EV-401-2019: Security test plan for EV charging stations [PUBLIC]

This document provides a plan to test electric vehicle (EV) charging infrastructure against the ElaadNL and ENCS security requirements.

ElaadNL and ENCS have developed a set of security requirements for procuring electric vehicle (EV) charging stations. The requirements are based on a risk assessment and a security architecture for the whole EV charging infrastructure. The security requirements can be used directly in the procurement process.

This document provides a standardized test plan to evaluate the EV charging stations against the security requirements. By standardizing the test plan, the test results can be shared between charge point operators. The vendor of the charging station can order a security test according to the test plan. If the charging station passes the tests, the vendor can use the test report to show compliance in all tenders that use the security requirements. This reduces the cost of testing and can give charge point operators assurance in advance that there are charging stations meeting the requirements.

If the vendor’s equipment provides additional security features, then this plan can be extended to include specific testing steps for the corresponding requirements.

The test plan consists of three phases:

  1. Functional tests and a vulnerability assessment by the vendor, usually performed during development;
  2. A review of development processes and security design and OCPP security conformance testing by an external lab;
  3. A penetration test by an external lab.

The test plan applies to charging stations that use the OCPP 2.0 protocol and implement the security measures in those standards. Using the test plan for other charging stations requires changes.