Digital Twin-Driven Cybersecurity for 5G/6G-Enabled Electric Vehicle Charging Infrastructure: A Review

Abstract

The increasing adoption of electric vehicles (EVs) and the integration of 5G/6G networks are driving the demand for secure, intelligent, and interoperable charging infrastructure within the Internet of Vehicles (IoV) ecosystem. Electric Vehicle Charging Stations (EVCS) face growing cyber–physical threats, including spoofing, data injection, and firmware tampering, risking user privacy, grid stability, and EVCS reliability. While artificial intelligence (AI), blockchain, and cryptography have been applied in cybersecurity, comprehensive solutions tailored to EVCS challenges, such as real-time threat mitigation and scalability, are often lacking. This paper addresses these critical cybersecurity gaps by presenting a comprehensive overview of novel strategies for enhancing EVCS security through the Internet of Digital Twins (IoDT) technology. The primary objective is to evaluate advanced frameworks that synergize digital twins with artificial intelligence, blockchain, and quantum-resistant cryptography. Through systematic literature analysis, global threat assessments, and review of international standards, this study identifies key attack vectors and their impacts on EVCS. Key findings demonstrate that digital twin-driven solutions facilitate real-time monitoring, anomaly detection, predictive threat mitigation, and secure system governance. This review offers actionable insights for researchers, industry stakeholders, and policymakers to strengthen the cybersecurity and resilience of next-generation electric mobility infrastructure, addressing challenges like scalability and implementation barriers.

1. Introduction

The increasing global emphasis on sustainable and low-carbon transportation systems has significantly amplified the focus on electric vehicles (EVs), a phenomenon that is swiftly altering the dynamics of mobility and energy sectors [1]. This transition is driven by pressing environmental needs, including the reduction in greenhouse gas emissions, the improvement of urban air quality, and the decreased reliance on fossil fuels [2]. EVs, when powered by renewable energy sources, offer a promising avenue for achieving net-zero emissions within the transportation sector [3]. However, as the adoption of EVs continues to rise, there is an essential requirement for a scalable, reliable, and intelligent charging infrastructure to accommodate the needs of millions of vehicles effectively.

This infrastructure must not only ensure the efficient delivery of energy but also protect the integrity, confidentiality, and availability of its services amidst the growing challenges posed by cybersecurity threats. Modern electric vehicle charging stations (EVCS) have transcended their previous status as isolated hardware units, evolving into advanced cyber–physical systems that function within the expansive Internet of Vehicles (IoV) framework [4]. These systems utilize bidirectional energy flow, including vehicle-to-grid (V2G) technology, cloud-based analytics, and advanced wireless communication technologies such as 5G and emerging 6G networks, to facilitate real-time interaction with grid operators, EV owners, and third-party service providers [5,6]. Although these technological advancements significantly enhance the functionality, interoperability, and user experience of EVCS, they concurrently render the infrastructure susceptible to intricate and potentially severe cyber–physical vulnerabilities.

There is an increasing body of evidence indicating the heightened vulnerability of EVCS to malicious cyber activities [7]. Attacks such as spoofing [8], false data injection [9], man-in-the-middle (MitM) [10], ransomware [11], denial-of-service (DoS) [12], and firmware tampering [13] have demonstrated the capacity to compromise charging session integrity, mislead grid operators, extract sensitive consumer data, and even destabilize local energy distribution networks [14,15]. The integration of EVs into the power grid via V2G considerably broadens the potential attack surface, which can compromise charging session integrity, mislead grid operators, extract sensitive consumer data, or destabilize local energy networks [16].

In 5G/6G environments, the inherent risks are intensified by features such as ultra-low latency, high device density, and distributed edge computing. These characteristics necessitate the development and deployment of advanced and adaptive security mechanisms to effectively address the associated challenges [17]. In the face of these emerging challenges, Digital Twin (DT) technology has emerged as a transformative concept with the potential to redefine cybersecurity approaches within cyber–physical infrastructures such as EVCS. A DT is a high-fidelity, real-time virtual model of a physical system that maintains synchronization with its physical counterpart through continuous data exchange, as illustrated in Figure 1 [18].

Figure 1. Schematic model of an EV charging station digital twins.

Originally developed for applications in aerospace and manufacturing, DTs are now being reconceptualized for the protection of critical infrastructure. Recent studies show DTs’ real-world impact on securing EVCS. Coppolino et al. [19] used FIWARE and Security Information and Event Management (SIEM) tools in Kropa, Slovenia, to monitor a smart grid with EVCS, catching data tampering in real-time charging sessions, while authors in [20] applied deep reinforcement learning to correct compromised EVCS control signals instantly. Similarly, Galkin et al. [21] simulated Open Charge Point Protocol (OCPP)-based systems for virtual commissioning, spotting protocol vulnerabilities before deployment. These applications highlight DTs’ ability to enhance monitoring, detect anomalies, and test security measures in controlled environments. By facilitating continuous monitoring, anomaly detection, failure prediction, and control optimization, DTs can function as intelligent sentinels, actively safeguarding EVCS against both established and emerging threats [22,23].

When integrated into EVCS and enhanced with Artificial Intelligence (AI), blockchain-based integrity assurance, and quantum-resistant cryptography, DTs facilitate an unparalleled degree of situational awareness and operational resilience [24]. For instance, conducting real-time analyses of anticipated versus actual system behaviors can identify anomalies that may signal zero-day attacks. Additionally, DTs can serve as experimental platforms for simulating attack scenarios and validating incident response strategies without jeopardizing the physical infrastructure [25]. Despite the conceptual promise and early pilot implementations, the deployment of DTs in EVCS cybersecurity remains fragmented and underexplored. Existing research tends to focus on isolated domains such as cryptographic enhancements [26], intrusion detection systems [27], or communication protocol hardening without integrating these into a comprehensive, system-wide framework supported by DTs.

A significant gap persists in the literature regarding the intersection of DTs with established standards such as ISO 15118 [28] and OCPP 2.0.1 [29], as well as with the regulatory frameworks and technological ecosystems that govern EV charging infrastructure. Few studies have systematically examined how these elements can jointly strengthen EVCS security against both current and emerging cyber threats. This review addresses that gap by providing a comprehensive, multidisciplinary synthesis of DTs in EVCS cybersecurity. Whereas earlier studies have tended to isolate specific technologies or focus on narrow vulnerabilities, this work integrates technical, policy, ethical, and economic perspectives into a unified analysis of system resilience.

Unlike Aljohani and Almutairi [14], whose 2024 survey examined protocol vulnerabilities without establishing linkages to DT synthesis or 5G/6G threat modeling, and unlike Qureshi et al. [26], and Mun et al. [30], whose 2025 reviews addressed DTs in manufacturing and other critical infrastructure settings without incorporating EVCS-specific integration or cyber–physical risk considerations, this framework adopts a holistic approach. It presents a structured DT architecture, validates it through real-world pilot studies [31], and aligns it with pertinent international standards. The review’s distinctive contributions include systematic mapping of 5G/6G-driven cyber–physical risks in EVCS environments; a comprehensive evaluation of DT applications for real-time monitoring and attack simulation; and synthesis of actionable recommendations for scalable, standards-compliant DT frameworks that address persistent gaps in interoperability, data protection, and cost-effectiveness.

In summary, this review makes the following three major contributions:

• Examines EVCS, emphasizing the advantages of 5G/6G connectivity while identifying new cyber–physical attack risks across control, communication, and power interfaces.
• Outlines DTs’ applications for EVCS cybersecurity, covering real-time monitoring, anomaly detection, attack simulation, and predictive response, using AI, blockchain, and cryptography, and reviews case studies validating these approaches.
• Evaluates cybersecurity standards (ISO 15118-20, OCPP 2.0.1, NIST IR 8356) for DTs’ deployment, highlighting gaps in interoperability, data protection, and cost-effectiveness, and suggests research priorities for scalable, resilient DT frameworks.

To provide readers with a clear overview of the paper’s structure and facilitate navigation through the complex topics covered, a roadmap figure is presented in Figure 2, illustrating the flow of information from EVCS architecture and vulnerabilities through DT fundamentals, implementation strategies, standards compliance, and future research directions.

Figure 2. Research roadmap and organizational structure of the review paper.

The review paper is organized to offer a thorough evaluation of Digital Twins (DTs) in augmenting the cybersecurity of Electric Vehicle Charging Stations (EVCS). It commences with an analysis of EVCS architecture and its cyber vulnerabilities, detailing components such as EVs, Charging Station Management Systems (CSMS), and grid interfaces, while emphasizing the advantages of 5G/6G technologies and the associated cybersecurity risks in both physical and communication layers. This is followed by an introduction to the foundational aspects of DTs for EVCS security, encompassing their structure, underlying technologies, and their role in replicating EVCS operations, alongside methodologies for real-time cybersecurity anomaly detection and attack simulation. The paper then investigates practical use cases and simulation tools for DT implementation, concentrating on applications such as monitoring, threat detection, firmware validation, and automated response, as well as simulation platforms for testing security in EVCS deployments.

Subsequently, it addresses standards, privacy, and deployment considerations, discussing policies, data privacy, encryption, regulatory compliance, and economic factors such as cost, integration, and interoperability that influence DT deployment. The paper also identifies research gaps and future directions, highlighting limitations in scaling and securing DTs for EVCS and advocating for further exploration into twin coordination with Vehicle-to-Grid (V2G) systems, real-time threat intelligence, and standardized frameworks. Finally, it concludes by summarizing the benefits of DTs for EVCS cybersecurity and providing practical recommendations for researchers, operators, and policymakers to ensure safe and scalable adoption.

Methodology

This review employs a systematic methodology to evaluate digital twin applications in EVCS cybersecurity within 5G/6G ecosystems. A three-phase approach was used:

• Literature acquisition from Web of science, IEEE Xplore, Elsevier, and SpringerLink (2020–2025), yielding 284 relevant studies from 772 records.
• Content analysis using a matrix framework to assess technological focus, EVCS layers, and cybersecurity functionalities.
• Thematic synthesis to identify gaps and propose a digital twin framework. Search terms included “digital twin,” “EVCS cybersecurity,” and “5G/6G”.

Inclusion criteria prioritized peer-reviewed studies with technical depth, simulations, or regulatory insights. This entire process is summarized in a flow diagram in Figure 3 below.

Figure 3. Literature retrieval process.

2. EV Charging Infrastructure and Threat Landscape in 5G/6G Environments

Modern EV charging ecosystems comprise four critical components: EVs, EVCS, Charging Station Management Systems (CSMS), and Grid Interfaces, each contributing to an interconnected and potentially vulnerable infrastructure, as shown in Figure 4 [32].

Figure 4. Diagram showing how EV, EVCS, CSMS, and grid connections work together.

Electric Vehicles serve as highly sophisticated nodes with embedded subsystems such as Battery Management Systems (BMS), Telematics Control Units (TCUs), Infotainment Modules, and Over-the-Air (OTA) update capabilities [33,34]. These subsystems are integral to managing energy, ensuring connectivity, and facilitating user interaction. Nonetheless, they also introduce a range of cyber risks [35]. BMS units, for example, utilize proprietary algorithms to optimize the process of charging and discharging. However, these systems may be vulnerable to exploitation if adequate authentication protocols are not implemented [32].

Similarly, TCUs and infotainment systems establish continuous communication pathways with external networks, thereby heightening susceptibility to spoofing, data injection, and unauthorized access [34]. Moreover, the integration of V2G systems supports the bidirectional flow of electricity, which requires stringent encryption and authentication protocols to protect against potential grid tampering [32,36].

EVCS have transitioned from merely serving as passive power dispensers to becoming sophisticated edge computing platforms. These platforms are now equipped with features such as contactless payment systems, dynamic load balancing, and cryptographic authentication [37]. Nevertheless, the enhancement of their computational and communication abilities broadens the cyber–physical attack surface. Vulnerabilities in Plug and Charge (PnC) implementations, particularly those conforming to ISO 15118, have been observed due to inconsistent cryptographic enforcement across vendors [38,39]. Ultra-fast charging stations with integrated cooling systems and local energy storage further complicate the threat profile by incorporating additional sensors and control logic that require protection [40]. CSMS platforms function as orchestration layers that manage authentication, billing, diagnostics, and energy optimization across a distributed network of EVCS [41]. The implementation of a hybrid cloud-edge architecture within CSMS operations raises concerns regarding data synchronization, Application Programming Interface (API) integrity, and role-based access control [42].

Furthermore, the integration with fleet management systems and third-party applications through open APIs heightens the risk of data breaches and subsequent service disruptions in the event of a security breach [43]. Grid interface components, including smart transformers, advanced metering infrastructure (AMI), and virtual power plant (VPP) systems, enable bidirectional data and power flows between the grid and charging infrastructure [44]. These components utilize real-time data analytics and communication protocols to optimize grid load management and implement demand response operations. Nevertheless, their digital interfaces render them susceptible to cyber threats, which, if exploited, could result in grid instability, energy theft, or extensive service disruptions. The integration of 5G and emerging 6G networks into EV charging infrastructure facilitates enhanced connectivity, increased bandwidth, and advanced computational intelligence. The concept of network slicing within 5G/6G technology allows for the logical separation of services, providing dedicated bandwidth and customized security policies [45].

This approach enables the prioritization of essential services, such as authentication and energy management, while effectively segregating them from general-purpose traffic [46]. Despite advancements, the implementation of slice-specific security protocols remains inconsistent among operators, thereby increasing the risk of cross-slice attacks. Multi-access Edge Computing (MEC) enhances the responsiveness and resilience of EVCS by relocating computation and analytics closer to the source of data generation [47]. This approach mitigates latency and ensures operational continuity during instances of cloud disconnection. Nevertheless, the distributed architecture of MEC introduces novel trust boundaries, thereby necessitating advanced strategies for hardware protection, anomaly detection, and decentralized identity verification.

In densely populated urban environments, the scalability of MEC must be judiciously balanced with resource constraints that may limit security monitoring capabilities. The advent of 6G technologies, including Terahertz (THz) communication, integrated sensing, and centimeter-level positioning, is expected to further augment the precision and intelligence of EV charging operations [46]. These technologies support applications ranging from immersive maintenance interfaces to real-time tamper detection.

However, they also introduce novel attack vectors, particularly at the physical layer, which will require new forms of lightweight cryptographic protection and adaptive security frameworks. The cyber–physical interface of EV charging infrastructure encompasses multiple communication layers and protocols. At the physical and transport layers, Controller Area Network (CAN) buses [14,48] and Automotive Ethernet [49] are commonly used to transmit data within vehicles and between EVs and charging stations.

This supports real-time control, diagnostics, and power management functions. These protocols, while efficient, often lack robust security features such as encryption and mutual authentication, making them susceptible to spoofing, injection, and side-channel attacks. Middleware and application layer protocols such as Message Queuing Telemetry Transport (MQTT), Advanced Message Queuing Protocol (AMQP), and Constrained Application Protocol (CoAP) enable structured messaging and efficient data exchange between charging system components and external platforms [50,51]. Protocols like Open Charge Point Protocol (OCPP) [52] and ISO 15118 standardize the communication between EVCS and CSMS, offering features such as Transport Layer Security (TLS) encryption and certificate-based authentication [53,54,55]. However, real-world deployments frequently suffer from implementation flaws such as certificate mismanagement and fallback to insecure versions, undermining their theoretical security guarantees.

In grid integration, protocols such as Open Automated Demand Response (OpenADR), IEC 61850, and IEEE 2030.5 enable energy-aware control of EVCS based on real-time grid conditions [56,57]. These standards support demand-side management, frequency regulation, and distributed energy resource coordination, but introduce complexity in parsing and execution, particularly on constrained edge devices. The interoperability of these protocols, while essential for seamless system operation, introduces attack surfaces if authentication and authorization procedures are inconsistently enforced across platforms [41,58,59]. The infrastructure for EV charging is susceptible to a diverse array of threat vectors encompassing software, hardware, and human interfaces. DoS attacks [60] can render chargers inoperable, potentially paralyzing fleets or critical infrastructure. MitM attacks [39] target communication sessions to intercept or manipulate sensitive data, particularly in protocols lacking mutual TLS enforcement. Firmware manipulation, which includes actions such as false data injection, backdoor insertion, and update interception, poses a substantial risk of enduring compromise.

This threat is particularly acute in devices that do not incorporate secure boot protocols and integrity verification measures [15]. User-facing components such as mobile applications, payment interfaces, and public display terminals are frequently targeted through social engineering and phishing campaigns [5,34]. Poor input validation and session handling in these systems can lead to data breaches and financial fraud [48]. At the physical layer, cable tampering, connector spoofing, and device substitution can bypass digital protection if hardware integrity checks are absent or ineffective [14]. As illustrated in Figure 5, the EVCS threat landscape encompasses diverse vectors that extend across cyber, physical, and communication domains, with prevalent examples including spoofing, DoS, and firmware manipulation. Mapping these attack pathways to specific system components such as the EV, central system management server, grid interface, and communication protocols provides a structured basis for evaluating severity and likelihood, thereby enabling the prioritization of countermeasures within a layered defense strategy.

Figure 5. EVCS threat map.

Table 1, Table 2, Table 3 and Table 4 synthesize key studies on cyberattacks and countermeasures in EV charging infrastructure, highlighting authors, methodologies, and findings across distinct threat domains. Table 1 presents solutions for authentication and privacy, tackling unauthorized access and man-in-the-middle attacks through techniques like blockchain, biometric authentication, and lightweight cryptography. These studies explore secure key establishments for V2G, energy harvesting in dynamic wireless charging, and bandwidth identification, all tailored to the constraints of EV charging systems, limited processing power, real-time operation, and bandwidth limitations. The novelty lies in customizing lightweight, privacy-preserving mechanisms to resist threats such as desynchronization, replay, and Sybil attacks within a constrained environment.

Table 1. EVCS Authentication and Privacy Protocols.

References	Attacks Addressed	Key Security Properties	Novelty
Wu et al. [61]	Unauthorized access, privacy leakage	Authentication, secure communication, privacy protection, reliable payment, lightweight	Energy harvesting dynamic wireless charging systems
Irshad et al. [62]	Desynchronization, replay, MitM attacks	Secure key establishment, provably secure	Energy Internet-Based V2G
Bansal et al. [63]	Unauthorized access, physical attacks	Lightweight, secure, privacy-preserving authentication	Physical Unclonable Function (PUF)
Baza et al. [64]	Sybil attacks, user privacy leakage	Anonymous authentication, low overhead	Blockchain for anonymous authentication in energy trading
Hataba et al. [65]	Fraudulent identities, MitM, unauthorized access	Biometric authentication (iris), lightweight encryption	Biometric (Iris) recognition with -K-Nearest Neighbor (KNN) encryption.
Babu et al. [66]	Relevant cyberattacks	Lightweight, robust authentication	Elliptic Curve and hash function primitives for dynamic charging
Roman & Gondim [67]	MitM, DoS attacks	Mutual authentication, key generation/distribution	Chaotic map-based cryptosystem for CWD systems
Parameswarath et al. [68]	Message tampering attacks	Integrity, lightweight authentication	Generating authentication parameters for charging requests
Stichow & Rempel [8]	User spoofing, authentication vulnerabilities	Critical analysis of OCPP vulnerabilities	Threat modeling framework for OCPP-based EVCSs

Table 2. AI/ML-Based Intrusion and Anomaly Detection Systems.

References	AI/ML Technique(s) Used	Primary Attack Type(s) Detected	Key Contribution/Novelty
Basnet & Ali [69]	DNN, LSTM	DoS attacks	Deep Learning-based IDS for EVCS
ElKashlan et al. [70]	Supervised Learning	DDoS attacks	Comparing classifiers for DDoS detection
Anli et al. [71]	LSTM, FFN	DDoS attacks	Deep learning for DDoS detection using system metrics
Warraich & Morsi [72]	Supervised Learning (Decision Tree)	DoS attacks (cyber–physical)	Early detection of cyber–physical DoS in fast-charging stations
Sarieddine et al. [73]	Convolutional LSTM	Oscillatory load attacks	Edge-based detection of oscillatory load attacks with mitigation
Tanyildiz et al. [7]	GAN-GRU, GAN-LSTM, GAN-CNN	Cyber-attacks (Via RUL prediction)	GAN-based Remaining Useful Life (RUL) prediction for attack detection.
Almadhor et al. [74]	Transfer Learning (DNN weights)	Cyber–physical attacks	Transfer learning framework for cyber–physical attack detection
Buedi et al. [75]	Unsupervised Learning and dimensionality reduction techniques	Anomalies (under benign/attack)	Introduction of multi-dimensional CICEVCS2024 dataset
Khan et al. [76]	Intrusion Detection	Cyber-attacks causing queuing instability	Integration of Intrusion Detection System (IDS) into EV assignment algorithm

Table 3. Blockchain for Enhanced EVCS Security and Trust.

References	Blockchain Type/Technology	Key Security Benefits Achieved	Specific Attacks Mitigated
Sheikh et al. [77]	Byzantine Fault Tolerance (BFT)-based Blockchain	Immutability, Transparency, Decentralization, Reduced attack probability	SCADA Information, Communication links and sensor data
Khalid et al. [78]	Consortium Blockchain	Fraud Prevention, Fair Payment, Automated Execution	Double-spending, Sybil attacks
Xu et al. [79]	Blockchain with Smart Contracts	Tamper-Proof Transactions, Resistance to Network Congestion	Yunnan Power Grid Co. Information Center—General Data Manipulation
Chowdhury et al. [41]	Hyperledger Fabric	Cyber resilience, data integrity	False data injection, MitM, DoS attacks

Table 4. Cyber–physical Attacks on EVCS and Corresponding Mitigation Strategies.

References	Attack Type	Mechanism/Method of Attack	Proposed Mitigation Strategy	Key Contribution/Novelty
Acharya et al. [48]	Data-Driven Attack	Leveraging public EVCS/grid data to manipulate grid frequency	Enhanced cybersecurity measures (general)	Identifies cyber–physical interdependencies and gaps in EVCS security
Kabir et al. [80]	Coordinated EVCS Switching Attacks	Synchronized manipulation of charging/discharging cycles	Two-stage detection (BPNN), H-infinity control	Two-stage detection and mitigation for coordinated EVCS attacks
Liu et al. [81], Zhou et al. [82]	Malicious Mode Attacks (MMAs)	Coordinated EV charging to generate forced oscillations	Multi-information Active Disturbance Rejection Control (MIADRC)	First investigation of MMA characteristics and multi-information-based defense
Gupta et al. [83]	Denial of Charging (DoC) Attack	Exploiting charging standard vulnerabilities (e.g., Bharat EV DC)	Not explicitly stated (demonstration of attack)	Demonstrates DoC attack on Bharat EV DC standard and grid impact
Jeong & Choi [84]	User Data Manipulation	Bi-level optimization to distort charging schedules Via user data	Not explicitly stated (focus on attack model)	Novel attack model for manipulating EV user data
Gandhi & Morsi [85]	OCPP Vulnerabilities	Exploiting flaws in Open Charge Point Protocol (OCPP)	Not explicitly stated (demonstration of attack)	Demonstrates OCPP vulnerabilities in high-power fast charging stations
Acharya et al. [9], Mu et al. [86]	False Data Injection (FDI) on Data Markets	Injecting false data into EVCS data markets	TCWGAN-based defense, defense mechanism to improve forecasting	Data market for EVCS demand forecasting, TCWGAN defense mechanism
Acharya et al. [48], Elhussini et al. [87], Sayed et al. [88]	General Cyber–physical Attacks	Exploiting backdoors, manipulating EV loads	Multi-layer authentication, estimation-based control, MTD	Comprehensive Vulnerability Analysis and Mitigation Strategies
Pourmirza & Walker [89]	General EVCS Cyber Vulnerabilities	Not specified (broad overview)	Security measures and protocols (general)	Broad overview of EVCS cyber challenges
Nasr et al. [90]	General Cyber–physical Attacks	Exploiting EVCSMS vulnerabilities Via cyber components	Vendor-specific patches (e.g., Schneider Electric CVEs)	First-of-its-kind comprehensive EVCSMS security analysis
Ahalawat et al. [91]	Comprehensive Security Threats in EVCS	Various cyber-attacks on EVCS architecture	Not explicitly stated (review-focused)	Comprehensive review of EVCS security threats
Shirvani et al. [92]	General EVCS Security	Exploiting vulnerabilities in charging, privacy, software	STRIDE-based risk assessment	STRIDE-based framework for EV security risk assessment
Hamdare et al. [5]	Cybersecurity Risks in EVCS Networks	Network and protocol vulnerabilities	Not explicitly stated (risk analysis focus)	Empirical validation of cybersecurity risks in EVCS networks
Aljohani & Almutairi [12]	DDoS Attacks on EVCSs	Time-varying wide-scale DDoS Via botnets	Robust cybersecurity protocols	Novel modeling of time-varying DDoS attacks

Table 2 focuses on AI- and ML-based intrusion detection systems that identify threats like denial-of-service and other cyber–physical anomalies. Approaches include deep neural networks, Long Short-Term Memory (LSTM) architecture, and edge-based detection of oscillatory load attacks. These systems analyze real-time system metrics to flag abnormal behavior and mitigate evolving threats. Notably, several studies incorporate complex datasets like CICEVCS2024 and apply transfer learning to improve adaptability across different EVCS contexts. The emphasis is on building smart, self-improving detection systems that keep pace with dynamic, cross-platform threat landscapes.

Table 3 explores blockchain technologies applied to EVCS, using frameworks such as Byzantine Fault Tolerance and Hyperledger Fabric to secure data integrity and transaction trust. These methods prevent fraud, false data injection, and man-in-the-middle attacks, supporting critical functions like payment processing and energy trading. By leveraging consortium blockchains and smart contracts, these studies address issues like double-spending, Sybil attacks, and congestion in decentralized networks. The innovation lies in adapting general blockchain principles to the specific operational and scalability demands of EV infrastructure.

Table 4 examines cyber–physical attacks and proposed mitigation strategies, including multi-layered authentication and Moving Target Defense. Studies analyze attacks exploiting public EVCS data, coordinated switching attempts, and vulnerabilities in EVCS management systems. Defenses include TCWGAN-based forecasting and multi-source control schemes to counter false data injection, malicious operating modes, and Distributed Denial-of-Service (DDoS) attacks.

The key contribution is in modeling complex and evolving attack vectors, such as time-varying DDoS, and embedding robust, EVCS-specific defenses into grid and V2G systems.

Comparative Evaluation of AI Models for EVCS Cybersecurity

The studies in Table 2 leverage various AI models for intrusion and anomaly detection in EVCS, including Deep Neural Networks (DNN) [68], Long Short-Term Memory (LSTM) [92], Convolutional Neural Networks (CNN) [93], and Generative Adversarial Networks (GAN) variants like GAN-Gated Recurrent Unit (GRU), GAN-LSTM, and GAN-CNN [8]. Each model offers distinct strengths and weaknesses depending on the characteristics of EVCS data, such as time-series telemetry, high-dimensional sensor inputs, and dynamic network traffic patterns, understanding their suitability is critical for effective deployment in EVCS cybersecurity. DNNs excel in processing high-dimensional, non-sequential data, making them suitable for detecting complex patterns in EVCS metrics like voltage, current, and network traffic [94,95]. Their strength lies in handling large datasets and generalizing across diverse attack types, such as DoS and cyber–physical attacks [95,96,97]. However, DNNs require substantial computational resources and labeled training data, which can be a bottleneck in resource-constrained edge devices typical in EVCS deployments [96]. Overfitting is also a risk if training data lacks diversity, potentially missing novel attack vectors [98].

The LSTM models are tailored for sequential data, ideal for EVCS time-series data like power flow or communication logs [99,100]. They capture temporal dependencies, making them effective for detecting anomalies in charging patterns or oscillatory load attacks [101,102]. Their memory cells allow retention of long-term patterns, which is useful for identifying gradual attack escalations [103]. However, LSTMs are computationally intensive and sensitive to hyperparameter tuning, which can complicate real-time implementation in EVCS environments with strict latency requirements [104]. Convolutional Neural Networks (CNN), particularly Convolutional LSTM variants, combine spatial and temporal feature extraction, making them effective for detecting oscillatory load attacks or spatially correlated anomalies in EVCS networks [105].

CNNs reduce computational complexity compared to LSTMs by leveraging convolutional layers, suitable for edge-based detection [105]. However, they may struggle with long-term dependencies in highly dynamic EVCS data and require careful preprocessing to align with spatial data structures [106]. The GAN variants, such as GAN-GRU, GAN-LSTM, and GAN-CNN, are used for predictive tasks like remaining useful life (RUL) estimation and anomaly detection [7,98].

GANs generate synthetic attack scenarios, enhancing training data diversity and improving detection of rare or zero-day attacks [107]. Their ability to model complex distributions is valuable for EVCS data with non-linear patterns [108]. However, GANs are prone to training instability and require significant computational resources, limiting their practicality in real-time EVCS applications [109]. Their reliance on Unsupervised learning also risks generating false positives if not carefully tuned [107].

In the context of EVCS, data characteristics like real-time telemetry, high-noise levels, and dynamic network interactions favor models that balance computational efficiency with temporal sensitivity [110]. LSTM and Convolutional LSTM are particularly effective for time-series anomaly detection, while DNN suits broader pattern recognition across diverse metrics [111,112,113]. GAN variants are promising for simulating rare attack scenarios but need optimization for edge deployment [107]. Future work should focus on hybrid models combining LSTM temporal strengths with CNN’s efficiency or lightweight GAN frameworks to address EVCS-specific constraints like low latency and limited edge computing power [100,114,115].

To delineate these attributes systematically, Table 5 compares key AI models, including methodology, benchmarks such as dataset, accuracy and gaps, building on Table 2’s studies.

Table 5. Comparative Attributes of AI Models for EVCS Intrusion Detection.

Model	Methodology	Benchmark/Dataset	Key Strengths	Identified Gaps
LightGBM/XGBoost (Host-Level Forensic Framework) [116]	Supervised ML pipeline combining kernel and Hardware Performance Counter (HPC) telemetry, feature correlation, and SHAP-based interpretability	CICEVSE2024 (EV Charger Attack Dataset), 6166 samples, 86 host-level features capturing benign, DoS, cryptojacking, and reconnaissance scenarios	Achieved 98.81% accuracy, highest among RF, DT, KNN, and SVM; detects host-resident threats beyond network scope; provides explainability via SHAP; supports both real-time and post-incident forensic analysis	Lacks deep temporal learning (no LSTM or hybrid sequence modeling); limited scalability testing for large EVCS networks; current model evaluated offline (not yet deployed for live DT integration)
DNN & LSTM (Deep Learning–based IDS for EVCS) [69]	Supervised deep learning using feature-engineered input (PCA + min–max normalization) for binary and multiclass DoS detection; trained in Python 3.7 with 50/20/30 train–validation–test split	CICIDS 2018 Dataset—includes 1.4 M benign and multiple DoS attack samples (GoldenEye, Hulk, Slowloris, SlowHTTPTest)	Both models achieved >99% detection accuracy; LSTM outperformed DNN in precision, recall, and F1-score, achieving perfect (1.0) metrics for most attack types; rapid convergence (10 epochs vs. 70 for DNN)	Dataset imbalance across DoS subclasses; high false alarm potential in larger deployments; lacks validation on real EVCS traffic or streaming DT environments; future work to include reinforcement-based IDS and adaptive learning.
LSTM-AE (Adversarial Anomaly Detection Framework) [117]	LSTM-based autoencoder trained on normal charging-port current magnitudes; adversarial anomalies generated using Fast Gradient Sign Method (FGSM); anomaly detection via Kolmogorov–Smirnov (KS) statistical test on predicted vs. observed sequences	MATLAB/Simulink-simulated EVCS dataset (4 charging boards, 8 ports, DC chargers 50–400 kW; normal + FGSM-based spoofed data)	Achieved 98.5% accuracy; robust to noise; captures temporal dependencies in EVCS current data; integrates adversarial input generation and detection in one framework; effective against spoofing and false data injection	Limited to simulated data (no real EVCS logs); lacks online/real-time deployment; sensitivity to perturbation scaling (ε > 0.1 degrades MAE); interpretability and generalization beyond current magnitudes yet to be validated
MRG-ID-SA-TCN (Multi-Receptive, Gated, Iterative Dilation, Self-Attention TCN with SE block) [100]	Enhanced TCN-based IDS integrating multi-receptive fields, gated convolutions, iterative dilation, self-attention, and squeeze-and-excitation (SE) blocks for multi-scale temporal feature learning and attack classification	CICEVSE2024 Dataset (8468 samples; 17 classes—16 attack types + benign, real EVCS setup using OCPP/ISO15118)	Achieved 93.9% accuracy, 94.1% precision, 93.3% recall, and 93.9% F1-score; robust multi-class detection across 16 attack types; strong generalization to complex temporal patterns; real-time feasible (5.09 ms/sample inference, 12.36 MB memory footprint); interpretable via ablation and SE re-weighting	Higher computational cost (N2 attention complexity, 8658 s training); performance degradation for rare attacks (F1 ≤ 0.46 on low-frequency types); evaluated on single dataset—requires validation on broader cross-domain EVCS and DT-integrated environments

3. Digital Twins Foundations for EVCS Security

The IoDT signifies a transformative advancement in the design, monitoring, and safeguarding of complex cyber–physical systems, including EVCS [118]. DTs are defined as dynamic, digital models of physical assets or processes, which remain in constant alignment with their physical counterparts by integrating real-time data [119]. In the early 2000 s, Dr. Michael Grieves at the University of Michigan laid the groundwork for the concept of DTs. This foundational idea was later implemented by NASA to enhance simulation and diagnostic capabilities within aerospace systems [120]. Since then, the development of DTs has rapidly progressed due to advancements in artificial intelligence (AI), cloud infrastructure, and the extensive deployment of Internet of Things (IoT) technologies [31,121]. Today, DTs offer real-time operational insights, predictive analytics, and proactive control mechanisms, capabilities that are especially crucial in the cybersecurity landscape of EVCS [25].

The success of DT systems in safeguarding the cybersecurity of EVCS is fundamentally dependent on achieving precise synchronization between the physical infrastructure and its digital model. This synchronization is facilitated by distributed sensor networks that gather comprehensive telemetry data, including parameters such as voltage, current, temperature, network latency, and usage patterns [122].

These inputs are utilized to create multi-domain models that encompass not only physical behaviors, such as electrical, mechanical, and thermal, but also the digital interactions within communication and control layers. By merging real-time data with historical trends, DTs enhance situational awareness and predictive capabilities. In the realm of EVCS, this modeling aids in the early detection of anomalous power flows, compromised communication channels, or unauthorized access attempts, thereby bolstering robust cybersecurity postures [123].

Digital Twin systems for EVCS are generally organized into layered architecture, facilitating modular design and seamless integration into various operational environments. At the foundational level is the physical layer, which comprises EVCS hardware, power conversion units, control modules, and sensing devices [124].

Situated above the physical layer is the communication layer, which facilitates the exchange of data between internal modules and external interfaces by employing secure and standardized protocols [125]. The logical or data processing layer integrates AI-driven modules designed for state estimation, anomaly detection, behavior prediction, and system optimization [126]. Additional components may encompass visualization dashboards, rule-based mechanisms for the enforcement of cybersecurity protocols, and middleware that facilitates interaction with grid operators and external systems [127].

The layered architecture of the EVCS digital ecosystem ensures resilience, flexibility, and security. In environments where cybersecurity is a critical concern, DTs function as continuous monitoring agents and analytical engines, capable of detecting and mitigating cyber threats in real time. Through cross-domain modeling, DTs identify vulnerabilities that arise from the interaction between physical processes, control logic, and communication protocol vulnerabilities that traditional, siloed assessments may overlook [128]. DTs serve as a virtual platform for testing and enhancing security measures by replicating attack vectors such as false data injection, protocol spoofing, firmware manipulation, and DoS scenarios [125]. Moreover, DTs maintain comprehensive event logs, which facilitate forensic investigations and compliance reporting following incidents [129].

As illustrated in Figure 6, the operational flow of cybersecurity-focused DTs encompasses monitoring, anomaly detection, threat simulation, and response pathways, which are distributed across EVCS components. This flow begins with continuous monitoring, where IoT sensors collect real-time data from EVCS components like charging ports, power converters, and communication interfaces [130].

Figure 6. Digital twins’ security flow for EVCS environments.

These sensors feed metrics such as current fluctuations, packet loss rates, or unauthorized access attempts into the DTs data processing layer [131]. Anomaly detection then employs AI algorithms, such as unsupervised clustering or statistical modeling, to identify deviations from normal operational patterns [132]. For instance, an unexpected spike in power draw or irregular network traffic could signal a potential cyberattack [35]. Threat simulation, a critical component, involves the DTs replicating attack scenarios, like injecting false data into control systems or simulating a denial-of-service attack, to test system resilience and refine mitigation strategies without risking the physical infrastructure [133]. Response pathways are activated when anomalies or threats are confirmed, leveraging predefined rules and AI-driven decisions to isolate compromised components, reroute power flows, or alert grid operators [134]. This closed-loop process ensures rapid detection and mitigation, maintaining EVCS integrity across its physical and digital domains.

As illustrated in Figure 6, the operational flow of cybersecurity-focused DTs encompasses monitoring, anomaly detection, threat simulation, and response pathways distributed across EVCS components. This visualization captures the closed-loop process of data collection, analysis, and mitigation across digital and physical domains. To further clarify how digital twins mitigate specific cyber threats in EVCS environments, the main DT-based solutions are summarized in Table 6 below.

Table 6. DT Solutions to Key EVCS Security Threats.

Threat	DT Solution Description	Key Technologies	Effectiveness/Benchmark
Spoofing/MitM [135]	Real-time behavioral mirroring to validate authentication; anomaly flagging through DT–physical synchronization	AI-based anomaly detection; TLS/ISO 15118 secure communication	Enhanced monitoring through continuous data synchronization; integrity verification through blockchain technology [136]
False Data Injection (FDIA) [137]	LSTM-based state estimation filters corrupted data; predictive simulation compares injected data vs. historical baselines; automated isolation using DT sandboxes	LSTM/DRL hybrid networks; Blockchain integrity assurance [136]; Actor-critic neural networks	Detects and mitigates FDIA within 5 s; successfully restores accurate state parameters; eliminates FDIA impact on state estimation [22]
DoS [60]	Load-balancing rerouting and capacity forecasting through DT replicas; distributed edge computing for resilient processing	Edge computing; 5G/6G network slicing [138]; Ultra-low latency communication	Real-time anomaly identification; proactive threat detection through predictive analytics [117,139]
Firmware Tampering [13]	Virtual commissioning for OTA updates; DT serves as experimental platform for testing security measures; provenance tracking via DT-maintained ledgers	Quantum-resistant cryptography [136]; Secure boot protocols; OCPP-based simulation [21]	Spots protocol vulnerabilities before deployment; enables safe testing in controlled environments without jeopardizing physical infrastructure [140]

The implementation of DTS capabilities in the cybersecurity of EVCS is supported by a combination of well-established and novel technologies. The IoT-based sensor arrays constitute the core of data acquisition, capturing a comprehensive array of environmental and operational metrics at the edge [141]. Edge computing platforms enhance system responsiveness by performing data processing tasks locally. This approach reduces reliance on centralized systems and facilitates real-time threat mitigation [142]. Cloud infrastructures offer scalable computing and storage capabilities that are crucial for analyzing historical data, training models, and synchronizing across networks.

Additionally, the use of microservices and containerization supports the modular deployment and lifecycle management of Digital Twin components [143]. The integration of AI techniques, such as supervised learning for identifying known attack patterns and unsupervised clustering for detecting anomalies, enhances the ability of digital twins to adapt to evolving cyber threats [144]. Collectively, these technologies provide a solid foundation for the implementation of DTs that satisfy the stringent security requirements of contemporary, interconnected EVCS environments.

However, the effectiveness of these technological components ultimately depends on how well they perform operationally. Technical performance in DT-driven EVCS cybersecurity relies on three interdependent factors: synchronization fidelity between digital and physical systems, model accuracy in representing operational states, and communication latency in threat response mechanisms [122]. Degradation in any of these dimensions amplifies vulnerabilities, particularly in 5G/6G network environments where high-speed data exchange is fundamental to security operations [117].

Synchronization is maintained through the continuous IoT sensor data streams described above, enabling real-time anomaly detection [145]. However, this continuous exchange creates attack surfaces vulnerable to man-in-the-middle attacks and data tampering [7]. Studies of cyber–physical systems demonstrate that desynchronization can delay threat mitigation by 20–50% in smart grid infrastructures [146]. When DT’s lose synchronization with physical energy systems, they fail to detect fraudulent data injection attacks, reducing the effectiveness of grid destabilization countermeasures [147].

Model fidelity directly influences the threat simulation accuracy of the AI techniques integrated into the DT architecture [148]. High-fidelity models employing CNN/LSTM hybrid architectures have achieved 93% detection accuracy for advanced persistent threats in IoT environments [149]. Conversely, models trained on synthetic datasets that inadequately capture operational complexity exhibit reduced generalizability [150]. In dynamic EVCS scenarios, low-fidelity models can increase false negative rates by up to 15%, allowing genuine threats to evade detection [151,152].

Communication latency presents critical constraints for the edge–cloud architecture discussed previously, particularly during handoffs in distributed deployments [47]. Ultra-reliable low-latency communication protocols must maintain latency below 50 ms to prevent exploitation through denial-of-service attacks [153]. When additional verification layers such as blockchain consensus mechanisms introduce overhead, latency can increase to 100–200 ms, compromising the responsiveness essential for vehicle-to-grid stability [154,155].

These performance requirements necessitate careful protocol selection that balances model fidelity with operational speed [156]. Industrial IoT pilot deployments have demonstrated that this balance is achievable through lightweight architectures, though successful implementation requires systematic optimization across all three performance dimensions [157,158].

4. Simulation Tools for Digital Twins Implementation

Digital Twins in EVCS function through a stratified architecture that enables synchronized interaction between physical components and their digital representations. As depicted in Figure 7, the physical layer encompasses hardware components such as EVCS, sensors, and connected EVs.

Figure 7. Conceptual framework of Digital Twin architecture adapted for EVCS cybersecurity.

The data layer records sensor inputs, telemetry, and time-series metrics pertaining to system status [159]. The modeling layer performs real-time simulations, conducts cybersecurity analyses, and facilitates predictive diagnostics [160]. The service layer integrates tools for decision-making that are grounded in machine learning and artificial intelligence, whereas the visualization layer conveys actionable intelligence via dashboard interfaces [161]. These layers work together seamlessly to oversee charging operations, detect threats, and autonomously initiate corrective actions in a secure manner. Real-time system monitoring is a fundamental application of DTS technology in EVCS. DTs continuously monitor operational metrics such as voltage, current, temperature, state-of-charge (SoC), and power quality.

These data streams are visualized through 2D or 3D interfaces, offering infrastructure operators high-resolution situational awareness [5]. Prior to implementing software patches or backend updates, stakeholders may employ DT environments to simulate their potential effects on EVCS within a controlled, sandboxed virtual setting [162].

Prominent programming and numerical computing platforms, such as MATLAB/Simulink, Python-based frameworks, and Modelica [163], and Julia [164] offer robust modeling capabilities for power flow analysis, communication behavior emulation, and cyber-attack scenario validation.

Python is widely used for DTs implementation in EVCS cybersecurity due to its flexibility, extensive libraries, and open-source nature, but it differs from tools like MATLAB/Simulink, Modelica, and Julia in capability and outcome [124]. Python frameworks such as OpenModelica, SimPy, or custom environments with libraries like NumPy, SciPy, and TensorFlow enable high-fidelity modeling of EVCS components, including power flows, communication protocols, and AI-driven anomaly detection [165]. Its strength lies in rapid prototyping and machine learning integration for real-time threat analysis, but it requires significant customization to match the precision of domain-specific tools [166].

MATLAB/Simulink, with toolboxes for power systems and control, offers robust support for EVCS simulations and seamless hardware-in-the-loop (HIL) integration, reducing development time for cyber–physical models [167]. Its proprietary nature and licensing costs around $1015–$4090 per year, contrast with Python’s accessibility [168,169].

Modelica excels in multi-physics modeling, capturing EVCS thermal and electrical dynamics, but its steeper learning curve slows implementation compared to Python’s syntax [168,170]. Julia, optimized for numerical performance, handles large-scale simulations faster than Python in some cases but lacks mature libraries for EVCS applications [171].

Outcomes are generally consistent across tools for well-defined DTs tasks, such as replicating EVCS behavior or anomaly detection, when models are accurately parameterized [126,172]. However, tool-specific differences arise in computational efficiency and integration. Python’s flexibility suits experimental setups and diverse data sources, but it may lag in real-time performance for 5G/6G environments compared to Julia or MATLAB’s solvers [173,174,175]. Validation against standards like ISO 15118 or OCPP 2.0.1 shows comparable accuracy, though MATLAB’s compliance templates streamline regulatory alignment [176]. For resource-constrained teams, Python’s low cost and community support often outweigh specialized tools, but outcomes depend on expertise in tailoring Python to EVCS requirements [177].

These platforms facilitate high-resolution time-domain simulations, enable co-simulation with real-time systems, and allow integration with machine learning toolkits, thereby serving as indispensable tools for proactive cybersecurity validation. The choice of a suitable simulation environment depends on the specific EVCS component being assessed, the required level of fidelity, and the complexity of integration with live operational data streams. This mitigates operational risk and facilitates adherence to standards such as ISO/SAE 21434 and NIST SP 800-82 [7,8]. A DTS can effectively replicate the response of a charging unit when subjected to a compromised firmware injection.

This capability allows developers to scrutinize unauthorized behaviors, simulate command failures, and evaluate the risks associated with data exfiltration. Such anticipatory testing empowers stakeholders to confirm the system’s resilience without subjecting the actual system to potential exploitation [9]. Another vital application is threat emulation and attack simulation [26], DTs are capable of modeling sophisticated cyberattacks such as DoS, spoofing, false data injection (FDI), and advanced persistent threats (APTs) [10,11]. By integrating historical attack signatures and behavioral models into the DTs analytics engine, infrastructure providers can effectively simulate malicious activities, evaluate the proliferation of cyber threats, and assess the efficacy of layered security measures [26].

Beyond passive detection, digital twins play a crucial role in facilitating real-time cybersecurity mitigation. By juxtaposing real-time operational data with established models of anticipated behavior, DTs can identify anomalies with a high degree of precision [178]. Upon detection of abnormal behaviors, such as unexpected handshake failures, irregular voltage oscillations, or backend command delays, they can initiate automated responses [179]. These measures may involve isolating affected components, executing firmware rollbacks, deploying over-the-air configuration updates, or issuing alerts to system operators.

This automated response loop significantly reduces the mean time to detect and respond, which is particularly crucial in ultra-dense urban charging networks or highway supercharging corridors [180]. The efficacy of DTS based cybersecurity is fundamentally reliant on the communication stack that facilitates system coordination. Figure 8 presents a comparative analysis of prominent industry entities that provide platforms for the development of cybersecurity detection and mitigation strategies.

Figure 8. Platforms for developing and testing cybersecurity detection and mitigation strategies.

The EVCS operates on a sophisticated protocol suite that encompasses the physical, transport, and application layers. Intra-vehicle communication is facilitated by the Controller Area Network (CAN) bus and Automotive Ethernet, while secure messaging between electric vehicles, charging stations, and backend servers is enabled by protocols such as TCP/IP, ISO 15118, OCPP, Message Queuing Telemetry Transport (MQTT), and Open Platform Communications Unified Architecture (OPC UA) [16]. DTs facilitate the simulation of these layered interactions, enabling developers to evaluate protocol compliance, packet sequencing, timing delays, and the resilience of security handshakes under diverse load conditions [17]. The integration with 5G and the emerging 6G networks facilitates further advancements through the implementation of network slicing, ultra-reliable low-latency communications (URLLC), and multi-access edge computing (MEC).

These technologies enable the localization of DT operations and threat detection, thereby allowing for a more rapid response to localized anomalies while maintaining the integrity of the global system [18]. In addition, DTs significantly enhance the processes of virtual commissioning and interoperability testing [181]. Prior to the implementation of new charging systems or the expansion to additional sites, operators can employ DTs to simulate deployment conditions, network topology, and environmental variability.

This pre-deployment modeling ensures compliance with standards such as OCPP 2.0.1 or ISO 15118 Plug and Charge and mitigates integration risks with utility backends or fleet management platforms [19]. This simulation capability is also applicable to V2G environments, where the bidirectional flow of energy and data introduces novel control logic and synchronization challenges. DTs are particularly well-suited to modeling and optimizing these complexities [20]. The realization of these capabilities is facilitated by a growing ecosystem of commercial DT platforms specifically designed for the energy and mobility sectors. Companies such as Opal-RT, RTDS, Typhoon HIL, and Speedgoat have emerged as prominent technology providers in the development and deployment of DT frameworks for EVCS.

Their platforms are equipped to manage real-time data streaming, model-based system design, hardware-in-the-loop (HIL) testing, and seamless edge–cloud integration capabilities, which are crucial for high-fidelity simulation of cyber–physical systems operating under 5G/6G connectivity. Figure 9 illustrates the architecture and operational focus of these platforms, demonstrating how each vendor supports different aspects of DTS-enabled cybersecurity pipelines, such as co-simulation, protocol fuzzing, or electromagnetic interference testing.

Figure 9. Functional overview of industry-leading DTS simulation and HIL platforms for EVCS cybersecurity (Opal-RT, RTDS, Typhoon HIL, Speedgoat).

Table 7 provides a comparative summary of platform specifications, simulation software, and use cases in smart mobility and EV infrastructure. Together, these resources offer practitioners a reference framework for selecting and deploying DTs tailored to advanced EVCS security applications.

Table 7. Comparative summary of DTS-enabled simulation platforms, technical specifications, cybersecurity features, and EVCS application domains.

Authors	Methods Used	Simulation Software/Methodology	Cases Applied in Smart Mobility and EV Infrastructure	Research Gap
Korotunov et al. [182]	Digital Twin Technology, Predictive Maintenance	Not specified	Optimization of grid side for electric vehicle charging station, Predictive maintenance	Limited focus on cyber–physical security, particularly in advanced networks, for ensuring robust protection against cyber threats in EV charging infrastructure.
Yu, G et al. [183]	Digital Twin Framework, Smart charging infrastructure design	Review Study	Smart EV charging infrastructure, Enhancing operational and managerial efficiency	Does not address Cyber–physical Security challenges specific to 5G/6G connectivity in smart charging infrastructure.
Francisco, AMB et al. [184]	Digital Twins Modeling, Charging scheduling optimization	MATLAB	EV fleet charging management, High self-consumption and self-sufficiency	Limited exploration of cybersecurity measures for protecting Digital Twin of EV fleets in advanced networked environments.
Li, GJ et al. [185]	Digital Twin, Chebyshev Chaotic Maps, Reputation Mechanism	Mathematical Formulations	Secure and efficient charging reservation, Charging behavior evaluation	While addressing security, the study does not fully explore 5G/6G-specific vulnerabilities like low-latency attack vectors in vehicular networks.
Galkin, N et al. [21]	Digital Twin, Virtual Commissioning, IEC 61850 standard, Open Charge Point Protocol	OCPP server, MATLAB/Simulink	Virtual commissioning of charging stations, Automation of design and simulation	Lacks focus on cyber–physical security threats in networks affecting virtual commissioning processes.
Kaleybar, HJ et al. [186]	Digital Twins, Power management system	MATLAB	Integration of renewable energy and EV charging in railway systems, Regenerative Breaking energy	No analysis of cyber–physical security risks in railway microgrids with EV charging integration.
Basnet, M et al. [20]	Deep Reinforcement Learning (IADRL), Twin Delayed Deep Deterministic Policy Gradient (TD3)	Digital clones	Cyber-attack mitigation on EVCS controllers, Control signal correction	While addressing cyberattacks, it does not specifically tackle network vulnerabilities like real-time data interception.
Yu et al. [23]	Digital Twin Framework, Incentive-based demand response	Smart Grid Simulator	Grid-integrated EV operation, Incentive strategy for power service participation	Lacks focus on securing Digital Twin frameworks against network-specific cyber–physical threats.

Performance Metrics and Evaluation Criteria

DTs enhance EVCS cybersecurity through real-time monitoring, anomaly detection, and automated response mechanisms. To assess their effectiveness, specific performance metrics and evaluation criteria are essential. These metrics provide a quantitative basis for evaluating DTs performance in detecting and mitigating cyber threats, ensuring they meet the operational demands of 5G/6G-enabled EVCS environments.

I.

Detection Accuracy: This metric measures the proportion of correctly identified cyber threats, such as false data injections or denial-of-service attacks, against the total number of incidents [187]. Studies using AI-driven DTs, such as those employing deep neural networks, report detection accuracies ranging from 85% to 98% for known attack patterns in controlled EVCS simulations [7,117,188,189]. Accuracy varies based on training data quality and the complexity of attack vectors, with unsupervised learning models showing slightly lower performance for zero-day threats [190].

II.

False Positive Rate: The false positive rate indicates the frequency of benign behaviors incorrectly flagged as threats [123]. High false positive rates can erode operator trust and disrupt EVCS operations. Current DTs implementations, particularly those using convolutional LSTM models, achieve false positive rates as low as 2% to 5% in urban charging networks [191,192]. These rates improve when DTs integrate historical data and real-time telemetry to refine anomaly detection algorithms.

III.

Latency: Latency measures the time from threat detection to response initiation [193]. In 5G/6G environments, DTs leveraging multi-access edge computing achieve response latencies of 10 to 50 milliseconds for localized anomaly detection [194]. This low latency is critical for ultra-dense charging networks, where rapid response prevents cascading failures [195]. Cloud-based DTs, however, may experience latencies up to 200 milliseconds due to data transmission overhead, highlighting the advantage of edge-based processing [196].

IV.

Scalability Metrics: Scalability of DTs for Electric Vehicle Charging Stations (EVCS) is assessed by their capacity to manage an increasing number of EVCS units without compromising performance, such as detection accuracy or latency [197]. Simulations conducted using platforms like MATLAB/Simulink have shown that DTs can effectively handle up to 10,000 charging stations while maintaining stable performance, achieving detection accuracy above 90% and latency below 100 milliseconds when deployed across distributed edge nodes [198]. Beyond this scale, synchronization challenges may lead to a latency increase of approximately 20% to 30% due to higher computational and communication demands [199].

V.

Resource Utilization: Effective DTs for Electric Vehicle Charging Stations (EVCS) must balance computational demands with resource constraints to ensure efficient operation. Edge-based DTs, such as those deployed on platforms like NVIDIA Jetson, typically consume between 50 and 100 watts per unit, depending on the workload and hardware configuration [200]. Cloud-based analytics for real-time processing of EVCS data require approximately 0.5 to 2 GB of RAM per charging station to handle tasks like monitoring and optimization [201,202]. Optimizing resource utilization is critical for cost-effective deployment, particularly in large-scale urban environments where scalability and energy efficiency are paramount [203,204].

These metrics were derived from case studies and simulations, such as those conducted with Opal-RT and Typhoon HIL platforms, which validate DTs performance under diverse attack scenarios [205]. For instance, DTs simulating a spoofing attack on an ISO 15118-compliant EVCS achieved a detection accuracy of 92% with a false positive rate of 3% and a response latency of 30 milliseconds [206]. Such evaluations ensure that DTs not only detect threats but also maintain operational efficiency and reliability. Future research should focus on standardizing these metrics across DTs platforms to enable consistent performance comparisons and guide practical deployments in large-scale energy networks [199].

Recent pilot projects validate the effectiveness of DT simulation tools in enhancing cybersecurity for EVCS. The CyberTWIN-EV project, led by AESIN in the UK, integrated DT platforms with cybersecurity assessment tools to simulate cyberattacks such as DoS and MITM attacks on EV charging infrastructure [207]. The project deployed vehicle and grid-based intrusion detection systems (IDS) to identify anomalies and log them to a Mobility Security Operations Centre (MSoC), demonstrating the viability of digital twin environments for validating cybersecurity resilience in EV-grid interactions [207].

Similarly, Trialog’s 2024 demonstration utilized digital twins with the Eclipse Ditto platform to simulate EV charging stations within their TriLab innovation laboratory [208]. This proof-of-concept enabled testing of software changes and interoperability scenarios without requiring physical charging infrastructure [208]. The case studies highlight the strong predictive power and practical advantages of DT applications in EVCS. These findings affirm strategic value of integrating DT technology into EVCS systems.

5. Standards, Privacy and Financial Feasibility

The integration of DTs technology into EVCS enhances operational visibility, predictive analytics, and cybersecurity by utilizing real-time data. Nevertheless, it presents substantial challenges concerning privacy, encryption, regulatory compliance, and cost [127].

For effective deployment, it is imperative to adhere to standards such as ISO 15118, OCPP 2.0.1, and GDPR, while addressing deficiencies in synchronization, authentication, and data integrity [209]. Privacy-preserving techniques and robust encryption are essential for safeguarding sensitive information. Economic considerations, including capital expenditures (CAPEX), operational expenditures (OPEX), and return on investment (ROI), significantly impact adoption. Additionally, interoperability challenges within diverse EVCS environments also play a crucial role [2]. Addressing these challenges necessitates the implementation of coordinated standards as discussed below.

5.1. Compliance with Technical Standards

To ensure interoperability, security, and scalability, DTs-enabled EVCS must adhere to industry standards such as ISO 15118 [28], OCPP 2.0.1 [52], IEEE 2030.5 [210], and NIST IR 8356 [211]. These standards provide frameworks for secure communication, data management, and system integration:

I.

ISO 15118: This standard establishes the framework for V2G communication, outlining the protocols necessary for the secure transmission of data between EVs and charging stations [28]. Transport Layer Security (TLS) is employed to facilitate encrypted communications, while digital certificates are utilized for authentication. This, when employed by DTs, can securely process data related to charging sessions [212]. Ensuring compliance with data protection laws is vital for DTs systems to sustain trust in V2G interactions, particularly when dealing with bidirectional charging scenarios.

II.

OCPP 2.0.1: The Open Charge Point Protocol (OCPP) 2.0.1 significantly enhances communication between chargers and backend systems by incorporating advanced security features, including support for TLS 1.3 and secure firmware updates [213]. DTs that implement OCPP 2.0.1 are capable of securely transmitting telemetry data to cloud-based twins, effectively reducing the potential for eavesdropping or data tampering.

III.

IEEE 2030.5: This communication standard helps utilities, distributed energy resources (DERs), and grid-connected devices like EV chargers share data safely and efficiently. It uses the Internet Protocol (IP) to control DERs from a distance and allows two-way communication to keep the grid stable. The standard ensures smart grids work well together by combining digital technologies with DERs and grid management systems [14,32,210]. It requires the establishment of rigorous cybersecurity strategies, such as mutual authentication and encryption, to ensure the protection of data exchanges within EVCS ecosystems.

IV.

NIST IR 8356: The incident report (IR) from the National Institute of Standards and Technology (NIST) on DTs cybersecurity offers a risk-based framework for the protection of DTs systems. It underscores the importance of continuous monitoring, threat modeling, and incident response strategies to mitigate vulnerabilities in DTS-enabled EVCS [214]. Adherence to NIST IR 8356 guarantees that DTs systems maintain resilience against the evolving landscape of cyber threats, including data breaches and DoS attacks.

Failure to adhere to these standards may result in interoperability complications, expose security weaknesses, and lead to regulatory sanctions, thereby threatening the scalability and reliability of DT-enabled electric vehicle charging systems (DTs-enabled EVCS).

5.2. Technical Safeguards for Privacy and Data Protection

The incorporation of DTs technologies into EVCS presents notable challenges and responsibilities concerning data privacy and cybersecurity.

These systems are required to function within a multifaceted regulatory framework that encompasses various jurisdictions, including the General Data Protection Regulation (GDPR) of the European Union, the California Consumer Privacy Act (CCPA), and the Network and Information Security Directive 2 (NIS2) for critical infrastructure in Europe [215,216,217]. These frameworks enforce stringent requirements concerning data handling, user consent, and system-level security practices. For example, the GDPR specifies essential user rights in Articles 15 to 21, including the rights to access, rectification, erasure (the “right to be forgotten”), and objection to automated decision-making, all of which must be integrated into the technical architecture of DTs platforms [218].

Concurrently, the CCPA emphasizes transparency and consumer control over personal data, whereas the NIS2 classifies EVCS as critical infrastructure, necessitating increased resilience against cyber threats and service interruptions. These systems routinely collect, transmit, and process data across various legal jurisdictions, thereby necessitating compliance with data protection laws that span a fragmented array of regulatory frameworks [126]. This challenge is particularly acute in emerging markets, where regulatory frameworks specific to digital transformation technologies are frequently underdeveloped or entirely absent. Consequently, implementing entities must adopt anticipatory compliance strategies that align with internationally recognized standards and best practices to ensure lawful and ethical data governance.

5.3. Privacy by Design and System Architecture

Deploying DTs on a large scale involves handling vast amounts of sensitive and personally identifiable data, such as vehicle location, battery state-of-charge (SoC), consumption patterns, and user billing information [219,220]. This scenario requires a system architecture that embodies the principles of privacy by design and security by default. These core principles highlight the necessity of embedding data protection mechanisms throughout the system, from edge-level devices and sensor arrays to cloud-based analytics and user-facing visualization platforms [15,221].

A fundamental component of this approach is the implementation of user-centric consent management frameworks. These systems must provide users with transparent information regarding data collection and processing purposes, such as predictive maintenance, billing optimization, grid balancing, and data sharing practices [222]. In alignment with the stipulations of GDPR and CCPA, it is imperative that users are granted the capability to opt out of non-essential data processing, access their personal information, request its deletion, and contest profiling practices. The implementation of dynamic consent models, which facilitate real-time adjustments to user consent, has been shown to bolster user trust and participation [223].

In accordance with privacy by design principles, the adoption of data minimization and purpose limitation is vital for ensuring responsible data governance in DTs-enabled EVCS. These principles require that only data necessary for fundamental system operations, such as routing, billing, or charging optimization, be collected and processed [53]. For instance, real-time location data essential for operational efficiency can be anonymized following initial processing to reduce the risks associated with prolonged user tracking. Furthermore, it is imperative to establish well-defined data retention policies that impose temporal constraints on data storage and usage, in accordance with the GDPR’s accountability and proportionality requirements [224].

5.4. Cryptographic Protections and Access Control

The protection of sensitive data necessitates the implementation of robust encryption protocols and access control mechanisms.

Data in transit should be secured using TLS 1.3, which provides forward secrecy and minimizes handshake overhead [225], while data at rest must employ encryption standards such as AES-256. Implementing Role-Based Access Control (RBAC) is essential for regulating access to sensitive datasets. By assigning permissions according to predefined roles, RBAC effectively minimizes the risk of internal misuse [226,227]. Furthermore, advanced techniques for privacy-preserving computation are crucial, particularly within federated and decentralized DTs environments. Prominent methods include:

I.

k-Anonymity: Ensures that individual user records cannot be uniquely identified by aggregating datasets [228]. This method proves highly effective in concealing electric vehicle (EV) charging patterns for regional grid analysis.

II.

Homomorphic Encryption: Facilitates the processing of encrypted data without the need for decryption, thereby enabling secure cloud-based analytics while maintaining the confidentiality of the data [229].

III.

Secure Multi-Party Computation (SMPC): This process enables collaborative computation among various stakeholders, including utilities, regulators, and Original Equipment Manufacturers (OEMs), while ensuring that raw data inputs remain confidential [230].

These strategies facilitate the continued functionality of DTs systems while effectively minimizing the potential for unauthorized access or inference attacks.

5.5. Risk Assessment and Continuous Monitoring

To ensure privacy and security throughout the digital transformation lifecycle, it is imperative to conduct Privacy Impact Assessments (PIAs) on a regular basis [231]. These assessments, in accordance with the accountability principle of the GDPR and the ISO/IEC 27701 standard for Privacy Information Management Systems (PIMS), are designed to identify, evaluate, and mitigate privacy risks in dynamic system configurations [232].

Moreover, continuous cybersecurity monitoring, as delineated in NIST IR 8356, is crucial for identifying vulnerabilities such as unauthorized access attempts, malware intrusions, or anomalous data behavior [233]. To ensure the long-term sustainability and scalability of DTs-enabled electric vehicle charging systems, a comprehensive, multi-faceted strategy is necessary, integrating legal, technical, and ethical dimensions. Adherence to international standards such as ISO 15118, OCPP 2.0.1, IEEE 2030.5, and NIST IR 8356 are essential for facilitating interoperability, secure communication, and maintaining system integrity.

In conjunction with compliance with GDPR, CCPA, and NIS2 regulations, these technical safeguards establish a robust framework for ensuring user privacy and data protection. By integrating privacy by design principles, employing advanced cryptographic techniques, and implementing comprehensive risk governance mechanisms, stakeholders can enhance trust, achieve regulatory compliance, and advance technological maturity within the evolving context of DTs-enabled electric vehicle charging infrastructure.

5.6. Financial Feasibility of Digital Twin Implementation

The incorporation of DTs technology into EVCS, particularly within 5G/6G-enabled smart mobility networks, presents significant potential for advancing cybersecurity. By facilitating real-time system monitoring, predictive diagnostics, and automated threat response, DTs offer a proactive defense mechanism against a broad range of cyber–physical threats [234]. The capabilities are further enhanced by the low-latency and high-throughput communication features of next-generation wireless networks, such as Ultra-Reliable Low Latency Communications (URLLC) and MEC within the framework of 5G/6G standards [235].

Nevertheless, the integration of DTs architecture within EVCS ecosystems presents a variety of cost-related complexities that require thorough assessment. These costs encompass several technological layers as discussed below:

I.

The physical layer encompasses investments in instrumentation, embedded control modules, edge computing devices, and HIL simulation units.

II.

The data layer includes investments in gateways that comply with protocols such as OCPP 2.0.1 and ISO 15118, secure communication interfaces, and high-bandwidth network subscriptions.

III.

The modeling and control layer demands the integration of real-time simulation platforms, such as MATLAB/Simulink or RSCAD, alongside system optimization engines to refine performance tuning.

IV.

The implementation of the AI layer entails substantial expenses associated with the development of data pipelines, the training of models, the orchestration of federated learning, and the continuous monitoring for model drift and bias.

Each layer greatly affects the total Capital Expenditure (CAPEX) and Operational Expenditure (OPEX) of the DTs-enhanced EVCS setup. These financial factors are very important in large city projects, where growth, compatibility, and following global standards must be balanced with budget limits. So, while adding digital technologies improves strength, automation, and risk control, it also requires careful cost planning to keep it economically sustainable in the long run.

To assess the economic viability of DTS-based cybersecurity solutions for EVCS, a cost–benefit analysis compared to conventional approaches is crucial. Conventional EVCS cybersecurity, utilizing firewalls, intrusion detection systems, and periodic updates, requires lower initial CAPEX of $10,000–$50,000 per site and OPEX of $5000–$15,000 annually for maintenance and monitoring [236]. However, their reactive nature leads to significant indirect costs from cyber incidents, such as data breaches costing around $200,000–$1 million per incident or service disruptions affecting grid stability and user trust [237,238]. In contrast, DTs-based solutions demand higher CAPEX, ranging from $30,000–$600,000 per site, including sensors costing approximately $50–$765 [238], edge computing devices ranging $120–$249 [239], HIL platforms costing $20,000–$500,000 [240,241,242], and network subscriptions estimated at $5000–$50,000 [243]. The modeling and AI layers further elevate costs, with total CAPEX for a mid-sized urban deployment covering 10–50 chargers reaching $200,000–$1.5 million and OPEX of $50,000–$150,000 annually for cloud services, AI retraining, and personnel [244,245,246,247].

Despite higher costs, DTs offer substantial benefits through enhanced security and efficiency. Real-time anomaly detection and predictive diagnostics reduce successful attacks by 60–80%, avoiding losses of $120,000–$800,000 per incident and cutting downtime costs by 10–20% costing $10,000–$50,000 per hour for large networks [248,249,250]. DTs also save 5–15% on electricity costs $10,000–$30,000 annually per high-traffic site, achieving ROI within 3–5 years for a 50-charger network, compared to 5–7 years for conventional systems [251]. While conventional approaches struggle with scalability in 5G/6G environments and zero-day threats, DTs provide modular scalability and automated responses, reducing labor costs by 20–30% value at $15,000–$25,000 per site [252]. Although small-scale or rural deployments may find DTs costs prohibitive, phased adoption and policy incentives like grants could offset CAPEX and enhance user trust and regulatory compliance while accelerating secure EVCS deployment.

5.7. Physical Layer Costs

At the physical layer, the architecture of EVCS is dependent on a range of hardware components essential for real-time monitoring and control.

These components include voltage and current sensors, thermal monitoring devices, and embedded control modules, which are typically integrated into the EVCS.

The cost of instrumentation per EVCS unit varies considerably, ranging from approximately $50 to $765, contingent upon the complexity and precision of the sensing technologies employed [253]. In addition to sensing hardware, edge computing platforms such as the NVIDIA Jetson and Raspberry Pi are commonly employed to enable local data processing. These devices are priced at approximately $249 and $120, respectively, with the price differences reflecting variations in computational capabilities and memory configurations [254,255]. Furthermore, for the advanced testing and real-time validation of EVCS operations, HIL simulation systems, including platforms such as Opal-RT and Typhoon HIL, are essential. These systems facilitate high-fidelity simulation environments and are available at a wide price range of $20,000 to $500,000, contingent upon system specifications, scalability, and the degree of Multiphysics integration required [241,256].

5.8. Data Layer Costs

At the data layer, DTs-enabled EVCSs depend on effective telemetry management, which is facilitated by standard communication protocols such as the Controller Area Network (CAN), OCPP 2.0.1, and ISO 15118. These protocols ensure secure, real-time data exchange between the EVCS, backend servers, and grid management systems [53]. To ensure protocol interoperability and maintain data integrity, specialized communication gateways are implemented at the charger level. The unit costs of these gateways range from approximately $164.70 to $1190, contingent upon factors such as processing capacity, embedded encryption features, and compatibility with multi-protocol operations [257]. As EVCS networks progress towards enhanced scalability and responsiveness, the connectivity infrastructure emerges as a fundamental aspect of performance. The incorporation of 5G/6G technologies, particularly those utilizing URLLC and MEC, significantly improves communication latency and throughput, thereby facilitating time-sensitive telemetry and security operations [235].

5.9. Modeling and Simulation Layer Costs

At the modeling layer, real-time simulations are performed to mimic the dynamic behavior of EVCS under various operating conditions. This capability is essential for virtual commissioning, control logic validation, and testing cyber–physical resilience. Industry-standard simulation environments like MATLAB/Simulink and RSCAD are frequently used for these purposes. MATLAB/Simulink provides a wide array of toolboxes specifically designed for power systems and embedded control, with commercial licenses typically costing between $5000 and $15,000 per seat, depending on the configuration and toolbox selection [169].

RSCAD, designed specifically for integration with Real-Time Digital Simulator (RTDS) hardware, facilitates high-fidelity electromagnetic transient simulations in real-time settings. When bundled with RTDS hardware, the licensing costs for RSCAD typically range from $25,000 to over $500,000. These costs vary based on the size of the simulation rack, the number of nodes, and the inclusion of advanced modules like GTNET and GTFPGA for communication and hardware interfacing [258].

While Python-based frameworks such as OpenModelica, SimPy, or custom-built co-simulation environments offer the advantage of open-source flexibility, they generally necessitate substantial customization and development time. This requirement often leads to increased personnel costs and prolonged integration cycles [259].

Furthermore, the utilization of cloud-based GPU resources for AI-enhanced simulations or federated modeling incur operational costs ranging from $0.35 to $2.48 per hour.

These expenses are contingent upon computational requirements, the complexity of the simulations, storage needs, and the necessity for continuous uptime [260]. Notwithstanding the associated cost implications, the modeling layer confers significant strategic advantages. By facilitating high-fidelity simulations within controlled digital environments, organizations can mitigate commissioning risks, substitute costly field testing with virtual validation, and expedite deployment timelines while ensuring adherence to safety and performance standards [130].

5.10. AI and Analytics Layer Costs

In the context of AI, DTs-enabled EVCSs employ advanced computational models to enhance predictive analytics, detect anomalies, and optimize adaptive control strategies. This layer plays a pivotal role in enabling proactive system diagnostics and the early identification of threats, both of which are crucial for maintaining the performance and security of modern smart mobility infrastructure [261]. The initial capital investment required for the implementation of artificial intelligence capabilities encompasses the establishment of robust data pipelines. This process typically incurs costs ranging from $100,000 to $300,000, which include data ingestion, cleaning, labeling, and integration across diverse sources [262].

In the implementation of federated learning architectures and reinforcement learning agents, particularly within decentralized environments that emphasize edge privacy and control coordination, additional costs ranging from $50,000 to $100,000 are frequently incurred [262]. Operational expenditures are sustained throughout the lifecycle of AI models, particularly concerning model retraining, bias mitigation, and drift detection. These activities are crucial for ensuring model accuracy, fairness, and adherence to regulatory standards in dynamic environments [263]. Despite the considerable costs associated with setup and maintenance, the implementation of an AI layer yields substantial improvements in operational efficiency.

This results in quantifiable labor savings and enhanced resilience for operators of smart cities and managers of electric vehicle fleets [264]. Financial feasibility, evaluated through CAPEX, OPEX, and ROI, indicates that while the initial investments are substantial, the long-term economic and security advantages substantiate the integration. Ultimately, a strategic, standards-aligned implementation of DTs in EVCS ensures a scalable, secure, and economically viable infrastructure for the future of electric mobility. To contextualize the implementation challenges and opportunities associated with DTs in EVCS, it is imperative to examine the intersection of technical standards, data privacy regulations, and financial considerations. Table 8 presents a synthesized review of the key aspects influencing the adoption and scalability of DTs-enabled EVCS, highlighting the relevant regulatory frameworks, implementation challenges, and recommended mitigation strategies.

Table 8. Review of Standards, Privacy, and Financial Feasibility for DTs-Enabled EVCS.

Aspect	Key Points	Standards/Regulations	Challenges	Solutions/Recommendations	References
Compliance with Technical Standards	Adherence ensures interoperability, security, scalability. ISO 15118 supports V2G with TLS, digital certificates. OCPP 2.0.1 enhances charger-backend security with TLS 1.3. IEEE 2030.5 enables secure DER data sharing. NIST IR 8356 provides a risk-based cybersecurity framework.	ISO 15118, OCPP 2.0.1, IEEE 2030.5, NIST IR 8356	Interoperability issues, security vulnerabilities, regulatory sanctions.	Adhere to standards, use mutual authentication, encryption, continuous monitoring, threat modeling.	[29,210,211,265,266]
Privacy and Data Protection	DTs handle sensitive data (location, SoC, billing). GDPR, CCPA, NIS2 ensure user rights, infrastructure security. Transnational data flows require multi-jurisdictional compliance.	GDPR, CCPA, NIS2	Complex regulatory compliance, underdeveloped regulations in emerging markets.	Use anticipatory compliance, user-centric consent, data minimization, anonymization.	[223,267,268]
Financial Feasibility	DT integration enhances cybersecurity but incurs high CAPEX/OPEX across physical, data, modeling, AI layers. Long-term ROI via efficiency and security gains. Energy consumption and environmental impact pose sustainability challenges.	Not applicable	High initial/operational costs, balancing scalability and budgets, balancing scalability with budgets and energy efficiency with performance	Plan costs strategically, leverage 5G/6G for low-latency, use open-source tools, prioritize renewable energy and energy-efficient hardware.	[269,270,271]

5.11. Energy Consumption and Environmental Impact

The deployment of DT systems in EVCS introduces significant energy consumption considerations due to the computational and communication demands of maintaining real-time synchronization between physical and digital components. Frequent edge–cloud synchronization, enabled by 5G/6G networks, requires substantial data transmission and processing, which can consume considerable energy [272]. Edge computing platforms, such as NVIDIA Jetson or Raspberry Pi, used for local data processing, typically draw 5–20 watts per unit, depending on workload and configuration [200]. Cloud-based servers, often employed for complex simulations and AI model training, can consume hundreds of watts per server, with large-scale data centers potentially requiring megawatts of power for continuous operation [273].

The high-frequency data exchanges in 5G/6G environments, particularly with Ultra-Reliable Low Latency Communications (URLLC), further amplify energy usage due to the power demands of high-speed, low-latency network infrastructure [274]. This energy consumption directly impacts the environmental footprint of DTs-enabled EVCS, particularly in regions that are reliant on fossil fuel-based energy sources. The carbon emissions associated with powering edge devices, cloud servers, and network infrastructure can undermine the sustainability goals of smart mobility systems, which aim to reduce greenhouse gas emissions through EV adoption.

For instance, a typical cloud data center can emit approximately 0.4–0.6 kg of CO₂ per kWh of electricity consumed, depending on the energy mix [274,275]. In urban environments with dense EVCS deployments, the cumulative energy demand of DT systems can be substantial, potentially offsetting the environmental benefits of EVs if not powered by renewable energy sources [276,277]. To mitigate these impacts, energy-efficient strategies must be integrated into DTS implementations.

Utilizing renewable energy sources, such as solar or wind power, for edge and cloud computing operations can significantly reduce carbon emissions [278].

Energy-efficient hardware, such as low-power edge devices and optimized server architectures, can further minimize energy consumption [279]. Adaptive synchronization protocols that dynamically adjust data exchange frequency based on operational needs can reduce unnecessary energy usage while maintaining system performance [280]. Additionally, leveraging open-source simulation frameworks like OpenModelica can lower computational demands compared to resource-intensive commercial platforms like MATLAB/Simulink, provided they meet performance requirements [281]. These measures are critical to aligning DTs-enabled EVCS with the environmental objectives of sustainable mobility, ensuring that cybersecurity enhancements do not come at the expense of increased carbon footprints.

6. Research Gaps and Future Directions

This review identifies significant research gaps across technical, operational, and governance dimensions. The identified gaps span multiple interconnected domains, each presenting distinct challenges that must be addressed to fully exploit DTs-enabled EVCS cybersecurity.

These gaps highlight fundamental limitations in current methodologies and emphasize areas where innovative research is essential for effective deployment.

6.1. Research Gaps

6.1.1. Security and Trust Deficiencies

Critical security vulnerability persists in the protection of DT systems throughout their operational lifecycle. Current research inadequately addresses vulnerabilities that span the phases of model development, deployment, runtime operation, and decommissioning, thereby leaving EVCS susceptible to sophisticated supply chain attacks, model poisoning during development, and unauthorized modifications during deployment. The absence of comprehensive security frameworks specifically tailored for DTs architecture creates significant exposure points that adversaries can exploit to compromise the entire security posture of EVCS infrastructure. Notably, existing research overlooks a fundamental vulnerability inherent in DTs-based security systems. The DTs themselves represent high-value attack targets that can be compromised to undermine the entire security architecture. This situation creates what is termed the “guardian paradox,” wherein the security monitoring and protection system becomes the primary attack vector for sophisticated adversaries.

Attackers can compromise DTs’ integrity to provide false security assessments, manipulate DTs outputs to mask ongoing physical attacks, exploit DTs privileges for unauthorized access to critical systems, or launch denial-of-service attacks against the DTs infrastructure itself. The compromise of DTs systems poses significant risks, as it can grant attackers legitimate credentials and trusted access to critical infrastructure while simultaneously obscuring ongoing attacks from operators. The integration of DTs with V2G, Vehicle-to-Everything (V2X), and smart grid systems results in complex interdependencies that substantially increase the cyber–physical attack surface. Current threat modeling methodologies inadequately address the cascading vulnerabilities that emerge from these cross-domain interactions, particularly in scenarios involving coordinated multi-vector attacks that exploit the trusted relationships between systems.

The interconnected nature of these systems implies that a compromise in one domain can swiftly propagate across others, potentially causing extensive disruption to both transportation and energy infrastructure.

Furthermore, the forthcoming quantum computing revolution presents long-term cryptographic challenges that current DTs implementations are ill-equipped to manage. The cryptographic foundations underpinning DTs security architectures face obsolescence as quantum computing capabilities progress, yet research lacks practical implementations of post-quantum cryptographic algorithms that are optimized for the resource-constrained nature of EVCS devices while maintaining the real-time performance requirements essential for effective DTs operations.

6.1.2. AI and Machine Learning Limitations

AI-driven IoDT systems encounter substantial challenges in differentiating between legitimate operational evolution and adversarial manipulation. As EVCS environments naturally evolve over time, the AI models that power DTs systems experience model drift, which can diminish their efficacy in threat detection and system optimization. Current drift detection mechanisms lack the sophistication required to manage the highly dynamic nature of 5G/6G network traffic patterns while concurrently identifying subtle adversarial manipulations intended to gradually degrade system performance.

This challenge is particularly pronounced in environments where attackers may employ sophisticated techniques to incrementally introduce model drift, rendering detection extremely difficult using conventional approaches. Federated learning, while offering promising capabilities for collaborative threat intelligence sharing across distributed IoDTs networks, introduces significant security vulnerabilities that current research has not adequately addressed. Existing federated learning approaches are vulnerable to model poisoning attacks, where malicious participants can corrupt the global model, inference attacks that can extract sensitive information from model updates, and data leakage that can compromise privacy. The safety-critical nature of EVCS environments necessitates robust privacy-preserving federated learning frameworks that can maintain security effectiveness while enabling beneficial collaboration among DTs operators.

The opacity of many AI models employed in DT systems creates additional challenges for security analysis and regulatory compliance. The black-box nature of deep learning models complicates the ability of security analysts to understand decision-making processes, validate security responses, and provide the transparency required for regulatory compliance in critical infrastructure applications. Research in explainable AI techniques specifically tailored for DTs security applications remains insufficient, particularly for approaches that can provide interpretable insights without compromising the effectiveness of security mechanisms.

6.1.3. Standards and Interoperability Deficiencies

Current cybersecurity standards, such as ISO 15118, OCPP 2.0.1, and NIST IR 8356, were formulated without consideration of DTs architecture, resulting in substantial deficiencies in authentication, authorization, and data integrity requirements specific to DT deployments within EVCS environments. These shortcomings in the standards leave organizations without explicit guidance for implementing DTs security controls, achieving regulatory compliance, and ensuring interoperability across various vendor implementations.

The lack of DTs-specific security standards generates uncertainty in the marketplace and hinders the development of consistent security practices across the industry. The diverse nature of EVCS vendor ecosystems, coupled with their proprietary DTs implementations, presents significant interoperability challenges that compromise the efficacy of coordinated security responses.

In the absence of standardized APIs, data formats, and communication protocols for seamless DT integration across various vendor platforms, the scalability and effectiveness of DT-enabled security solutions are markedly constrained.

This lack of interoperability hinders the realization of comprehensive threat intelligence sharing and coordinated incident response capabilities, which are crucial for safeguarding large-scale EVCS deployments.

6.1.4. Privacy and Governance Challenges

Existing privacy-preserving techniques, despite their theoretical robustness, introduce computational overhead that restricts their practical application in real-time IoDTs operations. Techniques such as homomorphic encryption and secure multi-party computation demand significant computational resources, which may not be accessible in edge computing environments where numerous DTs functions must be executed. There is a notable gap in research concerning lightweight privacy-preserving algorithms that are specifically optimized for the resource constraints and performance demands of edge-deployed DTs systems, while also ensuring compliance with evolving privacy regulations, including GDPR, CCPA, and emerging frameworks.

Current consent management frameworks are inadequate for the dynamic and continuous data collection requirements inherent in DTs system operations. Users necessitate granular control over the utilization of their data within DTs systems; however, existing frameworks fail to accommodate the real-time decision-making requirements and adaptive data usage patterns that are characteristic of effective DTs implementations. The development of adaptive consent mechanisms that provide users with meaningful control while maintaining system functionality represents a significant research challenge that must be addressed to facilitate widespread adoption of DT.

6.1.5. Economic and Implementation Barriers

While the technical advantages of IoDTs enabled EVCS cybersecurity are increasingly apparent, there remains a lack of comprehensive cost–benefit analysis frameworks that sufficiently consider capital expenditures, operational expenses, and the value of risk mitigation. This analytical deficiency hinders informed decision-making by infrastructure operators and policymakers, who require clear economic justification for investments in DTs.

The complexity involved in quantifying security benefits, particularly in terms of avoided losses and enhanced operational efficiency, poses challenges in constructing persuasive business cases for DTs adoption. Current research notably lacks systematic methodologies for phased DTs deployment, which would allow organizations to incrementally adopt capabilities while managing costs and operational risks. Organizations require clear implementation of roadmaps that facilitate a gradual transition from traditional security approaches to DTs-enabled systems, without compromising operational continuity or introducing unacceptable risks during transition periods.

6.1.6. Technical Limitations of Digital Twins

DTs significantly bolster the cybersecurity of EVCS but are limited by technical challenges. Synchronization delays, often due to 5G/6G network latency or resource-constrained edge devices, can impede real-time threat detection, especially in dense urban areas with numerous charging stations where millisecond-scale delays may miss critical security events. Model drift, caused by hardware degradation or shifting grid dynamics, further undermines the DTs ability to detect subtle cyberattacks without continuous recalibration. Resource-limited edge devices struggle to support real-time modeling and AI-driven threat detection, forcing trade-offs between security and computational efficiency, while data update delays from intermittent connectivity or overloaded cloud infrastructure create vulnerabilities that attackers can exploit.

These limitations introduce new attack surfaces, making DTs both an asset and a potential liability. Application Programming Interface (API) hijacking can compromise data exchanges between DTs, EVCS, or backend systems, potentially disrupting charging operations or grid stability, especially if protocols like OCPP 2.0.1 lack robust authentication. Data poisoning, where attackers manipulate inputs like voltage or battery metrics, can mislead DTs into misinterpreting system states, risking grid instability by mimicking demand surges. Model spoofing, a more severe threat, allows attackers to manipulate DTs logic to conceal malicious activities like firmware tampering. To counter these risks, robust API encryption, continuous authentication, advanced anomaly detection using time-series analysis and unsupervised learning, blockchain-based model versioning, and low-latency protocols with lightweight AI are essential to ensure DTs enhance EVCS cybersecurity effectively.

6.2. Future Research Directions

Addressing the identified research gaps requires a systematic approach that prioritizes foundational security mechanisms while building toward comprehensive, scalable solutions. The proposed research directions are organized to address immediate security concerns while establishing the technical foundations necessary for long-term success.

6.2.1. Scalable and Resilient DTs Architectures

Future research endeavors should prioritize the creation of adaptive synchronization protocols that harness the potential of emerging 6G technologies, including Terahertz communication and integrated sensing. These protocols should enable dynamic fidelity adjustments by assessing system criticality and threat levels in real-time. It is essential for these protocols to incorporate context-aware algorithms that can respond to varying network conditions and security requirements, as well as hierarchical synchronization strategies tailored for multi-tier EVCS deployments. Establishing Quality-of-Service frameworks to prioritize essential DTs synchronization tasks based on operational needs is also crucial. Energy-efficient synchronization techniques are particularly vital for battery-limited edge devices participating in DTs networks.

Another significant research direction involves distributed DTs orchestration, which requires the development of coordination frameworks to manage multiple DTs across expansive EVCS networks. Blockchain-based consensus mechanisms offer promising solutions for managing DTS state and ensuring integrity, while hierarchical control architectures can provide centralized oversight with decentralized execution. Additionally, there is a need for advanced load balancing and resource allocation algorithms specifically designed for distributed DTs workloads, along with robust fault tolerance and recovery mechanisms to address DTs network failures and partitioning scenarios without compromising security.

6.2.2. Advanced Security and Trust Mechanisms

The protection of DTs against targeted attacks requires dedicated research into comprehensive integrity assurance frameworks that can detect, prevent, and respond to attacks against the DTs infrastructure itself. It is imperative to develop multi-layered DTs health monitoring and integrity verification systems to continuously evaluate the trustworthiness of DTs.

Concurrently, backup and recovery mechanisms should be established to facilitate the swift restoration of compromised DTs instances, thereby minimizing service disruptions. Strategies for DTS isolation and containment are crucial to prevent lateral movement from compromised twins to other system components.

Additionally, multi-IoDTs validation mechanisms can offer consensus-based verification for critical security decisions. The need for attack attribution and forensic capabilities specifically tailored to DTs-targeted incidents is an emerging area of research, as traditional forensic methods may prove inadequate for analyzing attacks on DT infrastructure.

The deployment of honeypot DTs implementations can yield valuable intelligence regarding attacker techniques and intentions, while also serving as early warning systems for sophisticated attacks on production DTs infrastructure. Zero-trust security architecture specifically designed for digital DTs-enabled EVCS environments must integrate continuous authentication and authorization mechanisms for all DTs components and users. Furthermore, they should employ behavioral analytics for real-time DTS integrity verification and anomaly detection, as well as micro-segmentation strategies to isolate critical DTs functions and data flows.

Dynamic trust scoring mechanisms, based on DTs performance metrics, security assessments, and threat intelligence, can facilitate adaptive security posture management that automatically responds to evolving threat conditions. Immediate research attention is required for quantum-resistant security implementations to prepare DTs systems for the post-quantum era.

It is imperative to develop lightweight lattice-based and hash-based cryptographic algorithms optimized specifically for DTs operations, alongside hybrid classical-quantum approaches that ensure security during transition periods. The integration of quantum key distribution with emerging 6G sensing capabilities presents promising avenues for achieving quantum-safe communications, while performance benchmarking of post-quantum algorithms in real-time DTs operations will be crucial for practical deployment decisions.

6.2.3. Intelligent AI and Machine Learning Systems

Self-adaptive DTs intelligence systems, which are capable of continuous learning and adaptation while ensuring security, represent a significant research frontier. Advanced drift detection algorithms that integrate time-series analysis with unsupervised learning methodologies can effectively differentiate between legitimate operational evolution and adversarial manipulation. Concurrently, self-healing mechanisms facilitate automatic model recalibration and optimization without the need for human intervention. The development of adversarial training techniques specifically tailored for robust anomaly detection under attack conditions is imperative, alongside multi-modal learning approaches that can synthesize diverse EVCS data sources for comprehensive threat detection. Continual learning frameworks that adapt to evolving threat landscapes without succumbing to catastrophic forgetting of previously learned threats constitute a critical research challenge.

These systems must sustain their effectiveness against known threats while continuously updating their capabilities to address emerging attack vectors and novel threat patterns. Secure federated learning networks necessitate advanced privacy-preserving mechanisms that enable collaborative learning while safeguarding against sophisticated attacks. Differential privacy mechanisms with quantified privacy guarantees must be developed for federated model training, while secure aggregation protocols resistant to model poisoning and inference attacks are essential for maintaining the integrity of collaborative learning processes.

Cross-validation frameworks for distributed threat intelligence sharing can facilitate beneficial cooperation among DTs operators, while Byzantine fault-tolerant federated learning algorithms provide resilience against adversarial participants within the learning network.

6.2.4. Standardization and Interoperability Frameworks

The formulation of DTs-native security standards tailored for EVCS applications constitutes a critical research imperative. It is essential to establish authentication and authorization protocols for the comprehensive management of the DTs lifecycle, alongside standardized mechanisms for data integrity and provenance verification that can monitor DTs model and data lineage throughout the system lifecycle. Standardized APIs for secure DTs interoperability across various vendors and platforms are crucial for facilitating the ecosystem-wide collaboration necessary for effective cybersecurity.

Concrete priorities include developing standardized DT testbeds for EVCS, such as cyber–physical platforms integrating OCPP/ISO 15118 with HIL simulations to replicate 5G/6G threats, enabling reproducible benchmarking of resilience metrics like MTTR under FDIA scenarios. Resilience benchmarking frameworks should quantify DT performance in V2G contexts via multi-physics models assessing grid stability under cascading attacks, targeting 90%+ recovery rates. For cross-border deployments, data-sharing frameworks compliant with GDPR/NIS2 must incorporate federated DT learning to secure energy flow data across EU grids, mitigating sovereignty risks in renewable integration.

Furthermore, compliance frameworks for multi-jurisdictional DTS deployments must address the intricate regulatory landscape governing the protection of critical infrastructure. Research into cross-domain integration protocols is required to develop secure mechanisms for DTs interaction across V2G, V2X, and smart grid ecosystems. Network slicing strategies can isolate critical EVCS functions while enabling essential cross-domain interactions, and grid-aware security protocols must ensure system stability during cyber incidents. Interoperable threat intelligence sharing frameworks across domain boundaries can enhance overall security effectiveness, while coordinated incident response protocols for cross-domain attacks ensure a rapid and effective response to sophisticated threats that span multiple infrastructure domains.

6.2.5. Privacy by Design and Regulatory Alignment

Lightweight privacy preservation techniques optimized for real-time DTs operations necessitate focused scholarly investigation. It is imperative to develop edge-optimized homomorphic encryption algorithms that minimize computational overhead; alongside secure multi-party computation protocols specifically designed for distributed DTS analytics. Privacy-preserving synthetic data generation techniques can facilitate DTs training and testing without compromising sensitive information, while dynamic anonymization approaches for continuous data streams must accommodate varying sensitivity levels and regulatory requirements.

Adaptive governance frameworks, capable of managing the complex regulatory landscape surrounding DTs deployments, must incorporate dynamic consent management systems that provide real-time user control and transparency. Automated compliance monitoring and reporting mechanisms can alleviate administrative burdens while ensuring adherence to regulatory requirements across multiple jurisdictions. Cross-jurisdictional data governance frameworks are particularly crucial for international EVCS networks that must comply with diverse privacy and security regulations.

6.2.6. Practical Implementation and Validation

Comprehensive pilot deployment studies are crucial for validating DTs frameworks in real-world environments and demonstrating their practical efficacy. Large-scale urban EVCS testbeds, encompassing thousands of charging stations across diverse operational conditions, can yield valuable insights into scalability limitations and performance characteristics. Longitudinal studies evaluating DTs performance under varying threat scenarios and system loads are essential for understanding long-term reliability and effectiveness. Establishing industry-academia collaboration ecosystems is imperative to expedite the transition from research to practical deployment.

The joint development of open-source DTs platforms for EVCS cybersecurity can provide common foundations for innovation, while standardized benchmarking frameworks enable objective comparison of different DTs security solutions. Knowledge transfer programs can accelerate DTs adoption in industry, while public–private partnerships provide the resources necessary for large-scale DTs infrastructure development.

7. Conclusions

This review examines the integration of DTs technology with 5G/6G networks to enhance cybersecurity in EVCS. It underscores DTs as a robust defense mechanism within cyber–physical systems. Key points include the following:

I.

DTs enhance security through real-time monitoring, predictive diagnostics, and threat mitigation, yet they remain susceptible to manipulation, necessitating robust integrity assurance, secure model versioning, and trust frameworks.

II.

Features such as Ultra-Reliable Low-Latency Communications (URLLC), Multi-access Edge Computing (MEC), and network slicing facilitate scalable DTs architecture; however, challenges persist in distributed computing, synchronization, and security across large-scale EVCS.

III.

AI-driven anomaly detection, blockchain-based trust, and quantum-resistant encryption demonstrate potential but are insufficient in real-world EVCS settings.

IV.

The lack of standardization, AI model drift, DTs lifecycle management, economic feasibility, and compliance with privacy regulations present significant obstacles, necessitating interdisciplinary research and DTs-native security protocols.

V.

Clear cost–benefit models and return on investment (ROI) are essential to incentivize infrastructure operators to adopt DTs-based cybersecurity solutions.

VI.

Privacy-by-design, user consent mechanisms, and legal harmonization are critical for compliance, trust, and sustainability, particularly as Vehicle-to-Grid (V2G), Vehicle-to-Home (V2H), and Vehicle-to-Everything (V2X) technologies increase cyber risks.

The integration of DTs technology significantly enhances EVCS cybersecurity, but its energy consumption and environmental impact must be carefully managed to align with the sustainability goals of smart mobility. By prioritizing renewable energy sources, energy-efficient hardware, and adaptive synchronization protocols, DTs-enabled EVCS can achieve robust security without compromising environmental objectives. The review concludes that fully developed and responsibly deployed DTs technology is crucial for a secure, intelligent, and resilient EVCS ecosystem, requiring urgent collaboration among academia, industry, and policymakers. Addressing concrete challenges, including the development of open-source DT testbeds for scalable EVCS validation, the establishment of resilience benchmarks for V2G systems under zero-day threats, and the creation of harmonized cross-border frameworks for secure data flows, will accelerate the realization of resilient and interoperable infrastructure networks.