A safe and sustainable energy network
All charging stations in the Netherlands together form a smart network to optimally deploy the use of renewable energy and the grid capacity. To make this possible, all the different elements have to ‘communicate’ with each other and are connected to various ICT systems and back offices. It is important that these systems, the charging infrastructure and the network are properly secured. Because a cyber attack on a large number of charging points at the same time could even result in a national power failure, with all the nasty consequences that entails. That is why cyber security is an important topic, not only for ElaadNL and the grid operators, but for the entire society.
The smart charging infrastructure is growing rapidly, which is why now is the time to properly regulate the cyber security of charging infrastructure. This does not only concern the charging point itself, but the entire chain. The charge point manufacturer must design a secure product with enough memory and processor capacity for future updates. The installer should check if a firmware update is required and change the factory default passwords. The service engineer must be authorized and communication protocols, such as OCPP and OCPI, must be secure. Also, the safety of charging via charging cards and apps, and the authorization of EV drivers – proof that you are who you say you are – must also be properly arranged. Furthermore it includes the security of the measurement data on which Smart Charging is based; it is important that people do not just have access to this information.
The charging infrastructure faces the challenge of being open and accessible to everyone, for all kinds of vehicles, software systems, charging protocols and apps, whilst at te same time being protected against hackers, criminals and other malicious parties. We need to prevent people with malicious intent from entering the network and, for example, trying to charge cars en masse (or stop charging them) in order to disrupt the energy system, but we also want useful apps to make charging easier. How do we ensure safety and ease of use? Who should take what action? What agreements do we need to make to achieve that? Who will check whether the agreements are met?
This is all explained in the (Dutch spoken) webinar that we organized together with the European Network for Cyber Security about cybersecurity and charging stations:
As early as 2017, ElaadNL and ENCS took the initiative of developing a (basic) set of cybersecurity requirements for charging stations. These requirements were updated in 2019 and are more and more applied, especially for public charging stations. But they are still informal in nature; there is no legal obligation to comply.
Formal requirements are needed to ensure the cybersecurity of, in the end, millions of charging points. There must be an international standard, charging point manufacturers must know where they can have their products tested and certified, and there must be a legal framework. Cyber security of charging infrastructure is so important that it can no longer be without obligation.
A special working group is active within the NAL (the National Agenda for Charging Infrastructure) that focuses on cyber security. This working group aims to cyber security implementation in international standards, in (European) laws and in organizations. An example of this is setting up an ISAC (Information Sharing and Analysis Centre); this is a means for co-operation in which, for example, chargepoint manufacturers can exchange information about cyber incidents in a trusted environment so that they learn from each other, without affecting their competitive position.
In the coming years, hundreds of thousands of charging points will be installed and these will be present in the field for a long time. Good cyber security is a prerequisite for guaranteeing our mobility and the stability of the power grid.
Stay informed of the latest trends and developments in the field of Smart Charging