Members of the electric vehicle (EV) industry gathered at the National Renewable Energy Laboratory (NREL) in early April to evaluate enhanced cybersecurity for the connections between electric vehicles and charging infrastructure.
As more EVs enter the market and connect to the electrical system, potentially exposing cyber vulnerabilities, vehicle security is drawing increased interest. This event supports a project led by SAE International to strengthen EV cybersecurity through wide industry engagement on pre-competitive research and technology prototyping in the EV charging space.
The event was organized to evaluate the application of public key infrastructure (PKI)—a method for encrypting information exchange and certifying the authenticity of devices—to help ensure digital trust between vehicles and charging stations. Although PKI had been adopted for many industries, this kind of authentication between different companies’ electric vehicles and charging stations is not commonplace and has not yet matured in the EV charging ecosystem. NREL has previously studied the vulnerabilities associated with EV interconnections and has evaluated strategies to mitigate those vulnerabilities. This event went a step further into showing how PKI could improve security of communications required to enable charge sessions to take place. Successfully securing these communications would help protect against financial fraud and defend drivers, vehicles, manufacturers, and charge-network operators from other cyber intrusions.
Participants including Ford Motor Company, Rivian, Shell Global Solutions, and ChargePoint brought EVs and charging infrastructure to NREL’s Energy Systems Integration Facility to facilitate the collaborative validation. At this first event, teams used a PKI system designed and implemented by Eonti and DigiCert to focus on establishing primary system functionality for the PKI-strengthened charging connection. Once basic functions have been demonstrated, the participants and NREL can begin planning for future efforts that will guide the team to implement a defensible system for protecting charging infrastructure in the field.
“NREL has assembled unique power systems, cyber facilities, and insights to assist these teams to assess the cybersecurity of electrified transportation systems under real operating conditions, and this project is a great opportunity to marry industry expertise and government evaluation resources,” said Tony Markel, project lead from NREL.
The product teams completed dozens of tests, using valid and invalid PKI implementations to ensure systems are robust enough to correctly capture and identify accurate and faulty behaviors. In follow-on tests, researchers intend to expand the number of companies involved and the test cases performed to widen the impact of testing on the EV charging sector. The test cases will include adversarial drills against EV connections in the spirit of a hack-fest to confirm the full cyber strength of a PKI implementation strategy.
The interest in PKI for EV charging follows an industry assessment that found opportunities for improvement in current standards pertaining to EV cybersecurity. SAE is organizing the international EV charging sector, as well as public and research entities, to collaboratively increase overall security in this critical connection between the mobility and energy industries. The two-year project is intended to deliver an operational PKI method agnostic to the charging platform that is available to industry worldwide.
“SAE International is pleased to have gathered our SAE EV Charging PKI Cooperative Research Project (CRP) industry partners at the National Renewable Energy Laboratory for our first test event. SAE CRP projects are joint ventures that perform targeted, pre-competitive research to develop solutions—by industry for industry,” said Tim Weisenberger, SAE program manager of emerging technologies. “In this project we are designing and testing an inclusive, worldwide EV charging industry PKI platform that is secure, trusted, scalable, interoperable, and extensible.”
SAE International is seeking to expand the network of participating entities to join this critical project. Future activities include proving the scalability of PKI for EV charging, ensuring its compatibility across products, and sharing results to influence standards.
Comments are closed.