive vulnerability patching and adherence to best practices for secure configuration are also crucial steps in fortifying the protocol against evolving threats and ensuring the reliable, safe operation of EV charging networks.

The presented work dissects complexity within a critical infrastructure system – electric vehicle charging – revealing vulnerabilities masked by its inherent interconnectedness. It echoes a principle of elegant reduction; the framework doesn’t add layers of defense, but rather removes the camouflage of assumed security through adversarial simulation. As Alan Turing observed, “Sometimes people who are unhappy tend to look for happiness in the wrong places.” Similarly, current cybersecurity approaches often focus on complex detection systems when the fundamental flaw lies in a lack of physics-aware modeling. The study demonstrates that a system relying on unverified assumptions-even if seemingly robust-has already begun to fail, requiring a return to foundational principles for true resilience.

Further Horizons

The presented work exposes a predictable fragility: complex systems, even those attempting to mimic physical realities, remain susceptible to precisely calibrated deception. The exercise is not novel-any model is a simplification, and any simplification is a potential point of failure. However, the specific vector-attacking the coordination of a distributed physical system-demands further scrutiny. Future efforts should not focus on detecting the attacks themselves-detection is always a lagging indicator-but on building resilience into the system’s fundamental logic.

A critical limitation lies in the fidelity of the physics-informed neural network. The model, by necessity, abstracts reality. This abstraction introduces a gap between simulation and the physical world, a gap an attacker can exploit. Reducing this gap-perhaps through real-time data assimilation or more nuanced physical modeling-is paramount, though the law of diminishing returns inevitably applies. The question isn’t ‘how do we make the model more complex?’ but ‘what elements can we confidently discard without sacrificing essential robustness?’

Ultimately, this work serves as a reminder that cybersecurity is not merely a software problem. It is a problem of control, of information, and of the inherent limits of prediction. The next phase requires a shift in focus: from defending against attacks, to designing systems that are, by their very nature, unassailable – or, at least, acceptably indifferent to them.

Original article: https://arxiv.org/pdf/2512.22381.pdf

Contact the author: https://www.linkedin.com/in/avetisyan/

The Expanding Attack Surface of Electric Mobility

Physics-Informed Modeling: A Foundation for Resilience

Adversarial Validation: Probing System Defenses

Towards a Resilient and Secure Electric Mobility Future

Further Horizons

See also: