EV-211-2022: Security requirements from IEC 62443 for EV charging infrastructure [DRAFT]

This document gives security requirements that Charge Point Operators (CPO) can use when procuring new EV charging infrastructures from a system integrator, or internally when designing and implementing an EV charging infrastructure. The requirements are based on the IEC 62443-3-3 standard.

Charge Point Operators (CPOs) are controlling increasingly more electrical load. To support the rapid growth in electric vehicles (EVs), hundreds of thousands of charging stations are being placed throughout Europe, most of them being remotely controlled by CPOs. In this way, larger CPOs are already controlling hundreds of megawatts of demand, comparable to a large gas power plant. And the controlled load will only grow in the future.

Making sure the EV charging infrastructure is secure is, hence, critical. This document provides a recommended set of security requirements at system level that allows the major security threats to be mitigated with current technology. It provides guidance on what technical measures to take to secure EV charging infrastructures.

The requirements are based on the IEC 62443 standard. They have been selected from IEC 62443-3-3: System security requirements and security.

The requirements have been designed to allow certification based on the new certification schemes being developed for IEC 62443. Together with the threat analysis for EV charging infrastructure, they form a profile for IEC 62443.