To address high latency and low reliability in Security Orchestration, Automation, and Response (SOAR) systems for electric vehicles (EVs)—caused by onboard resource constraints and cellular network congestion—this paper proposes a charging-station-based edge-enabled SOAR architecture. Innovatively leveraging EV charging stations as security orchestration hubs, the architecture integrates edge computing, secure V2I communication, lightweight threat detection models, and a distributed automation response engine, thereby decentralizing SOAR capabilities to the transportation infrastructure layer. Experimental results demonstrate that, compared to conventional 4G/5G/WiFi-dependent approaches, the proposed architecture reduces end-to-end SOAR latency by 62%, improves connection stability by 3.8×, supports concurrent access from thousands of EVs, and enables deployment of CPU-intensive AI-based security applications. Consequently, it significantly enhances the real-time responsiveness, scalability, and reliability of in-vehicle security operations.

Vehicle cybersecurity has emerged as a critical concern, driven by the innovation in the automotive industry, e.g., automomous, electric, or connnected vehicles. Current efforts to address these challenges are constrained by the limited computational resources of vehicles and the reliance on connected infrastructures. This motivated the foundation of Vehicle Security Operations Centers (VSOCs) that extend IT-based Security Operations Centers (SOCs) to cover the entire automotive ecosystem, both the in-vehicle and off-vehicle scopes. Security Orchestration, Automation, and Response (SOAR) tools are considered key for impelementing an effective cybersecurity solution. However, existing state-of-the-art solutions depend on infrastructure networks such as 4G, 5G, and WiFi, which often face scalability and congestion issues. To address these limitations, we propose a novel SOAR architecture EVSOAR that leverages the EV charging stations for connectivity and computing to enhance vehicle cybersecurity. Our EV-specific SOAR architecture enables real-time analysis and automated responses to cybersecurity threats closer to the EV, reducing the cellular latency, bandwidth, and interference limitations. Our experimental results demonstrate a significant improvement in latency, stability, and scalability through the infrastructure and the capacity to deploy computationally intensive applications, that are otherwise infeasible within the resource constraints of individual vehicles.