EV-401-2020: Security test plan for EV charging stations (2017 requirements)

This document provides a plan to electric vehicle (EV) charging stations against the EV Charging System Security Requirements, version 1.01 of August 2017, developed by ElaadNL and ENCS.

When the requirements are used, the need arises to evaluate the charging station against the requirements. Most procurement processes include acceptance testing to make sure that the selected charging station does indeed meet all requirements. This document provides a standardized test plan to evaluate the charging stations against the security requirements developed by ElaadNL and ENCS in 2017.

By standardizing the test plan, the test results can be shared between charge point operators. The vendor of the charging station can order a security test according to the test plan. If the charging station passes the tests, the vendor can use the test report to show compliance in all tenders that use the security requirements. This is expected to reduce the cost of testing and can give charge point operators assurance in advance that there are charging stations meeting the requirements.

If the vendor’s equipment provides additional security features, then this plan can be extended to include specific testing steps for the corresponding requirements.

The test plan consists of three phases:

  1. Functional tests and a vulnerability assessment by the vendor, usually performed during development;
  2. A review of development processes and security design and OCPP security conformance testing by an external lab;
  3. A penetration test by an external lab.

 


EV-101-2019: Security risk assessment for EV charging infrastructure

Assessment of the security risks for a typical EV charging infrastructure.

As part of the energy transition, there has been a large growth of electric vehicles on the streets. By June 2018, already one million electric cars were registered in Europe and almost a quarter of cars is expected to be electric in 2030.

The electric vehicle (EV) charging infrastructure is being expanded to keep up with this growth. Millions of charging stations will be placed throughout Europe. Many will be remotely controlled by Charge Point Operators (CPO).

These charging stations need to be protected against cyber-attacks. The electrical load that is controlled remotely by the CPOs, will soon be large enough to affect the stability of the European grid. If the power on a high number of charging stations would be switched off at the same time, this could lead to significant power outages.

ENCS has developed a security architecture for the EV charging infrastructure. The goal of this risk assessment is to show how the measures in this architecture sufficiently mitigate the security risks.


EV-401-2019: Security test plan for EV charging stations

Plan to test an EV charging station against the ElaadNL and ENCS security requirements.

ElaadNL and ENCS have developed a set of security requirements for procuring electric vehicle (EV) charging stations . The requirements are based on a risk assessment and a security architecture for the whole EV charging infrastructure. The security requirements can be used directly in the procurement process.

This document provides a standardized test plan to evaluate the charging stations against the security requirements. By standardizing the test plan, the test results can be shared between charge point operators. The vendor of the charging station can order a security test according to the test plan. If the charging station passes the tests, the vendor can use the test report to show compliance in all tenders that use the security requirements. This reduces the cost of testing and can give charge point operators assurance in advance that there are charging stations meeting the requirements.

The test plan consists of three phases:

  1. Functional tests and a vulnerability assessment by the vendor, usually performed during development;
  2. A review of development processes and security design and OCPP security conformance testing by an external lab;
  3. A penetration test by an external lab.

EV-390-2019: Market survey for electric vehicle charging

Results of a market survey on the security of electric vehicle charging stations held in November 2019.

ENCS has produced a set of security requirements that charge point operators can use for procuring secure charging stations. To verify that these requirements are feasible in the current market, ENCS has conducted a survey among charging stations vendors, asking if they can implement the most advanced requirements.


EV-301-2019: Security requirements for procuring EV charging stations

This document specifies security requirements that charge point operators can use when procuring charging stations. The requirements can be used directly in tender documents. They cover the technical security features that the charging station should have, and the measures vendors should take to ensure the correct implementation of these features.

The document is an update of the EV Charging Systems Security Requirements from 2016. ENCS has created this document together with ElaadNL.


EV-201-2019: Security architecture for EV charging infrastructure

This document describes a security architecture for electric vehicle charging infrastructure specifying the technical security measures charge poin operators can implement. The architecture can act as a blueprint for system integrators and the departments maintaining the system. The architecture is intended to be used together with an information security management system (ISMS) based on ISO 27001:2013 or similar.

ENCS is creating this document in collaboration with ElaadNL.