Modelling of the Electric Vehicle Charging Infrastructure as Cyber Physical Power Systems: A Review on Components, Standards, Vulnerabilities and Attacks

Many scenarios of attacks on the CPS exist in the real world. The expansion of applications of cyber systems in different disciplines results in an increase in the various vulnerable areas. These vulnerable areas increase the likelihood of adversaries, launching various types of cyber attacks. A few incidents and blackouts resulting from CPS attacks in various fields are illustrated in this section to show the severity of the problem.

In 1982, the manipulation of the gas pipeline control software, which was developed by the Central Intelligence Agency (CIA), resulted in exceeded pressure limits that led to a massive explosion [5]. In 2003, the penetration of the slammer worm into the David-Besse nuclear plant through the contractor’s network resulted in the disabling of system indicators and safety parameters for 5 hours [6]. Due to this, the control operators are unable to monitor the temperature of the reactor core which is a crucial parameter. Another incident occurred where a hacker penetrated the testing generator of USA in 2007 causing a rapid succession of turn on and off of its circuit breaker that made the generator explode resulting in a loss of 1 million dollars [7].

On December 23, 2015, a major blackout took place in Kyiv, Ukraine, affecting three major distribution companies and 225,000 customers for several hours. The investigations revealed that the blackout was caused due to the involvement of a cyber attack affecting seven 110KV and 23KV substations. The attackers invaded the supervisory control and data acquisition system (SCADA) and opened all the circuit breakers leaving the operator with no access for possible restoration[8]. Another cyber attack took place in Kyiv by shutting down the 200MW generation which is equivalent to 20% of the nighttime electrical energy consumption of that place [9]. The impacts of a few other cyber are provided in Table I. Furthermore, between 2010 and 2014, the US Department of Energy (DoE) documented 150 successful assaults on systems that housed data about electrical infrastructure [10].

Cyberattacks have increased in recent years, such as the attack on U.S. based power utilities on March 5, 2019 [17], Kudankulam nuclear power plant attack in India [18] and the man-in-the-middle attack in Nuclear Power Corporation of India Limited (NPCIL) [19] on October 30, 2019. Other recent victims of the cyber attacks are Schneider Electric and Siemens Energy, which were targeted by ransomware groups the MOVEit attack. MOVEit [20] is a software tool used for the managed file transfer (MFT). On May 30, 2023, Siemens confirmed that they were victims of the attack, stating that no critical data was compromised and their operations were not affected. Schneider Electric was informed on June 26, 2023, that they had been the target of a cyberattack related to MOVEit, but Schneider Electric only stated that they were looking into this assertion [21]. Further, the details and analysis of these cyber attack incidents are found in [22].

It is found in the literature review, that there are only a few review articles that consider the various aspects of EVCI as CPS. One of the first articles to provide a detailed review of EV charging security with a focus on the device and network-level vulnerabilities that are more frequent at EV, EV charging station (CS), and grid levels is [23]. It also examines feasible cyber attack scenarios on EVCI and its network, assessing the technical and financial risks posed to power grids, including demand-side attacks. A critical review of cyber attacks and cybersecurity on load frequency control (LFC) of the power systems is presented in [24]. The modeling of the energy cyber physical paths and review of aligning its research paths are presented in [25]. Rajaa et al. of [22] describe the different modeling and simulation methods of the cyber physical power systems (CPPS) with cybersecurity analysis and applications. CPPS is an integration of the physical power system with the cyber system (or unit). These systems cover the various domains of electrical power system like generation, transmission, distribution and utilization [26, 27]. Apart from these, a lot of papers are available for review on CPPS and cybersecurity applications [28, 29, 30]. Integration of renewable energy sources (RES) with EV technologies is assessed in [31]. The contribution of this article is explained as follows:

1. 1.

   Several reasons and components that portray the EVCI as a CPS are presented. Furthermore, it adds a comprehensive description of the constituents within the cyber and physical layers of the EVCI, and the interaction between the layers.

2. 2.

   An architectural model for the EVCI is introduced, as depicted in Fig. 1. This model illustrates the key components of EVCI and outlines the pathways for communication and power flow.

3. 3.

   Charging stations are categorized according to the charging methodologies, such as on-board and off-board charging methods, providing a comprehensive evaluation of the EVCI.

4. 4.

   various standards and protocols required for the EVCI, to achieve interoperability, safety, efficiency, data communication, grid integration, and regulatory compliances are explained with their latest versions and are categorized based on the defining organizations and institutions..

5. 5.

   Several nodes in the EVCI that are vulnerable to cyber attacks are identified and classified based on the variations in the attacks that are possible to occur.

6. 6.

   The importance of cybersecurity for the EVCI by indicating the effects of cyber attacks on social and economic fronts is presented. Also, the objectives, prerequisites, and challenges associated with implementing cybersecurity measures are emphasized.

7. 7.

   The attack detection and defense techniques are paired together since the majority of detection techniques have built-in defense capabilities, such as isolating the affected areas.

8. 8.

   Intrusions, anomalies, and attacks are collectively treated as a cohesive unit, due to their similar impact on the system. Several research articles are reviewed for anomaly detection, which focuses on unavailability of the abnormal data.

This paper is structured so that the introduction and history of the many cyberattacks that have taken place are included in the introduction section. Section II provides the definition of CPS and CPPS, and illustrates how EVCI can be considered a CPS, and also describes the various components of EVCI. The architecture of the EVCI and the developments in the EVCI and the EV industry are discussed. Towards the later end of the section, the classification of EVCI based on the type of charging system adopted and role of communications in EVCI is explained and then a brief about the battery technologies and the mechanisms adopted is presented. The various standards and protocols used in the EVCI for different purposes such as the EVCI development, charging ports, safety measures, and communication standards are presented in Section III. Section IV details the cyber security of the CPS where the objectives of the CPS are mentioned along with the impacts of the cyber attacks (both technical and social). Also, the requirements for the cyber security along with the challenges in implementing cyber security are described. Section V explains the different vulnerable points where the occurrence of cyber-attacks is frequent. Further, different types of possible attacks are also mentioned. Section VI provides a brief overview of the few attack detection and defense mechanisms. Finally, Section VII provides the future research gaps and the conclusions.

The typical structural architecture of EVCI with its detailed representation is shown in Fig. 1. The power flow and information flow are distinguished. For more reliability and flexibility in operation, both the lines are made bi-directional in nature. The list of the architectural components of the EVCI are as follows:

1. 1.

   Electric Vehicle Supply Equipment (EVSE) - It is a core sub-component of the charging station that provides the connectivity for the EV to charge and discharge [32].

2. 2.

   Electric Vehicle (EV) - TThough EVs are not always connected to the EVCI, they are considered as a critical component due to the different types of batteries available in the EVs arriving at the EVCI. Table II shows the different EV models and their manufacturers. Since most of the EVs store the energy in their batteries are rechargeable, the charging process of the EV is a plug-in charging type, or battery swapping type. However, the main concern for charging the EVs is the batteries. A detailed study of the technologies and other aspects of the batteries is provided in further sections. Furthermore, the EVs are classified as hybrid electric vehicles (HEV) and pure EVs [33].

3. 3.

   Charging Station Management System (CSMS) - The main tasks of CSMS include hosting user applications, collecting and storing the user charging data, communicating with the different parts through which the power flow occurs, defining the operational parameters based on user input data, and the status of EVs and utility, and maintaining a database for the maintenance services. To ensure the quality of the power supply and also to step the voltages to a suitable level, the charging stations are connected to the utility through the transformers as shown in Fig. 1. The CSMS also contains the different switching panels connected to various levels and parts of the EVCI. Modern panels are operated both manually (remote and local) and automated. Additional details on switchgear and switch panels are provided in further sections.

4. 4.

   Charging Station (CS) - It is managed by the CSMS. It controls the power flow thereby controlling the charging process, It hosts a collection of one or more charging ports.

5. 5.

   Controller or Optimizer - The functions of this unit are to regulate the power flow from the different power sources (grid, DERs, and storage systems). Power regulation is performed by considering different aspects such as power sharing, pricing schemes etc., and it also controls the charging power limits in the charging stations.

6. 6.

   Distribution System Operator (DSO) - The DSO’s primary responsibility is to make sure the end-user has access to electricity. The DSO controls the flow of electricity to the charging location and grid decongestion depending on the data feedback from the EV [34]. Similarly, a charging point operator (CPO) is an organization or person who oversees the EV charging network. The choices of CPO’s are implemented by CSMS.

7. 7.

   Energy Management System (EMS) - It is an intermediate control system that controls the power flow from the sources. It acts as an alternative power source (such as DERs, and storage systems) from the grid. If an EMS is present in the charging system, then the required power for the charging may be supplied directly from the grid or from the DERs whenever necessary.

8. 8.

   Service Provider - These are third-party operators, consisting of the different industries that provide the interface for the EVSE owner, DSO, and CS operator. The services provided by this unit are web-based, application-based, manual-based etc., The level of the service depends upon the subscription taken by the EVSE owner, DSO, and CS operator. They offer services such as visualization, storage of information, secured data exchange between entities, payment gateways, etc.,

9. 9.

   EV User Interface - It is also a third-party component that is dependent on the service provider. It displays the information it gets through a mobile app or a web-based portal that helps the EV user to monitor the charge duration, current status of the EV, pricing details, and also in making digital payments. Overall, it works as human machine interface (HMI).

The details of the technical advancements in the EVCI from grid to battery are found in [35]. For fast charging, extensive cooling of the battery is mandatory, during and before charging of the battery to prevent battery aging. During this process some of the parts of the EV exceed the on-board charging power limits, these are to be branched from the charging power. Single-phase AC chargers are present at home and office parking places. The three-phase AC moderate charging stations cover up to a power of 25kW, while the fast DC charging stations are fast covering up to 400kW, and are possible to project as high as 900kW.

Japanese automakers and industries promoted ”Charge de Move” (CHAdeMO) which began with a maximum power of 50kW which is enough for 24kWh batteries, but not suitable for batteries of capacity 40kWh or more. So the specifications were updated up to 100kWh in 2017, and in 2018, further updated to 400kWh in CHAdeMO 2.0. Finally, in the third version, it was updated to charge a rate of 900kW to reduce the charging times and also accommodate larger and heavier vehicles. This version supports the current and voltage ratings upto 600A and 1.5kV. The most recent version in the domain of field testing is CHAdeMO 3.0.1, also known as ChaoJi-2, while the forthcoming version, known as CHAdeMO 4.0, or Ultra-ChaoJi is currently in the planning phase. With the increased connectivity, the EVSE network is integrated with the Internet of Things (IoT) of EVs and is represented as a necessary cyber-physical component of the contemporary grid.

The technologies in the battery manufacturing have advanced significantly since 2010. A typical EV battery’s projected life is roughly 8 years or 160,000 miles, which is higher than earlier batteries’ power and energy densities at lower prices. Because of this, the majority of mass-market EVs now on the market do possess a driving range greater than 320 km with 44kWh of average capacity. However, due to the fact that modern EVs do not get charged as quickly as anticipated when using standard 50kW chargers, this capacity development has created significant issues relating to battery chargers and charging rates. The improvements in battery technology and the usage of large size batteries may also confuse labeling the existing DC infrastructures. This results in the existing home EV owners being installed with the fast charging stations at an additional cost of around $ 4000. The interests of EV architectures in the 400-900V range require modifications in the existing regulations. The utilization of the 800V voltage range is also employed to effectively double the charging power while adhering to the same cable constraints. Most of the standards are compatible with the EV technology voltage range of 600V [35, 36, 37, 38]. Even though electric vehicles are popular in many countries, they do have some technical barriers that limit their usage. The major issues are related to battery charging as explained previously. Even after the adoption of ultra-fast charging methods, due to limited charging networks and a significant amount of time spent by the EV as compared to the traditional fuel vehicle, there exists vehicle congestion at charging stations.

There are many papers and articles available in the literature for the classification of the EVCI. In $2012$ the EVCI classification was based upon the type of the topology of power electronic used [39]. In [40], EVCI is classified into three categories based on the mode of energy transfer i.e., conductive charging systems, wireless charging systems, and battery swapping systems. The conductive charging is further divided into slow, semi-fast, and fast charging techniques. The wireless charging into static, dynamic, and quasi-dynamic charging techniques. And the battery swapping into top, bottom, side and rear swapping techniques depends upon the battery placement in the EV. In [33], the EVCIs are classified based upon the types of power flow i.e., ac or dc, and further, each category is divided into different levels that are sub-categorized by the fixed voltage and power levels. Samrat et al. in [23] shows the classification of EVCI in combination of the cyber and physical layer.

The CPPS interconnection protocol enables communication between the various integrated heterogeneous systems of CPS. The primary goal of this protocol is to provide CPPS heterogeneity at three separate levels, including functions like interoperability, policy regulation, and performance assurance. There exist three levels of interactions in the CPPS occurring at different stages [22] such as:

1. 1.

   Generator, transformer, transmission line, dynamic load, etc., with the power system controller

2. 2.

   Power system control and communication infrastructure.

3. 3.

   Communication infrastructure and the cyber system.

The cyber unit in the CPPS is to perform advanced operations in the power grid like state estimation, forecasting, reactive power control, voltage control, oscillation monitoring, operations planning, stability analysis, model validation, etc., as its primary function at the healthy state of operation. The communication established between the cyber and physical layer are divided into two categories:

• •

  Wired Communications: Power line carrier communications (PLCC), Ethernet, CAN, fiber optic, etc.,

• •

  Wireless Communications: Bluetooth, wifi, zigbee, broadcasting, local area network (LAN), web-based, smart applications, etc.,

In an EVCI, communications are required for the information exchange between the EVs, EV users, DSO, EMS and CSMS. Since most of the EVCI uses modern wireless communication methods but there exists some areas such as between the EVs communicating with EVCIs and the internal EV communications that follow CAN bus or PLCC protocols that are vulnerable to cyber attacks [50]. The EVCI may internally communicate in wired or wireless mode. The wireless communication is used to performs operations such as regulating power flow from the grid and EMS by sending commands (reference and setting vlues) to the control devices of the EVCI and EMS. The EVs and the EVCI communicate with the EV users by exchanging information like pricing data, charging information, EV arriving and departure time at the charging stations, SoC, and few other values. A dark fiber base is used in [51] for building a secure communication network for ECVI. The standards and the protocols adopted in the EVCI are discussed in Section III-G.

The first EV was spotted driving on the road in late $1800$s, after the creation of rechargeable lead acid batteries and electric motors. But in the early 1920s, internal combustion engines dominated the EV market industry and all the EVS vanished as a result of their heavy weight (due to batteries), short trip range, prolonged charging time, and short lifespan of batteries [52]. The latest trends in EV batteries and their technologies are described in [53]. EV batteries differ significantly from batteries used in consumer electronics. They must be able to manage high power (up to $100$ kW) and large energy capacity (up to tens of kWh) while taking up minimum space, weight and cost [54]. The different battery technologies used in the EV are NIMH (Nickel-metal hydrate), Li-ion (Lithium-ion), Lithium polymer, Sodium/Metal Chloride etc.,

Recent advances in the technologies of the smart grid prove that the EV batteries at the charging stations along with the energy storage system are used for supporting the grid and other ancillary services[23] and get incentives in return for these services. The payment architecture and the methods are discussed in Section II-G. There are different characteristics of the battery namely capacity, energy density, charge state, specific energy, specific power, charge cycles, lifespan, internal resistance, and efficacy [55]. The capacity of the batteries differs from one EV to another. The integration of these batteries into EVs necessitates specific engineering design and compliance with rigorous requirements. The process involves the implementation of numerous protective mechanisms and the mitigation of various technical challenges to ensure the seamless integration of the battery within the EV [56].

From 2 million in 2018 to 10 million in 2022, the global EV sales grew and hence the charging demand [61]. To fulfill this growing charging demand for the EVs, a competitive market situation is very certain where a number of self-interested charging stations compete with one another in this environment to increase their profits. Similarly, EVs would try to lower their charging expenses. A comprehensive pricing scheme is proposed in [62] based on the above-mentioned two conditions ie., the EVCI maximizes their profits while the EV owners strive to decrease their charging cost. The interaction between the multiple charging stations is treated as non-cooperative game theory and a Nash equilibrium (NE) pricing based on game theory is derived. The primary locations for EV charging include the workplace, the house, public spaces within neighborhood regions, and rest stops throughout long-distance traveling situations. The likelihood of charging is dependent on a number of variables, including range anxiety, practicality, the location of chargers, as well as knowledge of battery degeneration. When individuals use EVs for longer trips and have to stop frequently to recharge their vehicles, this aspect becomes much more noticeable [63].

There were many pricing models available [64, 65, 63, 66] and are classified as follows:

• •

  Fixed-rate pricing model - This pricing model is suitable for the new market player that adopts lower prices than the present competitive prices. An example of this model is shown in [67] where the EV charging is done at a constant rate by optimizing the energy flow between the DERs and the grid during the off-peak and the peak hours.

• •

  Time-based pricing model - This model is based on how long the charging period lasts. It is a structure where the EV user pays a particular amount of time for charging the vehicle per minute [68]. Different EV models charge for different time periods. This makes it unfair to some EVs as they take longer duration to charge a similar amount of energy. The primary benefit is that the user won’t have to worry about the quantity of power required to charge the EV. This method is adopted mainly in different parking lots (offices, shopping malls, movie halls etc.,) where the EV doesn’t tend to leave even after the charging process is completed and thereby prevents the blocking of access to other EVs.

• •

  Energy-based pricing model: This model charges the customer based on the amount of energy consumed by the EV (per kWh). This method is more accurate and adopts a fair pricing scheme and also encourages the fast charging techniques. The main drawback of this model is for a typical EV driver, it is more challenging to comprehend and compute.

• •

  Hybrid pricing model: This pricing model combines the both time based and the energy based models for ensuring the fair pricing both to the EVs and by the EVCIs. This model also prevents the access blocking of the upcoming EV by the present EVs.

• •

  Advanced Pricing models: These are further divided into two categories as described below:

  1. 1.

     Charging during off-peak/peak hours: This price model offers the incentives and the discounts for the EVs those who charge during the off-peak hours and imposes high cost for the EVs who charge their vehicles during peak hours. Generally this model adopts dynamic pricing and the time-of-use (ToU) pricing methods [69, 70]. This model also helps in scheduling the charging based on prices [71].

  2. 2.

     Pricing based on the type of EV charger: This pricing model allocates various prices based on the different types of chargers used, the number of charging ports, and the type of charging mechanism the EV adopts. This method offers premium chargers to the users who select the fast and extremely fast charging process as compared to the other process. Besides, these models also set high priority for the EVs that are ready to pay the premium rates to avoid waiting periods.

Switchgear is the essential component of the level-3 charging stations (also referred to as DC fast charging stations). Conventional switchgear typically consists of electrical panels that are tasked with receiving, distributing, and protecting the power equipment’s machinery and wiring. Generally, these panels are produced by different manufacturers (NEXPHASE^TM [72], ABB [73], Schneider [74] etc.,) and their installation and wiring require engineering design. These switchgear panels exist separately for different voltage levels like high Voltage (HV), medium Voltage (MV), and low Voltage (LV) switchgear. The components of the traditional switchgear are fuses, relays, switches, isolators, circuit breakers, lightning arresters, and transformers, the panels included in the traditional switchgear are the utility meter, power disconnect panel, transformer, and current transformer cabinet. These switchgear play a crucial role in controlling the EVCI. Franklin electric fueling systems [75] is one of the organizations that describes the specifications or the requirements for the smart switch gear panels of EVCI. The specifications that distinguish these smart panels from traditional panels are

• •

  Integrated cellular modern communications.

• •

  Remote EV charger power cycling.

• •

  EV charger crash detection or Flammable vapor monitoring capability.

• •

  Remote web interface for monitoring, control, and reporting.

• •

  E-stop integration capability (seamless integration of robotic systems that strategically reach its customers).

• •

  Integration pest & rodent intrusion mitigation.

• •

  Flood detection with automated shutdown.

The IEC is a British organization that creates standards for technologies that are linked to electrical, electronic and other related fields.

1. 1.

   IEC61851 - It covers the standards for the operation of EV for conductive charging systems and is applicable to both off-board and on-board charging systems with supply voltages of 1000V AC and 1500V DC. The initial version of this standard is sorted into three cases depending upon the charging cable attachment and placement. Upgrading to IEC61851-21 has two versions the former explains about the electromagnetic compatibility (EMC) standards of onboard charging and the later one for the off-board charger EMC requirements for conductive charging. The standards required for fast DC charging are described in the IEC61851-23 version and for this the communication between the charging management systems (CMS) and the EV controller and the EVSE.

2. 2.

   IEC61890 - It is applicable to the wireless power transfer (WPT) based charging system and also to the WPT systems combined with onsite storage systems.

3. 3.

   IEC62196 - This standard has three sections, the first one contains general specifications for EV connectors, including plugs, socket outlets, vehicle couplers, and vehicle inlets. The second is used to standardize the types of mains in the connecting system namely, types 1,2 and 3 to the modes 1, 2 and 3. In the third section, the detailed descriptions of the specific designs for vehicle connectors and inlets tailored for DC charging in mode 4 for electric vehicles [88]. The types and modes are discussed elaborately in Table III & Table IV.

SAE International is a global professional organization and standards development body for the engineering industry, covering a wide range of topics related to the design, testing, manufacturing, and performance of vehicles and their components. These standards are intended to establish consistent engineering practices and specifications to ensure safety, reliability, and performance in various applications.

1. 1.

   SAEJ2293 - It signifies the charging needs of both on board and off board charging systems, dividing into two sections one for the power requirements along with identifying EVSE location as optional and the other for the communication and network design [89, 90].

2. 2.

   SAEJ1772 - It explains the ratings of the equipment like circuit breaker along with the charging voltage and current ratings [33]. It also signifies the levels of voltage and current ratings for the different charging levels. Recent versions of this standard recommends about the standard for the charge connectors for conductive charging [91].

3. 3.

   SAEJ1773 - This standard outlines the minimal interface compatibility specifications for an EV manually connected inductive charging system of level $1$ and $2$ chargers. The software messaging requirements are present in Appendix. A and the recent versions provides the recommended software interfacing message requirements in Appendix. B of the document [92].

4. 4.

   SAEJ2931 - The requirements for digital communication between EVs, EVSEs, utilities, energy service interfaces, advanced metering infrastructure (AMI), and home area networks (HAN) are established by this standard. The establishment of an EV communication network in a smart grid context is also specified. Table V shows the different versions of these standards.

5. 5.

   SAEJ2836 & SAEJ2847 - These two standards combined with SAEJ1772 enumerate the requirements for communication between EV and EVCI. The former specifies the communication requirements and the latter one for the use case and for providing the testing infrastructure.

6. 6.

   SAEJ2954 - It is the world’s first WPT specification for EVs. The initial version supports up to level 2 charging but the latest version is upto level 3 (1.1 kW). This standard also incorporates autonomous charging, smooth EV parking, and payment establishment.

IEEE is a global organization that develops standards for a wide range of industries, with a primary focus being electric and electronic engineering. It covers diverse areas including telecommunications, information technology, power and energy, biomedical, etc., The standards of this organization play a vital role in ensuring reliability, interoperability, and safety in various technologies and industries.

• •

  IEEE 1547 - It recommends the practices for integrating the distributed energy resources with the grid with a collective capacity of 10MVA. It covers the requirements for testing, operating, maintenance, and other safety considerations. Including these functions, the major focus of this standard describes Islanding operations [93]. It also explains the requirements for the grid modernization [94].

• •

  IEEE 2030 - This standard has a lot of versions, to encourage effective and quick charging between electric vehicles and DC quick chargers, the year 2015 version standard specifies specifications for the designs of electric vehicles and DC quick chargers. Additionally, it details how electric vehicles and rapid charges work together [95]. The latest version released in the year 2022, and the scope of this version lies in the design interface of EV that utilize the battery EV as power storage devices and DC bi-directional chargers [96].

• •

  IEEE P1547 - This specifies the standards for different aspects of grid integration of DERs. This standard has lot of versions released in different years [97, 98, 99, 100].

UL is a recognized standards maker in the US and Canada with more than a century of expertise creating more than 1,500 Standards. UL Standards collaborates with national standards organizations in various nations to create a safer, more sustainable society as part of its expanded worldwide public safety mission [105].

• •

  UL2231 - This standard specifies the personnel protection for EV supply circuits and has two sections, UL$2331-1$ revised in 2021, it covers standards for grounding of different equipment and also applicable to systems where any accessible area of the charging system offers continuous current less than $70$ mA RMS [106]. The second section UL$2231-2$ version covers about the photovoltaic plates and inverters by providing the AC power and also the grid integration. These specifications also apply to equipment and systems for quick shutdown [107].

• •

  UL2594 - This standard is applicable to conductive electric vehicle (EV) supply equipment that is designed to supply AC power to an electric vehicle with an on-board charging unit with a primary source voltage of 1000V AC or less, and a frequency of 50 or 60 Hz. This standard applies to electrical vehicle supply equipment designed for non-ventilation environments [108].

• •

  UL1741 - These specifications apply to all inverters, converters, charge controllers, and interconnection system equipment (ISE) intended for use in grid-connected or standalone power systems. To supply electricity to shared loads, interactive inverters, converters, and ISEs are designed to be run in parallel with the grid. These requirements apply to both power systems that combine other alternative energy sources with inverters, converters, charge controllers, and ISE, in system-specific combinations, and AC modules that combine flat-plate photovoltaic modules and inverters to provide AC output power for stand-alone use or interaction with the electric power system (EPS), commonly the electric utility grid [109].

• •

  UL62109-1 - This standard specifies the safety of power electronic converters considering the issues of electrical shocks, energy hazards, mechanical risks, risks associated with high temperatures, spread of fire from the equipment, risks associated with chemicals, risks associated with sonic pressure, risks associated with released fluids and gases, and risks associated with explosions [110].

The installation, upkeep, and operation of EV charging equipment are all covered in great detail in the NEC code [111] for EV charging stations. It addresses issues like:

• •

  Requirements of the safety for the charging installation equipment.

• •

  Grounding requirements for EV charging equipment.

• •

  Specifications for protection of cables and cords.

• •

  Defining the specifications for equipment protection against fault currents and over currents.

In the coming years, EV charging facilities will become increasingly important. The NEC code must be adhered to guarantee user security and the effective operation of the charging stations. The installation, usage, and maintenance of an EVCI compiled with NEC requirements guarantees risk-free, dependable, and offers the best user experience.

A few examples of charging connectors are as follows:

• •

  CHArge de MOve (CHAdeMO): CHAdeMO is a standard for DC charging that enables the seamless communication between the EV and the charger. It promises a simple, fast, and robust charging experience to all EV users. Almost 50,000 charging points are established in 98 countries. This standard enables over 500kW aiming to 900kW (600A X 1.5kV) to 1.8MW. Table VI displays the improvements in the different versions of CHAdeMO charging system ratings from 2017 to 2023.

• •

  Combined Charging System (CCS): It specifies a single connector arrangement that has room for a Type-1 or 2 connector and a two-pin DC connector that supports charging at up to 200 amps on the vehicle side. The 2011 vehicle incompatibilities, which were mostly due to a lack of hardware standards at first, are diminished over time. These inconsistencies were addressed in 2014 with the introduction of the first and only open charging system, the combined charging system (CCS), supported by the CharIn organization. The CCS recommends a general solution that addresses high power DC, single-phase and three-phase AC. Initially, in 2016 this system’s objectives were defined for chargers up to 200kW with a voltage range of 200-1,000V. The recent advances in the CCS permit a maximum power of 400kW for mid-ranged EVs and cover a 1.5kV and 3kA freight EVs [35].

• •

  Guobiao Standards (GB$/$t): Manufacturers of EVs in China and India use the DC fast chargers described in the Guobiao (GB/T) 20234.3-2015 standard, which was revised in 2015 and first issued in 2011 by the China electricity council. This standard provides the controller area network (CAN) bus communication interface, which is identical to CHAdeMO, for DC charging of batteries with maximum ratings of 950V and 250A. The 2018 revision of the standard preserved this CAN communication platform and used in the ChaoJi charging standard of 2020 version [35, 112].

To make it easier for different entities to communicate and exchange data, communication protocols offer a set of rules and principles. For the purpose of assurance, and compatibility across the various systems, a protocol would describe the interface between two or more interacting entities [114]. A variety of protocols and standards are used to control network communication in an EV charging system, also known as a Plug-in electric vehicle (PEV) network, because several entities must connect in an efficient and secure way. Various communication protocols that are associated with different EV eco-systems categorized in [115] are as follows;

• •

  Front End Protocols - These protocols establish the connection between the EV and the EVSE along with the requirements such as plugs, charging topologies, safety, and bi-directional power flow etc., Few examples that define these standards are CHAdeMO, CCS, ISO-15118-20.

• •

  Back End Protocols - It emphasizes the communication and cybersecurity requirements that define the charging point operator and a third party. Typical examples consist of open charge point protocol (OCPP), IEC631000, Open automated demand response (OpenADR), EEBUS, and IEEE2030.5.

All the charging ports communicate with the EV by adopting the CAN (Controller Area Network)bus protocols. It allows internal communication between the different parts of an EV without a central processor. It uses electronic control units (ECU) for the message transfer in an unencrypted form. modern EVs opt for the telematic control units (TCU) for the security guarantee by internet connection. Another front-end system protocol is used in ISO 15118, it differs from the CAN bus in the way that it establishes the requirements for physical and data link layers i.e., it specifies the requirements for the wireless data transfer in charging applications.

OCPP is the most accepted standard which is in operation and installed in more than 65,000 companies and is supported by open charge alliance (OCA). The first foundation for OCPP was liad by the Dutch foundation ElaadNL for supporting the communication between the backend systems and the charging points [116]. It defines the communication protocols between the chargers and charging station management systems. Table VII shows the hierarchical versions of OCPP released. The most recent version-2.0 provides encrypted upgrades to the firmware, security logging and event reporting, authenticating, and secure communication safety profiles.

The communication between most of the EVCI entities such as aggregator, chargers, EVSE etc., were defined by the IEEE$2030.5$ protocol [120]. Security is its top priority. It provides certifications that are unable to be changed or revoked and must be kept private. Hence these standards are opted for a smaller area where scaling is not required. OpenADR (Open Automatic Demand Response) is the most applicable protocol in the context of data and signals exchange [121]. The EEBus public specification is free, but the underlying implementation (i.e., the code) is not [115]. EEBus is a set of protocols that have been used by several corporations in order to integrate communications in the IoT devices. They are particularly concerned with the data structure and communication transmitted between entities. They define multiple protocols at various communication layers.

The fundamental objectives for analyzing the cyber-security model of the CPPS are confidentiality, integrity, and availability (CIA). The use of security related policies, standards, and guidelines are required to verify the security of the EVCI’s communication infrastructure. Since the EVCI grid integration is similar to the integration of the distributed energy systems (DER), the AAA framework, which stands for authentication, authorization, and accounting, is used to handle the CIA of the EVCI’s cyber security. This section discusses the CIA model in its standard configuration [122, 123, 124, 125].

The protection of data from unauthorized access or disclosure is termed confidentiality. It means that the information access must be provided only by authorized people so the authorized users are unable to get the access. It is one of the most prominent issues for users and contains privacy. Mechanisms such as access control policies and encryption are common ways of enforcing confidentiality. Additionally, access control generally governs how entities are authorized to carry out operations. To enforce access restrictions according to distinct permission tiers, individuals are frequently categorized into various groups for the purpose of authorization control [126].

The tampering of data by anyone or anything must not be entertained. All types of data must be verified as being accurate and unaltered. Therefore, it is forbidden to update the data in an unauthorized or undetectable way. Integrity is the defense of data against unlawful erasure and modification. Integrity also refers to upholding and guaranteeing the veracity of the data. A safe real-time monitoring system for smart grids is made possible by integrity. The integrity of a system is ensured through a variety of procedures and methods, including the provision of mutual exclusion mechanisms, error detection, file system correction, cyclic redundancy checking (CRC), hardware RAID (redundant array of independent disks), and hash functions (employed to transform data of variable sizes into consistent).

Providing qualified persons with dependable, ongoing access to information is referred to as availability. The appropriate analysis, design, implementation, redundancy and configuration of a system or network generally improves availability. It has to do with having the ability to access resources or obtain information. It serves to safeguard the information system against malfunction. Information may be distorted, blocked, or delayed via availability assaults. Generally speaking, preventing denial of service (DoS) attacks that cause blackouts is necessary for data availability. The various types of attacks are discussed in Section V-B.

Along with the CIA triad, non-repudiation is the one that has the necessity to accept data when the communication is permitted or legal, is another idea mentioned in the literature [123]. The data received by the assets should be denied at a later stage and this is termed as non-repudiation.

The CPPS faces a serious security risk from cyberattacks. According to recent studies, the effects of cyberattacks on CPPs are growing. System stability, i.e., how the attackers’ disruptive activity might affect system stability by causing cascade failure, and the economy, i.e., how the attackers make money, are the two main effects of cyberattacks. The impacts and consequences [127] of cyber attacks are as follows:

• •

  Cascading Failures: As a consequence of the interdependence among components within the power system, the failure of one piece of equipment has the potential to trigger subsequent failures in a cascading fashion, leading to cascading failures. The interaction between the physical and cyber layers of the CPPS has improved the functionality of the power system. However, due to the characteristics of such interconnected systems, these are susceptible to breakdowns, natural calamities, and notably cyberattacks. The criticality of the blackouts in the power system due to cascading failures is discussed in [128]. For example, a cyber attack on the Ukrainian power grid on December 23, 2015, caused a power outage that affected 225,000 people. [129].

• •

  Impact on Stable Operation: The reliable operation of electricity systems may be impacted by the cascading failures brought on by cyberattacks. When cyberattacks related to false data and information are successfully performed on CPPS, it affects the steady functioning of the system. These fake measurements transmitted due to cyberattacks will lead to the control parameters taking wrong setting values that may compromise the overall stability.

• •

  Economic Impacts: The quality of power supply depends upon its continuity, and reliability etc., Since the cyberattacks may lead to the cascading failures of the power system, the economy could be negatively impacted by the cascade failures brought on by cyberattacks, which is another major concern. The majority of attackers have economic objectives, such as pursuing their own interests or working for adversarial nations to stifle the economic growth of other nations. The economic impacts of the cyber security are as follows:

  • –

    Decrease in the economy of the power sector units and the generation companies (including DERs) due to energy theft. This was achieved by the attackers by directly modifying the data in their own AMI (adopted by smart grids) for economic benefits and also by changing the pricing scheme of the system. Both circumstances will result in illegal profits for the attackers. For these types of attacks, the attacker doesn’t need to have the domain knowledge of the power system.

  • –

    Grid topology changing attacks and load disruption attacks by creating unnecessary load shedding, cascading blackouts, and few power disruptions. These attacks may also lead to a decrease in profits because of the interruptions in the power supply.

  Furthermore, the detailed investigation of the economic impacts of the cyber attacks is done in [130].

Although data market strategies are relatively novel concepts, data-driven applications have already gained a significant foothold in the energy sector. Demand response, short-term and long-term load forecasting, electricity price forecasting, RES generation forecasts, and study of power system faults and failures are some of the factors impacted by cyberattacks on the energy markets.

Authorization, authenticity, and accountability (AAA) are the basic requirements of cyber security as mentioned in the above Section IV-A. Apart from these the additional requirements are privacy, dependability, survivability, and safety criticality. This section explains the various requirements of cybersecurity along with their inter-dependability.

Dependability refers to the system’s ability for accurate and on-time delivery services time while avoiding serious internal flaws. Dependability guarantees that services are provided even when there are internal problems. The fundamental characteristics of dependability include availability, reliability, maintainability, safety, and security. Important steps to maintaining dependability include fault tolerance, fault forecasting, fault avoidance, fault detection, problem removal, maintainability, and safety engineering [131].

The ability of a system to perform its tasks, preventing malicious, intentional or unintentional faults on time is called survivability. The goal of survivability is to offer services both in the presence of harmful purposeful behavior and outside flaws. The attributes of survivability are dependability, availability, fault tolerance, safety, and security. The important measures taken for achieving survivability are as follows: isolation of affected areas, use of heterogeneous security technologies in network design, maintainability, redundancy, security policies, accountability, authentication, authorization, non-repudiation, and cryptographic services.

The provisions for accountability and audit are traceable and recordable. There are typical and commercial consequences for the violation of accountability. Accountability operations determine who is responsible during a security problem.

Safety criticality is a significant variation of safety, which is a crucial security requirement in CPSs. Systems that could potentially result in severe results because of the existence of some unforeseen circumstances, such as earthquake, flood, or tsunami, may cause significant physical damage, human injuries, or even fatalities.

Security risks are often calculated as the product of the impact of a particular scenario and its likelihood of occuring. This description works well for random sources of system failure, but there is debate about whether it accurately describes situations when risks are fueled by adversary behavior, like cybersecurity. Therefore risk assessment should focus more on the consequence of cyberattack not on the probability of the occurrence [123]. Due to the rapid growth in the EV and the charge points, they collectively represent a huge increased demand for electricity. This overloading might be avoided by opting for smart charging. The stability and security of the wider power system could be at risk if charge point cyber security is not properly controlled. Thus, having strong cyber security is essential. A significant number of charge points could be hacked to cause harm at different levels. local overloading of the distribution grid and a disruption that causes system balance [28]. In this context, the difficulties faced in the implementation of cyber security in the EVCI are as follows:

• •

  Implementation of a secured communication infrastructure at each and very charging station including home charging stations that charge at very low power levels.

• •

  Securing the public charging stations as they are accessible by everyone.

• •

  Proper load scheduling to prevent overloading and any other grid disturbances.

• •

  Since the EV charging stations didn’t face any major cyberattacks, many charging infrastructures are still adopting to the older versions of protocols and standards which are vulnerable to many points.

• •

  Smart grid challenges that include grid integration and other automaton systems.

• •

  Proper examination of the reliability of internal EV components [132].

The phenomenon of the weakness in a CPS that is capable of being exploited for cyber attacks is termed vulnerability. The types of equipment that are being exploited by the intruders are called vulnerable nodes. A vulnerability assessment method based on two-stage optimization is presented in [133]. The first stage is formulated from the attacker’s perspective and the second stage from the EV owner’s. In the first stage, the attacker tries to maximize the load shedding, and the EV user response is revealed in the second stage by using the detected charging stations’ behavior, a satisfactory function is introduced for showing the customer behavior to the cyber-attacks. The loss of load is the useful vulnerable index caused by cyber attacks. To evaluate the impact of cyber vulnerability, the modeling of the interaction between the cyber system and the physical grid is necessary. Anomaly in charging capacity may cause abrupt changes in the state of charge (SoC), which could lead to serious safety concerns. Statistics show that there were 124 documented EV fire accidents in China in 2020, with $23$% of the fires having a charging process origin [134]. To analyze the vulnerability of EVCSs to cyber assaults on the communication between EVCSs and electric utilities, a risk assessment methodology for large-scale EVCSs was created [135].

The attacker’s motivation presented in [133] is to change the charging prices by introducing FDIA, as there will be high prices in the off-peak periods and subsidiary prices during peak times. Intruders are able to modify the data of the system so as to modify the observability and controlability of the system.

All intruders employ consistent execution methods, such as reconnaissance, scanning, exploitation and maintaining access as shown in Fig. 4, regardless of the targeted system, whether an EVCS or IT [136, 137]. Hackers gather data about the target during the reconnaissance phase using traffic analysis tools or social engineering (SE). By inspecting the IP address, open ports, and services using each open port, the scanning phase locates system vulnerabilities. In the exploitation stage, hackers try to take control of the system by taking advantage of EVCS component weaknesses. In this stage, a variety of attacks may be launched, including jammer attacks, DoS attacks, replay attacks, MITM attacks, malware attacks, and ransomware attacks. The final phase involves hackers launching different attacks—primarily viruses, Trojan horses, and backdoors to get unrestricted access to the EVCS system [138].

The authors of [51, 139] classifies the type of possible attacks in the EV charging stations and electromobiles based on the information exchange and also the attacks that occur the vehicle sensor network [140, 141, 142] (like jamming attack, FDIA, DoS) as follows:

• •

  Eavesdropping: It is a kin to listening the communication between the control center and the charging station. It is accomplished by reading the content of the packets that have been captured from the information flow [143]. Unauthorized interception of private information related to the vehicle, including its position and payment details, through eavesdropping, can lead to privacy breaches and potential privacy attacks.

• •

  False Data Injection Attack (FDIA): This attack is perhaps considered as more dangerous than any other attacks because of its stealthier nature and it enables the attacker to disrupt the normal operation[144]. The infected or hacked charging station may communicate with the EV or control center with false information without the control center operator’s knowledge. The effects of the FDIA on the EV markets such as biased demand schedules, incorrect forecasts of demand in EVCS, and manipulating the payments for the EV Soc data owner are discussed in [145].

• •

  Modification Attack: In this type of attack, an attacker is capable of able to modify or alter the information [146] received from or sent to the EVCS, EV, cloud server. The crucial information that might be modified in the EVCI systems are battery temperature, State of Charge (SoC), charging current, departure time of EV etc.,

• •

  Denial of Service (DoS): An attacker floods the control center with lot of messages to prevent it from gathering data from the sensors. The main intention of this attack is to prevent the user from accessing a resource. For instance, a sensor or user command is unable to enter the control room, when the number of sources launches an attack [147].

• •

  Replay Attack (RA): These are the type of data integrity attacks that are implemented by performing a prior disclosure attack for collecting sequences of data from the compromising sources and thus it replays the collected data till the end of the attack[148].

• •

  Spoofing Attack: It is the impersonation of someone or something in order to access private data including account details, passwords, usernames, and more. Sometimes the spoofing attack may consider accessing the data related to a power supply [149, 150] like the voltage, current, power, charge status, and SoC, etc.,

• •

  Man-in-the-middle Attack (MITM): This type of attack is deployed in the device that secretly modifies or alters the information communicated between the two devices while they are connected. These attacks specifically target the data transmission occurring between two endpoints in a single network or between different networks [151].

• •

  Jamming Attack: The jamming attack may be conducted in order to prevent authorized sensors from connecting with the control center, as well as to stop the EV car from sending these data to the server (speed, temperature, gear location data, cruise control setting, and battery status). Additionally, the driver won’t be able to assess the state of the EV [152].

• •

  Blackhole Attack: To intercept the transmitted packets, the attacker endeavors to persuade the sender (i.e., the vehicle sender) that it lies along the most expedient route. As a result, the attacker decides not to broadcast the message and dump it. Even with appropriate buffer storage, generally, the blackhole attackers discard all communications received [139].

• •

  Grayhole Attack: It is also known as selective forwarding attacks [139], it is similar to blackhole attacks but more severe than it is, in the view of selective dropping of messages. The behavior of the attacker is the same in both attacks. For instance, an affected node might opt to forward all messages except for those requesting energy consumption predictions or alerts about traffic safety. The attacker tends to revoke the legitimate link between the vehicles.

• •

  Wormhole Attack : The intention of the attacker is to nullify the legitimate communication links. The affected entities at different geographical locations may collude in order to transfer the unauthorized data. Accordingly, any exchange of data between two legitimate sources will be passed through the attacker. The different attackers in the network are coordinated, thus exchanging information among them in order to reintroduce these messages in the network (for creating network congestion).

• •

  Time Delay Switching Attacks (TDSA): Adversaries prompt the TDSA attacks by introducing the latency in the sensors and control loops. In the EVCI the delay in sensors may result in the loss of dynamic stability [148]. A grid-connected EVCI network as a part of smart grids with TDSA is typically depicted as a combined system by the action of a switch that includes the phrase “Off/Delay-by-$\tau$”, where $\tau$ indicates the random delay period that is indicated by the control signals or measuring condition. Consequently, introducing temporal delays into different dynamic system modes may stimulate instability in the electrical grid [153].

• •

  Password Handling: Password handling attacks may occur when the exchange of passwords took place in an unencrypted format. By using the access that the intruders gained, they are able to log-in without authorization and change configuration of DERS operation [154].

Delay-tolerant networks are generally vulnerable to attacks like blackhole and greyhole [155]. Even they have ample buffer storage, blackhole attackers discard all communications they receive. To avoid rising suspicion and being discovered by other nodes, greyhole attackers discard a portion of the communications they receive. As a result of the dropping bad behavior, fewer messages will be delivered overall, and the intermediate nodes that have transported and forwarded the dropped messages would have wasted their resources.

Since the EVCI has the ability to be modeled as a CPS, different cyber attacks may occur at different layers. Depending upon the layers of the network the attacks are segregated as follows:

• •

  Attacks on Cyber Layer - These consists of attacks that occur in different areas of the cyber layer such as on cloud server, privacy attacks, communication lines, identity theft attacks, spoofing, etc., Although these attacks target the physical components, the impact of these attacks would be severe and affect the objectives of the cyber security (CIA).

• •

  Attacks on Physical Layer - Physical layer attacks are the attacks that affect the physical equipment of EVs, EV charging stations, storage system, and the grid. FDIAs are generally caused by changing the reference values at the various power conversion stages and the power control loops are the most common type of attacks that occur at this layer.

The voltage and frequency instability caused due the cyber attacks on the EV charging stations and also the increased load demand by varying charging prices even though the distributed generation (DG) is presented in [133]. Mohammad Ali et al. of [160] describe the EV attack impacts on the power grid operation by simulating a power injection attack that causes frequency rise and voltage violations. To analyze the effect without an EV charging station, the same simulations were performed by replacing it with a regulated generator that shows smaller deviations as compared to the former case. Another simulated attack of the switching variety was conducted, involving the manipulation of power injection and power demand parameters, resulting in a loss of system coordination.

EVs and EV charging stations are susceptible to similar attacks that may be launched against any household load, such as altering the power demand to produce line tripping and cascading failure. Numerous articles in the literature address attacks on EVs or attacks against EV users and the power grid through the EV ecosystem. The recent comprehensive insights are provided in [161], regarding the security and privacy-related challenges and threats confronting connected and autonomous vehicles. Analysis of several attack detection and prevention measures were also given. Attackers who take over the EV’s BMS through hacked web services or malware installed on the vehicle’s systems may seriously harm the vehicle itself [160]. [162] deals with the attacks in EVs that involve the tampering of battery safety. The authors also examine the potential use of formal verification techniques to strengthen the security of future Ethernet/IP-based vehicle designs. The EVCI consists of numerous vulnerable components that are susceptible to different types of attacks and threats. Dajun et al. classify the cyberattacks as multi-layer, multi-type and multi-point depending upon the device or group of devices it is attacked [127].

In [156], dynamic optimization of the privacy budget and utility is employed to circumvent the necessity for human interventions, such as domain knowledge experts. Empirical findings validate that the privacy provisioning achieves an accuracy level of approximately 95%.

A probabilistic bayes theorem based anomaly detection method is used in [157], but the proposed methodology is used for post attack event based analysis rather than for attack detection and the investigation reveals that due to tampering of the PCC (point of common coupling) breaker and making it trip falsely resulting in the BMS displaying the inaccurate charging and discharging schedule that are leading to anomalous status.

An intelligence driven computer network defense method was introduced where the attacker employs several attack strategies and steps to achieve their objectives. For a thorough examination of such an advanced persistent threat, these techniques are mapped with the seven steps of the cyber kill chain, which are reconnaissance, weaponization, delivery, exploitation, installation, command and control, and action on objectives [163].

The term anomaly refers to the outliers or the abnormal behaviors from the regular patterns that occur due to the cyber attacks and finding trends and outliers that point to unexpected or abnormal behaviors is known as anomaly detection. It is a technique for finding online invasions that necessitate data analysis and event correlation [165]. A hidden Markov model (HMM) based anomaly detection method for EV charging is proposed in [166] by using the STRIDE (spoofing, tampering, repudiation, information disclosure, DoS, elevation of privelage) model for designing the vulnerability assessment, threat modeling, and risk analysis. The presented model incorporates the Viterbi algorithm, in addition to HMMs, to enhance its capabilities in identifying anomalies and uncertainties resulting from attacks. This augmentation significantly improves the model’s capacity for detecting potential threats. Nevertheless, the model leverages a partially observable Monte Carlo planning (POMCP) algorithm to account for the possibility that highly skilled and trained attackers may not follow the most apparent attack paths. During performance evaluation, the proposed algorithm demonstrated a false positive rate of 0.013% and a false negative rate of 0.016%. Furthermore, the method exhibits proficiency in detecting attacks, managing coordinated attack scenarios, making attack predictions, and executing active mitigation measures as necessary.

Jeong et al. of [167], were one of the first in the mathematical formulation of attack strategies aimed at disrupting EV charging systems (EVCS) by tampering with EV user data, resulting in EMS malfunctions. They devised an MITM attack, employing a bi-level optimization approach. This method involves the stealthy injection of malicious data into the system, inducing EMS malfunction and consequently elevating the overall cost incurred by the EVCS through manipulation of the EV charging schedule.

The integration of IoT devices within EVs, EVCS, and the utility grid heightens their susceptibility to cyberattacks. Such attacks, primarily aimed at supervisory control and data acquisition (SCADA) systems, have been identified through the utilization of machine learning classifiers, including JRipper and Adaboost algorithms [168]. However, this method exhibits certain limitations, notably a high false positive rate and computational complexities within the classifiers. Furthermore, an investigation an attack targeting the spoofing the address resolution protocol [169] targeting the SCADA systems did not yield an effective detection technique as reported by authors.

A back propagation neural network (BPNN) based detection method is proposed to identify the public EVSE incompatible demands in public EVSEs, aiming to perform switching attacks [170]. This model uses two areas with a substantial number of geographically distributed EV charging stations, both public and private. It is believed that the attacker creates an attack by directing the EVs resulting in the EVSE, to switch quickly between the charging and discharging stages in order to cause oscillations between the two areas. Such adversarial attempts are detected by using a BPNN at the CMS/CSMS of the public EVSE. The model consists of the ReLU activation function in the hidden layers to avoid the vanishing gradient and the softmax function in the output layer for generation of the binary outputs, 1 indicating the attack is caused and 0 for the no attack has occurred. Since none of the neural network models are 100% accurate, this BPNN model mainly focuses on data of charging stations to detect the attack and the low probability of attacks may be overlooked, a specifically-tailored H^∞ wide area damping controller has been added to the neural network (NN) model to make sure that after a successful switching attack, inter-area oscillations are present. The design of this wide area controller is predicated on an optimization strategy, which serves as a mitigation approach to mitigate inter-area oscillations within the power grid resulting from successfully executed attacks. In this framework, the BPNN functions as a filter rather than immediately responding to the suspicious commands, introducing random delays in the execution to disrupt the attacker’s coordination. Despite the BPNN’s strong accuracy, it is essential to acknowledge the non-negligible probabilities of false positives and false negatives. These probabilities encompass the misclassification of a valid request as malicious (false positive) and the incorrect categorization of a malicious request as valid (false negative). The metrics employed for performance assessment include the percentage of errors, the percentage of false positives, and the percentage of false negatives.

Many researchers conclude that most of the anomaly detection systems don’t fit for the anomalous data as they fit for the normal data due to over-fitting [171]. To overcome the problem of insufficient anomaly data, an augmentation based anomaly detection for charging piles is presented in [172]. This proposed methodology uses generative adversarial networks (GAN)- random forest (RF) where the GAN networks are used to expand the anomalous data (anomalous data enhancement network) and the RF is used for the single classification of the data (anomalous data classification network). The analysis indicates that the data with the same charging and connection time are termed normal data, whereas the same with different times are termed anomalous data. The accuracy of this method needs to be improved further.

Kaymakci et al. of [173] proposed a method for anomaly detection in energy for industrial applications. The method uses LSTM-AE (long short term memory- auto encoder) for anomaly detection. However, this article suffers from the non-holistic approach and doesn’t consider the information about anomalies.

A statistical approach method was introduced in [174] to determine the intrusion for the multivariate time series data. This method follows the assumption that the data follows the normal distribution. $T^{2}$-test is used in this method to detect the intrusions in data. The output of $T^{2}$-test is compared with the standard F-distribution table, and the performance analysis is also compared with the $X^{2}$-test. An intelligent anomaly detection scheme is introduced in [175] that predicts the energy data as an indication for future failures. After observing these detections, an expert, such as an operator, provides feedback that is used to improve the outlier filtering process for further anomaly detection. Due to the adoption of efficient human feedback analysis, the performance of outlier detection is improved.

A comprehensive examination of various deep anomaly detection techniques applied to the charging data with an emphasis on deep learning is presented in [164]. This paper doesn’t consider the supervised anomaly detection methods, due to their sub-optimal performance, primarily stemming from issues related to data imbalance within the anomaly dataset. Fig. 6 depicts the classification of this framework. Due to the difficulties in acquiring anomalous data, the imbalance created in the data labeled training sets for anomalous datasets is not always readily available in many applications. Because of this, machine learning typically establishes a scoring function to assess the level of anomalies in the data and ranks the data in the scoring function from the highest to the lowest anomaly scores, with high anomaly scores being indicative of anomalous data. When compared to the unsupervised deep anomaly detection model, the semi-supervised deep anomaly detection model, which also makes use of labeled data from one category, performs significantly better. The secret of semi-supervised deep anomaly detection is to maximize the usage of a large number of heterogeneous unlabeled data to enhance the training model’s detection performance on computationally massive unknown datasets. Table VIII shows the different anomaly detection methods based on deep learning.

The load demand forecasting is the most important task in the EV charging stations to predict the number of incoming and outgoing EVs for a given duration of time. The authors Cui et al. of [178] divided the load forecasting attacks into five categories pulse, scaling, ramping, random and smooth-curve attacks.

A comparison for the physics based and ResNet (Residual Networks) auto encoder based anomaly detection was done in [186], and the results conclude that the ResNet based auto encoding method shows a high accuracy of 96.82%. A novel multi head based anomaly detection method was proposed to cast out the complex and heavy NN structure [180], and the results show that the proposed model has the highest accuracy (99.86%) and F scores. This method overrides the manual feature extraction for multi dimensional data and also because the feature extraction mostly relies on matrix dot multiplication, The operation will be accomplished by using computational resources like graphical processing units (GPU) to accelerate it.

To overcome the problem of limited abnormal data, Luo et al. proposed imbalanced triangle synthetic data (ITSD) based on synthetic minority over-sampling technique (SMOTE) that brings a balanced effect on normal and abnormal data and this technique has the capability of merging with different machine learning algorithms for anomaly prediction. Zhao et al. introduced an intrusion detection method using a combination of deep belief network (DBN) and probabilistic neural network (PNN) [185]. The use of DBN, with its capacity for nonlinear learning, has yielded superior performance when compared to the conventional PNN approach. The determination of the hidden layer’s node count is accomplished through the utilization of the particle swarm optimization (PSO) method.

A framework for smart connected automobiles that supports automated secure continuous cloud service availability, enables an IDS against security threats, and offers services that satisfy user quality of service (QoS) and quality of experience (QoE) needs. Smart vehicles are grouped into service-specific clusters to achieve continuous service availability. To facilitate communication between service requesters and suppliers, trustworthy third-party (TTPs) entities are chosen as the cluster leaders. Additionally, a three-phase data traffic analysis, reduction, and classification technique is employed to identify the positive trusted service requests against fraudulent ones, that might occur during intrusion attacks to achieve intrusion detection. For data reduction and classification, the system uses DNN and decision tree machine learning algorithms, respectively. Simulations serve as a validation mechanism for the proposed framework, demonstrating its effectiveness in the context of intrusion attack detection. The suggested solution exhibits notable performance metrics, with a 99.43% overall accuracy, a false positive rate of 0.96%, a false negative rate of 1.53%, and a detection rate of 99.92%.

During the past few decades, the evolution of automotive systems from electromechanical to digital electronic and software dependent systems has changed the dynamics of the EV industry. The article in the literature [127], divides the defense strategies of CPPS into two categories: passive defense strategies, which focus on swiftly isolating the attack affected regions, and taking the necessary countermeasures to ensure the normal operation of the CPPS. The active defense strategies are the ones which aim to completely eliminate the likelihood of any successful attacks. Numerous corresponding protection strategies have been created in order to further increase the security of CPPS and lessen the possibility of cyberattacks.

The abnormality in the battery charging capacity may also be caused due to these cyber attacks. Various types of anomaly diagnosis methods are available, that are approximately classified as knowledge-based, model-based, and data-driven methods [134]. For knowledge based methods, a method is proposed where the design of fault diagnosis rules is done by using the prior expert and then applied to several battery parameters that are easily measured. The diagnosis of the EVs of the same model is done by the same rules [187]. The model based methods use the physics based models representing the electrochemical or thermal models. The overall defense strategies are divided up into two areas in this article: prevention and mitigation strategies.