EV-311-2022: Security requirements from IEC 62443 for procuring EV charging stations [DRAFT]

This document gives security requirements that Charge Point Operators (CPO) can use when procuring new charging stations. The requirements are based on the IEC 62443-4-2 standard.

Cyber-attacks on the electric vehicle charging infrastructure are not just a financial and reputational risk to the Charge Point Operators (CPOs) that manage the infrastructure. They are also becoming a large societal risk.

To mitigate these risks, this document provides a harmonized set of security requirements that charge point operators use directly in their procurement documents for charging stations. They are designed to fit into the processes and procedures already in place in the organizations and to find a good balance between security and the operational impact.

The requirements have been designed to allow certification based on the new certification schemes being developed for IEC 62443. Together with the threat analysis for EV charging infrastructure they form a profile for IEC 62443. The profile also meets the requirements for a component context analysis, as defined in the JRC Recommendations for the Implementation of the Industrial Automation & Control Systems Components Cybersecurity Certification Scheme (ICCS).