Security of Electric Vehicle Charging Stations
Background
The U.S. Postal Service operates one of the largest civilian delivery fleets in the world, with more than 232,000 vehicles delivering to nearly 169 million addresses across the country. As part of its 10-year strategic plan, it is modernizing its 30-year-old fleet to a mix of internal combustion engine (gas) and electric vehicles (EV). To support this effort, the Postal Service contracted with three vendors in February 2023 to purchase 14,050 EV charging stations and commissioned 3,925 charging stations as of March 2025. The overall security and functionality of EV charging stations is critical to ensure the Postal Service’s EVs are available to deliver mail.
What We Did
Our objective was to assess the security of the Postal Service’s EV charging stations. We contracted with a provider to evaluate the technical, communication, and data security controls of one charging station from each of the three vendors. We also conducted site visits to three Sorting and Delivery Centers to review physical security for safeguarding EV charging stations and evaluated policies and best practices for contingency planning.
What We Found
The charging stations had security risks that could disrupt EV charging or allow unauthorized charging sessions. In addition, security cameras at the selected sites we visited were either not 1) installed; 2) accessible to management; or 3) monitoring the charging stations. Finally, there were inadequate contingency plans for charging stations to charge EVs during prolonged power outages or charging station functionality issues.
Recommendations and Management’s Comments
We made seven recommendations to address the issues related to charging station vulnerabilities, physical security, and contingency planning identified in the report. Postal Service management agreed with four recommendations and disagreed with three. Management’s comments and our evaluation are at the end of each finding and recommendation. The U.S. Postal Service Office of Inspector General (OIG) considers management’s comments nonresponsive to recommendations 1, 2, and 3 and will work with management through the formal audit resolution process. The OIG considers management’s comments responsive to recommendations 4, 5, 6, and 7, as corrective actions should resolve the issues identified in the report.