A safe and sustainable energy network
Together, all charging stations in the Netherlands form a smart network to optimize the use of renewable energy and grid capacity. To make this possible, all the different elements must ‘communicate’ with each other and are connected to various ICT systems and back offices. It is important that these systems, the charging infrastructure and the network are well secured. Because a cyber attack on a large number of charging points at the same time can even result in a nationwide power outage, with unpleasant consequences. This is why cybersecurity is an important topic, not only for ElaadNL and the grid operators, but for society as a whole.
Smart charging infrastructure is becoming more and more extensive, so now is the time to get charging infrastructure cybersecurity right. This is not just about the charging point itself, but the entire chain. The charge point manufacturer must design a secure product with enough memory and processor capacity for future updates. The installer must check if a firmware update is needed and change default factory passwords. The service engineer must be authorized and the communication protocols, such as OCPP and OCPI, must be secure. But the security of charging via charge cards and apps, and the authorization of EV drivers – proof that you are who you say you are – must also be well managed. It also includes the security of the metering data on which Smart Charging is based; it is important that people do not have casual access to this information.
The charging infrastructure faces the challenge of being open and accessible to everyone, for all kinds of vehicles, software systems, charging protocols and apps, on the one hand, and secure from hackers, criminals and other malicious parties, on the other. You want to prevent people with malicious intentions from entering the network and, for example, trying to charge (or stop charging) cars en masse to disrupt the energy system, but you do want handy apps to make charging easier. How do we ensure security as well as ease of use? Who has to do what? What agreements must we make to achieve this? Who will check if the agreements are met?
This is all explained in the webinar we organized together with the European Network for Cyber Security (ENCS) on cybersecurity and charging stations:
Back in 2017, ElaadNL and the ENCS took the first steps and developed a (basic) set of cybersecurity requirements for charging stations. These requirements were updated in 2019 and are increasingly being used, especially for public charging stations. But they are still informal in nature; there is no legal requirement.
To really ensure the cybersecurity of eventually millions of charging points, formal requirements are needed. There needs to be an international standard, charge point manufacturers need to know where they can have their products tested and certified, and there needs to be a legal framework. Cybersecurity of charging infrastructure is so important that it can no longer be optional.
Within the NAL (the National Charging Infrastructure Agenda) a special working group is active that deals with cybersecurity. This working group aims to secure cybersecurity in international standards, in (European) laws and in organizations and cooperation. An example of this is the creation of an ISAC (Information Sharing and Analysis Centre); this is a partnership in which, for example, manufacturers can exchange information about cyber incidents in a trusted environment so that they can learn from each other without it affecting their competitive position.
In the coming years, hundreds of thousands of charging points will be installed and they will be in the field for a long time. Good cybersecurity is a prerequisite for ensuring our mobility as well as the stability of the power grid.
Stay abreast of the latest trends and developments in cyber security