Security requirements for procuring EV charging stations (draft version 1.9.3)

This document specifies security requirements that charge point operators can use when procuring charging stations. The requirements can be used directly in tender documents. They cover the technical security features that the charging station should have, and the measures vendors should take to ensure the correct implementation of these features.

The document is an update of the EV Charging Systems Security Requirements from 2016. This is a draft version published to collect feedback from grid operators and vendors.

ENCS is creating this document in collaboration with ElaadNL.


Security architecture for EV charging infrastructure (draft version 0.2)

This document describes a security architecture for electric vehicle charging infrastructure specifying the technical security measures charge poin operators can implement. The architecture can act as a blueprint for system integrators and the departments maintaining the system. The architecture is intended to be used together with an information security management system (ISMS) based on ISO 27001:2013 or similar.

ENCS is creating this document in collaboration with ElaadNL.


Security requirements for procuring DA RTUs (draft, version 1.4)

This document specifies security requirements that grid operators can use when procuring new distribution automation (DA) remote terminal units (RTUs). The requirements can be used directly in tender documents. They cover the technical security features that the RTU should have, and the measures vendors should take to ensure the correct implementation of these features.

The document is an update of the Distribution Automation RTU Security Requirements from 2016. This is a draft version 1.4 published to collect feedback from grid operators and vendors.


EV Charging Systems Security Requirements

This catalog describes security requirements for Electric Vehicle charging systems. Two sets of requirements are included:
First, a set of requirement for the procurement of Charge Point. This set includes requirements to make sure the Charge Point itself is secure, that it has all functionality needed to set up secure operational processes, that its Vendor takes measures to ensure its security throughout its lifecycle, and that measures are taken to assure that security measures have been implemented well.
Second, a set of requirements for secure communications between the Charge Point Operator (CPO) and Distribution System Operator (DSO). These requirements can be used as part of the security requirements when new server systems are procured or set up.
The definition of the requirements is based on the results of a Threat Assessment, which identified the threats and possible attacks related to EV charging systems. Each requirement is justified by one or more possible threats identified.
These requirements have been developed by the European Network for Cyber Security (ENCS) for ElaadNL. ElaadNL intends to use and promote the requirements as the basis for future development.


Security requirements for procuring smart meters and data concentrators

This document contains security requirements for procuring Smart Meters and Data Concentrators. They are intended as a common baseline that in line with more strict requirements or more detailed specifications used in different European countries.
The requirements are formulated in a technology-independent manner. They describe the security measures that need to be taken functionally, and do not make assumptions on communication protocols or technologies. The requirements cover both technical security measures, and process measures that Vendors should take to ensure secure development, production, and delivery of the devices.
The requirements have been written with an eye towards testing. For each requirement, recommendations are given for evaluating if it has been fulfilled. These recommendations are based on experience with testing many meters from different countries.


Distribution Automation RTU Security Requirements

This catalog describes security requirements for procuring secure distribution automation Remote Terminal Units (RTUs). The RTUs are a critical part in distribution automation systems because they act as access points in the substation and control the grid equipment.

The catalog describes: devices security, security requirements for end-to-end secured communication between the RTU and the central systems, and for processes the vendor should implement to keep the RTU secure during its lifecycle.

The requirements have been developed by ENCS in the member project on distribution automation security.