Cyber-resilient electric mobility: AI shields EV charging stations from cyber-attacks

A new study warns that as nations race toward vehicle electrification, cyber risks within the charging ecosystem could undermine the reliability and safety of the electric grid itself. In response, researchers from Ricerca sul Sistema Energetico (RSE) in Milan have designed an artificial intelligence–powered platform capable of identifying and mitigating cyber-attacks on EV charging networks in real time.

The study, titled “Enhancing the Detection of Cyber-Attacks to EV Charging Infrastructures Through AI Technologies,” published in Electronics, introduces a modular cybersecurity framework that integrates AI-based anomaly detection with traditional network monitoring tools. The system demonstrated exceptionally high accuracy, 97.1% in detecting attacks and 98.6% recall rates, when tested on real EV charging data, representing a significant step toward protecting smart energy infrastructures from digital threats.

A growing digital vulnerability in the electrification era

The electrification of transport is transforming not only how vehicles operate but how energy systems are managed. Modern EV charging infrastructures rely heavily on communication networks and cloud-based management platforms that connect vehicles, charging stations, energy distributors, and user applications. While this connectivity improves efficiency, it also creates multiple attack vectors that hackers can exploit.

These infrastructures are now part of a broader smart grid ecosystem, where disruptions can cascade from one component to another. A single denial-of-service (DoS) attack on a public charging hub could halt transactions, distort demand management, or in extreme cases, destabilize local grid operations. The authors highlight that traditional cybersecurity measures, such as rule-based firewalls and signature detection, cannot keep pace with the adaptive, stealthy nature of modern cyber threats targeting critical infrastructure.

To bridge this gap, the researchers developed a multi-layered, AI-enhanced defense system. The platform combines real-time data collection tools like Tshark, Nozomi Guardian, SNMP/Syslog monitoring, and the Elastic Logstash Kibana (ELK) Stack with deep learning analytics. The core intelligence lies in a Long Short-Term Memory (LSTM) Autoencoder, a neural network architecture designed to recognize abnormal network behavior by learning temporal patterns across multivariate time-series data.

Inside the AI framework: How real-time detection works

The system features an AI model trained to detect deviations from normal operational patterns in EV charging networks. By continuously analyzing communication data, power flows, and control commands, the LSTM Autoencoder identifies anomalies that may signal cyber intrusions or operational malfunctions.

The AI model was tested using data gathered from a real-world EV charging facility, allowing the researchers to validate its performance against authentic scenarios. The dataset included simulated cyber-attacks such as DoS intrusions, communication interruptions, and malicious disconnections of charging stations. The results showed that the AI-driven approach could successfully differentiate between ordinary fluctuations in network activity and indicators of an attack with near-perfect sensitivity.

What distinguishes this framework from existing cybersecurity methods is its adaptive learning capability. Unlike static rule-based systems, the AI model continually refines its understanding of normal operations, improving over time as it encounters new behavioral patterns. This ability is particularly valuable in EV charging environments, where usage dynamics vary by geography, user behavior, and time of day.

However, the authors note that precision remains a key challenge. While recall rates were high, meaning the system rarely missed actual attacks, its precision of 52% indicates a need for refinement to reduce false positives. Such alerts, though preferable to undetected threats, can lead to unnecessary system interventions or alert fatigue among operators.

Despite this limitation, the framework’s modular architecture allows for seamless integration of new algorithms and data streams, positioning it as a scalable solution for future smart grid cybersecurity.

AI and energy infrastructure: From detection to defense

As EV charging infrastructures expand across public, private, and commercial domains, maintaining their operational integrity has become a national and industrial priority.

The researchers emphasize that cyberattacks on EV charging networks are not hypothetical. Incidents in recent years have demonstrated how attackers can manipulate network traffic, disrupt authentication systems, or even alter charging station firmware to gain control over connected assets. Such vulnerabilities highlight the need for proactive detection and intelligent response mechanisms.

The new AI-driven system answers this demand by merging real-time monitoring with autonomous analytical capabilities. Its design allows operators to visualize ongoing network conditions through the ELK dashboard, detect early signs of intrusion, and isolate affected components before widespread damage occurs. This combination of visibility and automation transforms cybersecurity from a reactive process into a predictive defense model.

The study also underscores the collaborative nature of this advancement. Conducted within the framework of Italy’s 2025–2027 Three-Year Research Plan, the project was funded by the Research Fund for the Italian Electrical System and supported by Nozomi Networks, a cybersecurity firm specializing in industrial control systems. This partnership between research institutions and private technology providers reflects a growing trend in Europe toward cross-sector alliances aimed at strengthening critical digital infrastructure.

Moreover, the paper situates its contribution within the global conversation on AI for energy resilience. As governments and utilities integrate AI into power system operations, the intersection of cybersecurity and artificial intelligence is emerging as a cornerstone of sustainable electrification strategies. The authors argue that EV charging networks represent both a challenge and an opportunity, a testing ground where intelligent systems can learn to safeguard the future grid.

Toward smarter, safer, and more resilient EV ecosystems

 According to the study, the proposed AI framework not only enhances detection capabilities but also reduces response times, enabling operators to intervene within seconds of an anomaly’s appearance. Such responsiveness could prove critical as EV adoption continues to surge and infrastructures become more decentralized.

The research further suggests that expanding this system’s deployment could serve as a blueprint for broader smart energy networks, including renewable power integration and grid-edge management. Since many of the vulnerabilities identified in EV charging systems, like unsecured protocols and data inconsistencies, mirror those in other industrial IoT environments, the AI architecture can be adapted to diverse contexts.

Still, challenges remain. The authors highlight the need for further work on improving model precision, extending protocol compatibility, and testing resilience against advanced attack types, such as data injection, ransomware, and man-in-the-middle exploits. Addressing these issues will be key to achieving fully autonomous cybersecurity systems capable of self-adapting across dynamic energy ecosystems.

In addition, future iterations could incorporate federated learning or edge-based AI to minimize data transfer and enhance privacy, an increasingly relevant factor as regulatory frameworks tighten around critical infrastructure protection.