how to Improve standards and protocols of charging infrastructure?

Providers of EV charging and energy management solutions are protected by adhering to industry agreements and standards established by global coalitions such as the Open Charging Alliance (OCA) and the International Organization for Standardization (ISO). Not only that, EV charging post manufacturers and their sub-suppliers, car manufacturers and utilities also need to be involved.

The key to network security lies in open charging point protocol (OCPP). The latest version of the protocol, which governs communication between charging stations and the central management system, includes standards such as secure connection Settings, security events and logging, and security firmware updates.

Another initiative is ISO 27001, a comprehensive framework that covers specific legal, physical and technical control requirements for enterprise information security and risk management processes. Compliance will ensure that all relevant processes, procedures and tools are implemented and monitored to protect the tram charging platform.

The international standard ISO 15118.20 was updated in 2022 to strengthen the security requirements for duplex communication between charging stations and electrical workshops. The standard provides plug-and-play capabilities, uses security certificates to automatically identify EVs on charging posts and verify payment methods, and even manages the data exchange required for vehicle-to-grid (V2G) transmission of electricity stored in on-board batteries back to the grid.

Multi-layer protection based on IT security

The first step toward IT security best practices for EV charging ecosystem vendors is to restructure their organization: hire a Chief Information Security Officer (CISO). In the face of a large attack surface and the basic goal of protecting data from internal and external attacks, the CISO needs to work closely with the Chief Technology Officer (CTO) to coordinate IT security and trolley charging facility security.

IT security best practices such as X.509 Public key infrastructure (PKI), Transport Layer security (TLS), and security "tunnels" encrypt data transmitted over a network to protect communication and data exchange between cloud management software, EV charging points, EV, and the grid.

EV charging facilities providers should also be concerned about data privacy regulations involving personally identifiable information. Any organisation that transmits, processes or stores personally identifiable information should comply with the EU's General Data Protection Regulation (GDPR), Japan's Personal Information Protection Act (APPI), the US California Consumer Privacy Act (CCPA) and the new California Privacy Act (CPRA).

The Payment Card Industry Data Security Standard (PCI DSS) and SOC 1 Security standard provide security controls and measures to ensure that credit/debit card transaction activity is protected during transmission and storage. Specific controls include using tokens rather than readable data and storing only the last four digits of the credit card number. Smart security measures in billing management systems also help identify and prevent payment fraud.

The endpoint Detection and Response (EDR) system continuously monitors devices accessing the EV charging management platform, identifies intrusions and responds quickly, preventing cybercriminals from penetrating the network and moving across other components, such as management software, cars, and power grids.

In addition, annual facility and application penetration testing should be conducted and a solid resolution plan should be developed for potential vulnerabilities discovered.

Write at the end

Protecting EV charging facilities from cybercriminals should be the shared responsibility of all players in the ecosystem. Whether you are considering deploying EV charging points on your premises or as a key player in the ecosystem, safety must always be a priority.

There is an important consensus in the IT security industry that electric vehicle security will be a protracted battle. The greater the popularity of the trolley charging ecosystem, the greater the economic benefits and value attraction for cybercriminals. This is going to be a never-ending confrontation, and we have to react quickly to get ahead of malicious hackers and potential threats.

As a user, when IT cannot ensure the IT security of charging piles, it is better to use off-grid home energy storage facilities to charge electric vehicles, which can effectively reduce the potential threat brought by cyber crimes to users through electric vehicle charging piles.