Malware pose a significant threat to the power grid and the connected electric vehicle infrastructure. Penetration and propagation of cyber attacks including worms and viruses vary depending on the nature of the connected systems. Electric vehicles (EVs) being the mobile portion of the smart grid may easily spread worms and viruses in a large geographic area. We propose a probabilistic model for the worm propagation in EV to Electric Vehicle Supply Equipment (EVSE) networks, formulate threat levels and then, we propose a Mixed Integer Linear Programming (MILP) model as a protection scheme that relies on isolating infected nodes. The threat levels are used to determine temporarily isolated EVSEs in order to avoid malware propagation. isolated. Worm propagation depends on contact duration and next connection time. Similar to other networks, patches to fix bugs that cause malware propagation are released with certain delay. The aim of our protection scheme is to develop a response model that finds an optimal isolation solution for the infected nodes until the patches are released.