Securing EV Charging Infrastructure: Challenges, Standards, and Approach: Two-Part Series (Part 1)

As we step into another promising year, I want to thank you for your patience. This article has been in the works for quite some time, requiring an extensive effort to gather and align information to ensure its accuracy and depth. It’s finally here, and I’m thrilled to share it with you.

In this two-part series, I’ve tried to cover all the topic's key aspects. However, if you feel I’ve missed something or want to share your thoughts, I’d be happy to hear from you.

Now, let’s dive in:

The rapid adoption of electric vehicles (EVs) has fundamentally reshaped global transportation, establishing EV charging infrastructure as a cornerstone of this shift. However, as the number and complexity of charging stations increase, they become prime targets for cyberattacks. Ensuring the security of these systems isn’t merely a technical challenge—it’s an essential step to sustain and propel the EV revolution forward.

1. Understanding the Challenges: Threat Landscape

EV charging systems are built on a complex ecosystem of interconnected components, including charge points, management systems, and communication protocols. This interconnectedness, while essential for seamless operation, introduces significant vulnerabilities:

1. Protocol Weaknesses Widely used protocols like Open Charge Point Protocol (OCPP 1.6J) are susceptible to attacks, including denial of service (DoS), data interception, and identity theft. As the industry moves toward OCPP 2.0.1, security features such as stronger authentication and encryption are introduced but must still be diligently implemented.
2. Backdoor Exploits Political hacking incidents, such as the Ukrainian hacking of Russian EV stations, highlight the risks of weak backdoor protections in systems. Nation-state actors or organised cybercriminal groups may target these systems to cause widespread disruption or compromise sensitive data.
3. Malicious Manipulations Attackers can compromise charging stations to disrupt operations, manipulate energy consumption, or control vehicle functions. Ransomware attacks on fleet charging centres pose significant financial and operational risks for businesses and government agencies that rely on EV fleets.
4. Physical Security Gaps Charging kiosks in publicly accessible locations can be tampered with at a hardware level (e.g., exposed USB ports and physical tampering with connectors). Skimming devices, unauthorised reconfiguration of charging levels, and hardware sabotage can all compromise user safety and data integrity.

Key areas and components of an EV charging infrastructure that are prone to compromise, along with common vulnerabilities and potential attack vectors.

2. Mitigation Strategies for EV Charging Infrastructure

Securing EV charging infrastructure requires multi-layered defences that address unique hardware, software, and communication challenges. Below is a more in-depth look at key protection mechanisms, including the technical rationale, implementation details, and industry references.

2.1 Safeguarding Each Layer: Detailed Breakdown

2.1.1 Physical Security and Hardware Assurance

Secure Element / Hardware Security Module (HSM):

• Integrate HSM chips (e.g., Infineon OPTIGA? or similar) to store cryptographic keys and perform sensitive operations (signing, decryption) in a secure environment.
• Ensure charging points implement secure element capabilities for the root of trust functions (e.g., verifying firmware signatures before boot).

Board-Level Security:

• Techniques like physically unclonable functions (PUFs) can generate device-unique cryptographic keys without storing them on non-volatile memory.
• Deploy intrusion detection sensors on the PCB itself, triggering alerts or disabling functionalities upon tampering (used in high-security systems like ATMs).

2.1.2 Firmware Integrity and Secure Update Pipelines

Robust Code-Signing Infrastructure:

• Employ ECC (Elliptic Curve Cryptography) or RSA-2048 for signing, but prefer ECC (e.g., ECDSA P-256) for its performance and smaller key size.
• Maintain an offline root CA that signs intermediate certificates, ensuring the highest level of trust and reducing the chance of root key compromise.

Secure Over-the-Air (OTA) Protocol:

• Encrypt OTA packages with AES-256 GCM or ChaCha20-Poly1305 to ensure confidentiality and tamper detection.
• Implement version counters or Monotonic Counters in secure storage to prevent rollback attacks where attackers load older, vulnerable firmware.

2.1.3 Industrial Protocol Hardening (OCPP, ISO 15118, MQTT, Modbus, etc.)

Enforce Strict Configuration Profiles:

• For OCPP 2.0.1, enable TLS client-side authentication, ensuring the EVSE (Electric Vehicle Supply Equipment) and the back-end server verify each other.
• Use OCSP (Online Certificate Status Protocol) stapling to check certificate revocation status, mitigating impersonation risks quickly.

Application-Layer Security Measures:

• Implement request throttling and canonical path validation to prevent injection (JSON/ XML) and DoS attacks.
• Configure protocol analysers (e.g., Zeek, Suricata) to specifically parse OCPP messages and detect anomalies (unexpected payload sizes, invalid fields).

2.1.4 Back-end / CPO (Charge Point Operator) Platform Security

Microservices Architecture with Zero Trust Networking:

• Deploy each microservice (billing, session management, telemetry) in separate containers or Kubernetes pods with minimal inter-service privileges.
• Use service mesh technologies (e.g., Istio, Linkerd) to encrypt east-west traffic and perform mutual TLS between services.

Least-Privilege IAM (Identity and Access Management):

• Assign granular roles (read-only for billing logs, admin for firmware updates) integrated with MFA (Time-based OTP, hardware tokens like YubiKey).
• Integrate cloud-native secrets managers (AWS Secrets Manager, HashiCorp Vault) to store API keys, certificates, and encryption keys.

2.1.5 Network Topology and Segmentation

VLAN with SDN (Software-Defined Networking) Enforcement:

• Use software-defined network controllers to dynamically segment traffic between EV chargers, OT (operational technology) subnets, and IT systems.
• Automated policy enforcement ensures that new charging stations or maintenance laptops join the correct VLAN and adhere to pre-set security policies.

Deep Packet Inspection (DPI) at the Edge:

• Deploy next-gen firewalls (NGFW) capable of protocol-aware filtering for OCPP or ISO 15118.
• Detect irregularities in packet patterns (e.g., unusual handshake times, suspicious OPC UA or Modbus data requests if ICS components are integrated).

2.1.6 Intrusion Detection and Monitoring

Behavioral Analytics / ML Models:

• Use AI-driven solutions (e.g., Darktrace, Vectra, or custom ML pipelines) to baseline normal EV charging behaviour.
• Trigger alerts upon deviations (e.g., abnormally long session times, repeated handshake failures indicative of a brute-force or DoS attempt).

Deception Techniques / Honeypots:

• Set up decoy charging endpoints that appear legitimate but are isolated to observe attacker TTPs (Tactics, Techniques, Procedures).
• Feed data from these honeypots into a central SIEM to improve threat intelligence.

2.2 Deeper Insights on Critical Security Elements

2.2.1 Encryption Standards and Key Management

End-to-End Encryption for V2G Communications

• In ISO 15118-based Plug & Charge scenarios, vehicle certificates must be carefully issued, typically managed by a mobility operator CA or OEM CA in compliance with ISO 15118-20 security profiles.
• Differential Privacy or advanced cryptographic approaches (e.g., homomorphic encryption) might be considered to protect sensitive driver data in aggregator or billing systems.

Key Distribution Schemes

• Employ Hardware Root of Trust on the charger side and secure HSM on the back-end to store private keys used for TLS.
• Rotate short-lived session keys regularly (e.g., Perfect Forward Secrecy with ephemeral Diffie-Hellman) to prevent large-scale traffic decryption if a key is compromised.

2.2.2 Secure Firmware Update Mechanisms

Enterprise-Grade Update Server

• Consider using code-signing automation platforms (like Microsoft’s Azure Device Update for IoT or Eclipse hawkBit) that enforce cryptographic signatures.
• Automate the generation of security patches and test them within a CI/CD pipeline using hardware-in-the-loop (HIL) simulators for EV charging.

Firmware Anti-Tamper Controls

• Implement partial updates only for the changed sections of firmware (delta updates) but ensure each segment is re-signed to prevent partial tampering.
• Maintain immutable logs on the device of firmware updates performed, along with date/time, signature checks, and version hashes.

2.2.3 Secure Coding Practices and Code Quality

Use Defensive Programming

• Enforce runtime checks for boundary conditions (e.g., buffer size validations) in the charging station’s embedded software (C/C++).
• Adopt a memory-safe language for new components or microservices (e.g., Rust) to minimise memory corruption bugs inherent to C/C++ codebases.

Continuous Security Testing

• Implement SAST (Static Application Security Testing) with rulesets specific to embedded/automotive code (e.g., Polyspace for MISRA C).
• Integrate DAST (Dynamic Application Security Testing) solutions that simulate OCPP traffic to detect potential injection vulnerabilities in real-time.

2.3 Practical Industry Examples and Success Cases

1. German National Platform for Electric Mobility Specifies using Trusted Platform Modules (TPMs) in EVSE designs to anchor cryptographic operations, aligning with national security standards (BSI). Encourages OCPP 2.0.1 with mutual TLS for all publicly funded charging infrastructure.
2. UL 2900-2-2 Certification for EV Components Testing labs (e.g., UL, TüV) offer penetration testing and software validation for EV charging devices to ensure compliance with UL 2900 (Software Cybersecurity for Network-Connectable Products). Devices that pass these rigorous tests demonstrate advanced threat resilience.
3. Automotive OEM Partnerships Several major OEMs collaborate on plug-and-charge ecosystems (e.g., Volkswagen Group, Daimler) where vehicles and charging stations leverage mutual PKI. Joint cybersecurity working groups outline incident reporting protocols, shared threat intelligence, and standardised vulnerability disclosures.

2.4 My Recommendations

1. Run a Private PKI Infrastructure Operating your own PKI (with dedicated HSM-based Root CA) allows granular control over certificate issuance, revocation, and trust anchors. Policy-based issuance ensures that only verified devices with known hardware IDs or trusted manufacturing processes can obtain valid certificates.
2. Adopt an SBOM (Software Bill of Materials) Following frameworks like NTIA’s SBOM guidance, track all open-source libraries and third-party dependencies used in charging station firmware or back-end code. Quickly identify if a newly disclosed vulnerability (e.g., Log4j, OpenSSL) impacts your environment, accelerating patching cycles.
3. Perform Regular Penetration Testing and Red-Teaming Deploy specialists who simulate real-world attacker scenarios, focusing on physical tampering, cryptographic attacks, and pivoting from compromised EVSE devices into core systems. Incorporate advanced techniques (e.g., side-channel analysis on hardware if a well-funded adversary is assumed).
4. Plan for Post-Quantum Cryptography (PQC) As the industry braces for post-quantum threats, explore NIST PQC candidates (e.g., CRYSTALS-Kyber for key exchange, CRYSTALS-Dilithium for signatures). Develop a migration plan to replace classical RSA/ECC keys in charge points if quantum-safe encryption becomes mandatory.

3. The Role of Standards and Compliance Frameworks

To address these vulnerabilities, adherence to global cybersecurity standards is critical. Several frameworks guide the development and operation of secure EV charging systems:

1. ISO 15118: Defines secure communication protocols between EVs and charging stations, ensuring data integrity and user authentication.
2. ISO 21434: Provides guidelines for automotive cybersecurity, addressing vehicle connectivity and data privacy risks.
3. IEC 62443: Focuses on securing industrial control systems which are directly applicable to the EV ecosystem’s hardware and software components.
4. NIST IR 8473: Offers a comprehensive cybersecurity framework for the energy sector, including EV charging infrastructure.

These standards form the backbone of a secure EV charging ecosystem, providing best practices for encryption, authentication, and system integrity.

3.1 ISO 15118: Road Vehicles - Vehicle-to-Grid Communication Interface

This standard focuses on communication protocols between EVs and charging stations.

Relevant Areas for EV Charging Systems

• Part 2: Network and Application Protocol Requirements Defines secure communication for vehicle-to-grid (V2G) scenarios. Specifies Transport Layer Security (TLS) for data exchange.
• Part 3: Physical and Data Link Layer Requirements Details physical interfaces and data transmission methods, crucial for securing the communication link.
• Part 20: Security Profile Provides guidelines for mutual authentication between EVs and charging stations. Focus on certificate-based authentication (Public Key Infrastructure, PKI) and encrypted data exchange.
• Annex A: Outlines use case definitions for V2G communication security. Offers reference scenarios for how security controls can be operationalized.

3.2 ISO/SAE 21434: Road Vehicles - Cybersecurity Engineering

This standard outlines best practices for cybersecurity engineering in the automotive domain.

Relevant Sections for EV Charging Systems

• Section 5: Risk Management Tailored Threat Analysis and Risk Assessment (TARA) for EV charging systems. Encourages continuous risk assessment as new threats and vulnerabilities emerge.
• Section 7: Requirements for Cybersecurity by Design Integration of cybersecurity measures in the design of charging stations. Emphasizes safety-critical aspects of EV charging networks.
• Section 8: Product Development Secure development lifecycle for EV charging software and hardware. Includes specifications for secure firmware updates and patch management processes.
• Annex G: Cybersecurity case studies relevant to vehicle and infrastructure interactions. Demonstrates how to apply the standard in real-world scenarios.

3.3 IEC 62443: Industrial Automation and Control Systems Security

This standard provides a framework for securing industrial control systems (ICS), including EV charging infrastructure.

Relevant Parts and Sections for EV Charging Systems

• Part 3-3: System Security Requirements and Security Levels Defines roles, responsibilities, and technical security measures for system integrators and operators. Offers guidance on setting security maturity levels based on the risk profile.
• Part 4-2: Technical Security Requirements for IACS Components Specifies component-level security controls, including cryptographic measures and secure communications. Addresses software integrity checks and secure boot mechanisms.
• Part 2-1: Establishing an IACS Security Program Framework for managing cybersecurity throughout the lifecycle of EV charging systems. Emphasizes people, processes, and technology alignment.
• Annex A: Guidance on applying the standard to distributed systems like EV chargers. Includes references for multi-tenant or multi-operator environments.

3.4 NIST IR 8473: Cybersecurity Framework for Distributed Energy Resources

This report focuses on cybersecurity in distributed energy systems applicable to EV charging networks.

Relevant Areas for EV Charging Systems

• Chapter 3: Cybersecurity Risks and Threats Identification of risks specific to EV charging systems, including vulnerabilities in data communication protocols like OCPP.
• Chapter 5: Best Practices for Cybersecurity Recommendations for implementing secure communication, access controls, and continuous monitoring. Encourages using automated tools to detect anomalies in near real-time.
• Annex B: Implementation Examples Includes use cases for securing EV charging stations as distributed energy resources. Demonstrates practical configurations and architecture choices.
• Controls Mapping: Aligns with the NIST Cybersecurity Framework (CSF) core functions:

a. Identify: Assessing vulnerabilities in EV charging networks.

b. Protect: Using encryption and Role-Based Access Control (RBAC) to secure components. Detect: Implementing real-time monitoring and intrusion detection systems.

c. Respond: Establishing incident response plans for charging stations.

d. Recover: Planning for system restoration after an incident.

4. Security Framework Implementation

A. Overview: Why a Multi-Standard Approach?

Electric vehicle (EV) charging systems converge aspects of automotive security (vehicle-facing interfaces), industrial control systems (ICS) security (charging station hardware), and energy sector resilience (grid integration). Consequently, no single standard covers all dimensions, and organisations often must blend multiple frameworks (ISO 15118, ISO/SAE 21434, IEC 62443, NIST IR 8473) to secure EV charging infrastructures comprehensively.

Key Objectives when operationalising these frameworks:

1. Consistency: Align internal processes, technologies, and governance with recognised best practices.
2. Scalability: Ensure that security controls scale as you deploy more chargers or integrate advanced features (e.g., bidirectional charging).
3. Auditability: Streamline compliance checks and regulatory audits by mapping controls to your internal policy framework.
4. Continuous Improvement: Iterate and mature your security posture based on risk assessments and new threats.

4.1 Operationalizing ISO 15118

Purpose: ISO 15118 defines the communication interface between an EV and the charging station (EVSE). It includes secure communication protocols (TLS), mutual authentication, and certificate-based authorisation.

4.1.1 Certificate Management for Plug & Charge

• Root CA Setup: Your organisation may establish or partner with a PKI provider that issues certificates to chargers and vehicles.
• Certificate Distribution: Integrate a secure provisioning process during charger manufacturing or deployment, ensuring each charger holds valid device certificates.
• Revocation Policies: Implement CRL (Certificate Revocation Lists) or OCSP (Online Certificate Status Protocol) to revoke compromised certificates quickly.

4.1.2 TLS Configuration and Mutual Authentication

• TLS 1.2+ (preferably TLS 1.3): Enforce strong cipher suites (e.g., ECDHE_ECDSA_WITH_AES_256_GCM_SHA384).
• Vehicle-Charger Identification: During handshake, both ends verify each other’s certificate. This process must align with your back-end’s PKI policies.

4.1.3 Operational Best Practices

• Key Lifecycle Management: Regularly rotate keys and update expired certificates to avoid service disruptions.
• Device Identity Integrity: Store private keys in a secure element (e.g., TPM or HSM) on the charger side to prevent extraction or tampering.

Organisational Policy Mapping

• Access Control Policy: Map “Vehicle-Charger Authentication” (ISO 15118) to your organisation’s device identity policy (how you handle IoT/OT identities).
• Encryption Policy: Align your encryption standards (TLS 1.3, PKI) with the corporate data protection and cryptographic policy.

4.2 Operationalizing ISO/SAE 21434

Purpose: ISO/SAE 21434 addresses cybersecurity engineering in the automotive domain, extending to connected vehicles and related infrastructure (including EV charging).

4.2.1 Secure Development Lifecycle (SDLC)

• Policy Integration: Update your product development process to include threat modelling, secure coding, and vulnerability management from concept to decommissioning.
• Cross-Functional Teams: Mandate collaboration between R&D, product security, and compliance teams to ensure each stage meets cybersecurity requirements (Sections 7, 8).

4.2.2 Threat Analysis and Risk Assessment (TARA)

• Methodology: Apply TARA frameworks (e.g., EV–charger–cloud scenario) to identify and rank potential entry points by severity.
• Tracking Mechanisms: Use tools like JIRA or specialised risk-tracking systems to link identified threats to mitigation tasks.

4.2.3 Firmware and System Updates

• Continuous Monitoring: Post-deployment, monitor for firmware or software vulnerabilities (Section 8).
• Incident Response: Develop an incident handling policy (in line with organisational guidelines) that includes triage, containment, and patching of compromised EVSE nodes.

Organisational Policy Mapping

• Product Security Policy: Integrate 21434’s risk assessment requirements into the standard product security lifecycle.
• Incident Management Policy: Align 21434’s incident response expectations with your corporate cyber incident response plan.

4.3 Operationalizing IEC 62443

Purpose: IEC 62443 is designed for industrial automation and control systems (IACS), emphasizing defense-in-depth and lifecycle management. It is highly relevant for charging hardware, which often shares ICS-like characteristics (PLC-based controllers, SCADA connections).

4.3.1 Security Levels and Zones

• IEC 62443-3-3: Defines security levels (SL1–SL4) for different zones and conduits. Classify EV chargers, network segments, and back-end based on criticality and required security level.
• Zone & Conduit Model: Segment your charging infrastructure into logical “zones” (e.g., charger front-end, back-end services) and secure communication “conduits” between them.

4.3.2 Component Requirements (CRs)

• IEC 62443-4-2: Ensure each charging station component (controller, OS, firmware modules) meets the required technical security controls (e.g., identification and authentication, use of cryptography, event logging).
• Vendor Collaboration: Work with hardware/software vendors to confirm compliance with 62443-4-2 CRs. Penetration tests or certification from accredited labs can validate compliance.

4.3.3 Security Program (IEC 62443-2-1)

• Governance and Risk Management: Formalize processes to handle ongoing vulnerability disclosures, patch management, and employee training.
• Continuous Improvement: Use a Plan-Do-Check-Act (PDCA) cycle to evolve your ICS security posture.

Organisational Policy Mapping

• Operational Technology (OT) Security Policy: Map IEC 62443 controls how your organisation manages industrial/operational networks (like segmenting EVSE from corporate IT).
• Vendor Management Policy: Incorporate 62443’s lifecycle and supply chain requirements into procurement processes.

4.4 Operationalizing NIST IR 8473

Purpose: NIST IR 8473 focuses on cybersecurity for distributed energy resources (DER), which includes EV charging as part of the broader energy sector.

4.4.1 NIST Cybersecurity Framework (CSF) Alignment

• Identify, Protect, Detect, Respond, Recover: 8473 maps key security controls to the CSF core functions, guiding how to manage risk and respond to incidents in energy networks.
• Mapping to OCPP: Tailor each function to the EV charging context (e.g., “Identify” vulnerabilities in OCPP 1.6 vs 2.0.1, “Protect” via TLS, “Detect” via intrusion monitoring on the EVSE network).

4.4.2 Risk Identification and Analysis

• Chapter 3: Encourages scoping out physical, cyber, and human elements in distributed energy systems. For EVSE, analyse the charger hardware, communication lines, and operational staff interplay.
• Multi-Tenant Environment: If multiple operators share EVSE, consider contractual and technical controls to separate data and responsibilities (e.g., each operator’s logs and administrative access remain siloed).

4.4.3 Implementation Examples / Annex B

• Use Cases: Leverage real-world examples (e.g., microgrid with EV chargers) to develop architecture patterns and recommended security controls.
• Controls Mapping: Cross-reference your corporate controls or frameworks (COBIT, ISO 27001) to NIST IR 8473’s recommended practices.

Organisational Policy Mapping

• Energy Sector Compliance: If regulated (e.g., FERC, NERC CIP in North America), map the recommended controls in NIST IR 8473 to meet those compliance mandates.
• Enterprise Risk Management (ERM): Incorporate NIST-based risk assessments into the broader enterprise risk register, ensuring EV charging is recognised as a critical asset.

4.5 Mapping Organizational Policies to Each Standard

A Policy Mapping Matrix can help unify these standards, showing exactly how each standard’s control maps onto your organisational policies. For instance:

Tips:

1. Appoint a Cross-Functional Team: Include compliance officers, engineers, and IT/OT security specialists to develop and maintain this matrix jointly.
2. Automate Compliance Checks: Where possible, embed automated checks (e.g., compliance as code in CI/CD pipelines, network policy automation with NAC solutions).
3. Regular Gap Analysis: Conduct periodic assessments to ensure ongoing conformance with each standard, updating policies and technical controls as necessary.

5. Risk Assessment and Threat Modeling

5.1 Why Threat Modeling Is Critical in EV Charging

The EV charging environment involves:

• Physical infrastructure: Charging kiosks, connectors, network components.
• Embedded systems: Charge point controllers, firmware, real-time OS.
• Communication protocols: OCPP, ISO 15118, MQTT, etc.
• Cloud and backend services: Payment gateways, fleet management, data analytics.

Because of this diverse and interconnected landscape, a structured threat modelling process is essential to effectively anticipate and mitigate potential attacks.

5.2 Methodologies for Identifying Threats

1. TARA (Threat Analysis and Risk Assessment)

Automotive-Focused: TARA is often used within the automotive sector to identify and evaluate threats in vehicle-related systems, including external interfaces like EV charging.

Steps:

1. Asset Identification: Determine critical assets in EV charging (e.g., cryptographic keys, billing data, firmware).
2. Threat Scenario Identification: Brainstorm possible attacks (e.g., compromise of OCPP communications, unauthorised firmware injection, V2G manipulation).
3. Impact & Feasibility Analysis: Score each threat by potential impact (financial, safety, regulatory) and likelihood (ease of exploitation, attacker expertise required).
4. Risk Rating: Combine impact and likelihood into a risk matrix (e.g., high, medium, low) or a numeric scoring system.

Outcome: TARA yields a prioritised list of threats that help direct where to invest remediation resources (secure firmware updates vs stronger user authentication, etc.).

2. STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)

Data Flow-Centric: STRIDE is a classic Microsoft threat modelling approach that systematically examines each data flow or component in a system.

Application in EV Charging:

• Spoofing: Could an attacker impersonate a legitimate charge point on the network?
• Tampering: Can firmware or payment data be altered in transit?
• Repudiation: Are logs protected against manipulation so events can’t be denied later?
• Information Disclosure: Could OCPP or ISO 15118 traffic leak user credentials, vehicle data, or payment info?
• Denial of Service: Could an attacker flood the charging station or backend with requests, blocking legitimate usage?
• Elevation of Privilege: Could a low-level account on the charging station be exploited to gain administrative privileges?

Outcome: A STRIDE matrix or a “data-flow diagram” (DFD) helps visualise how data moves between the EV, charger, and back-end—pinpointing where these six threat types might manifest.

3. MITRE ATT&CK

Adversary Behavior Framework: MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.

ICS / Enterprise Matrices:

• Use the ICS matrix for threats targeting industrial control systems (fitting EVSE hardware).
• Use the Enterprise matrix for threats targeting cloud/backend IT environments.

Mapping Examples:

• Initial Access: Physical tampering of the charging station or phishing an operator’s credentials.
• Execution: Deploying malicious firmware or scripts on the charge point controller.
• Persistence: Installing backdoors in the charging OS or trojanizing the charger’s management software.
• Impact: Ransomware shutting down charging services or manipulating V2G operations to overload the grid.

Outcome: By comparing your environment to known adversarial tactics in MITRE ATT&CK, you can systematically identify attack chains and plan defences accordingly.

5.3 TARA-based decision

In TARA, the first step is to identify critical assets that require protection. In the context of EV charging, the following assets typically stand out:

1. EV ? Charger Communication Data in transit between the electric vehicle (EV) and the charging station (EVSE), often carrying session initiation info, billing/authentication data, state-of-charge details, etc.
2. Charger ? Backend Communication Data in transit between the charging station and back-end servers (Charge Point Operator platforms, payment gateways, management dashboards).
3. Firmware & Update Packages Data at rest in storage (charger or cloud repositories) and in transit when performing over-the-air (OTA) updates, containing critical software that controls the charging station’s operation.
4. Payment & User Credentials Data is at rest in databases (e.g., in the cloud or the charger’s local storage) and potentially used during transaction processing.

?5.4 Threat Scenarios

Based on these assets, the TARA process involves identifying potential threats and the attack vectors that could exploit them. Below are some common encryption-related threats:

1. Eavesdropping & Man-in-the-Middle (MitM) Interception of unencrypted or poorly secured communication channels (e.g., OCPP 1.6J without TLS, misconfigured TLS).
2. Data Tampering Injection or modification of firmware update files in transit, leading to malicious code execution on the charger.
3. Unauthorized Access / Credential Theft Stolen or weakly protected passwords/keys enabling attackers to decrypt sensitive data at rest or in use.
4. Replay & Downgrade Attacks Resending or forcing the system to use older, weaker encryption protocols (TLS 1.0 or 1.1) for easier compromise.

5.5 Impact and Likelihood Analysis

For each threat scenario, TARA assigns an impact level (e.g., financial, operational, safety) and a likelihood level (feasibility, existence of known exploits, attacker motivation). The product or combination determines a Risk Rating.

Below is a simplified table illustrating key threats related to encryption:

Note: “Medium-High” or “High” risk scenarios typically warrant stronger encryption solutions (AES-256, TLS 1.3 with ephemeral keys, PKI-based mutual auth, etc.).

6. Selecting the Right Encryption

Having identified high-risk areas, TARA helps you prioritise which encryption methods to deploy. Below, we provide detailed recommendations for cryptographic approaches based on industry standards, performance needs, and threat profiles.

6.1 A EV ? Charger Communication (Data in Transit)

• Threats: MitM attacks, replay/downgrade, data interception.
• Recommended Encryption:

1. TLS 1.3 with AES-256-GCM or ChaCha20-Poly1305 Provides forward secrecy with ephemeral ECDH (Elliptic Curve Diffie-Hellman) key exchange.
2. Mutual TLS (PKI certificates for both charger and EV) Ensures identity validation and helps prevent impersonation (ISO 15118 Part 20 encourages PKI-based authentication).
3. ECDSA (Elliptic Curve Digital Signature Algorithm) For certificate-based device authentication, balancing strong security with efficient handshake performance.

Why: TARA rated MitM as High risk (financial exposure, user data). Using TLS 1.3 with ephemeral keys drastically reduces the likelihood of eavesdropping success.

6.2 Charger ? Backend Communication (Data in Transit)

• Threats: MitM, replay, API exploitation.
• Recommended Encryption:

1. TLS 1.3 with ephemeral key exchange Minimizes MitM and replay attacks.
2. Certificate Pinning or OCSP Stapling Pinning the backend certificate in the charger firmware prevents an attacker from substituting a fraudulent certificate. OCSP Stapling helps quickly revoke compromised certs.

Why: Medium-high risk for replay/downgrade, which TLS 1.3 mitigates via robust handshake procedures. The cost (performance overhead) is acceptable, given the high sensitivity of management commands and billing data.

6.3 Firmware & Update Packages (Data in Transit)

• Threats: Tampering, injection of malicious firmware.
• Recommended Encryption: Secure Code Signing with ECDSA or RSA-2048+ Only firmware signed by the legitimate vendor is accepted. Encrypted OTA (AES-256, ChaCha20) Ensures the confidentiality of firmware binaries if the attacker intercepts them. Integrity Checks (Hash-based or MAC-based) Validate authenticity (e.g., SHA-256 or SHA-3 for hashing) before applying updates.

Why: TARA identified this scenario as having a Very High impact (could fully compromise charging stations). Signed, encrypted updates reduce the likelihood significantly.

6.4 Payment & User Credentials (Data at Rest & In Use)

• Threats: Credential theft, unauthorised decryption, side-channel.
• Recommended Encryption:

1. AES-256 in Galois/Counter Mode (GCM) or XTS (for disk-level encryption) Minimizes performance overhead while providing strong encryption.
2. Hardware Security Module (HSM) or Secure Element Protects keys and cryptographic operations from direct exposure.
3. Tokenization / Hashing of user credentials Store hashed user passwords (e.g., Argon2, bcrypt) and tokenise payment info to comply with PCI DSS.

Why: The TARA rating for credential exposure might be Medium-High. By storing data in encrypted form and protecting keys via HSM, you lower the likelihood and impact of a breach.

6.5 Mapping Risk Ratings to Encryption Choices

The table below summarises which encryption approach TARA suggests, the risk it addresses, and the Rationale behind the selection:

6.6 Recommendations from a TARA Standpoint

1. Prioritize Mutual TLS (TLS 1.3)

• High-risk threat of eavesdropping and injection between EVs and chargers/back-end. Ephemeral ECDH ciphers provide forward secrecy and strong authentication.

1. Implement Strong Firmware Signing & Encryption

• Tampering with firmware is a critical risk. Code signing plus secure boot and robust OTA encryption is non-negotiable.

1. Protect Credentials with Robust Key Management

• Use HSMs or secure elements to store cryptographic keys, reduce the attack surface for credential theft, and ensure compliance (e.g., PCI DSS, GDPR).

1. Plan for Quantum-Resistant Crypto (Long-Term)

• TARA results may indicate nation-state-level adversaries or long-lifecycle assets. Consider an upgrade path to post-quantum algorithms (e.g., CRYSTALS-Kyber, CRYSTALS-Dilithium) as they become standardised.

7. The Business and Market Implications

The EV charging market is set to grow exponentially, driven by consumer demand, government incentives, and automaker investments. For example, the U.S. allocated $7.5 billion to charge infrastructure under the 2021 Infrastructure Investment and Jobs Act. This growth underscores the critical role of cybersecurity in:

• Protecting Investments: A single large-scale attack on EV charging infrastructure can incur massive financial and reputational damage.
• Enhancing User Trust: Consumers and fleet operators need confidence that charging networks are reliable and safe.
• Ensuring Regulatory Compliance: Governments increasingly mandate cybersecurity requirements for critical infrastructure, including EV charging.

8. Up Next (Part 2)

In the next series, I will cover the following points in depth

1. Mathematical Approach EV Charging Security
2. Incident Response Planning
3. Lifecycle Management and Continuous Monitoring
4. Emerging Technologies and Innovations
5. Regulatory and Compliance Considerations
6. Business and Market Implications

9. Conclusion: Securing the Future of Electric Mobility

As EV adoption accelerates, cybersecurity in charging infrastructure becomes a linchpin for the industry’s success. Adopting robust standards, innovative technologies, and a proactive approach to threat mitigation will ensure the resilience and reliability of this critical ecosystem. The journey towards a secure EV future is a shared responsibility that demands collaboration among manufacturers, cybersecurity experts, utility providers, and policymakers.

By continuously aligning with evolving standards like ISO 15118, IEC 62443, ISO/SAE 21434, and NIST IR 8473 and integrating advanced security measures by design, stakeholders can build and maintain an ecosystem that protects users, inspire consumer confidence, and drives the EV revolution forward.

You can connect with me on Signal #VU3SCD.05 or Threema #5AT84X4.