Market-Analysis-Driven Methodology for Assessing Charging Station Cybersecurity

TL;DR

This paper introduces a scalable methodology using market analysis and extrapolation to assess the cybersecurity of electric vehicle charging stations at a national level, demonstrated on Germany's extensive CCS network.

Contribution

The paper presents a novel market-analysis-driven approach for efficiently evaluating charging station cybersecurity support across large networks.

Findings

Only 27.4% of stations support TLS encryption.

The methodology covers 51.9% of German CCS stations with limited field tests.

Extrapolation reveals significant gaps in cybersecurity support.

Abstract

Modern charging communication standards for electric vehicles include optional security controls such as TLS-based authentication and encryption. However, with tens of thousands of fast charging points deployed in any given country, individually testing each one for security control support is infeasible. This paper proposes a scalable, extrapolation-based methodology for assessing charging station cybersecurity at a national level. A market analysis identifies operator-manufacturer pairs, enabling the targeted selection of charging stations for field testing, whose results can then be extrapolated to all stations sharing the same combination. We demonstrate this methodology for Germany, covering over 40000 CCS charging points as of December 2025. With a manageable number of field tests, our extrapolated data examines 51.9\% of german CCS charging stations. It shows that only 27.4\% of charging stations in our scope provide TLS-protected communication, despite widespread theoretical support.