Yes, charging comms security is a done thing

(Because this question has come from multiple actors today)

Australia does not need to invent, develop or research novel solutions to secure vehicle charging sessions (V2G or otherwise). It needs only to get on board.

Definitions

• ASD (Australian Signals Directorate) – The Australian government agency responsible for cybersecurity, intelligence, and information security.
• CCS (Combined Charging System) – A charging standard that supports both AC and DC charging, widely used for EVs in Europe, North America and beyond. The de-facto market standard here, though not regulated or mandated so. References many relevant standards.
• CHAdeMO – A DC fast-charging standard primarily developed in Japan, enabling bidirectional power flow, making it suitable for Vehicle-to-Grid (V2G) applications.
• IEEE 2030.5 – A communication standard designed for smart grid applications.
• ISO 15118 – An international standard defining vehicle-to-grid (V2G) communication interfaces for conductive and wireless charging of EVs. Includes ISO 15118-2 (communication protocol for wired charging, including Plug & Charge and encrypted data transfer) and ISO 15118-20 (2nd-generation communicatations protocol expanding on bidirectional power transfer, wireless charging and improved cybersecurity). Part of CCS.
• OCPP (Open Charge Point Protocol) – An open standard communication protocol between EV charging stations and central management systems, ensuring interoperability.
• PKI (Public Key Infrastructure) – A certificate-based security framework that enables encrypted, authenticated communications. Used ubiquitously where security is paramount.
• TLS (Transport Layer Security) – A cryptographic protocol ensuring secure communication.

Existing solutions

There are multiple communications routes to secure however those we're most concerned with are:

• Between EV and charging infrastructure
• Between charging infrastructure and whatever manages that

PKI-based solutions for both have existed for some time.

Between EV and charging infrastructure, ISO 15118 communications have offered a PKI framework from initial release (ISO 15118-2) since 2014, which was further enhanced in 2022 with ISO 15118-20. Whilst commonly confused in (our) market as being a 'thing' to enable Plug&Charge, that's only an application that uses it - the PKI framework can be used to secure entire vehicle charging sessions including authorisation, encrypted comms and cybersec protections.

Between charging infrastructure and management solutions there's OCPP's Security Profiles, which have supported a full PKI (Security Profile 3) since not long after as a consistent means in the space.

Are these the same as IEEE 2030.5? No (if anything 15118-20 mandates TLS 1.3 and offers very strong data integrity); these are products with different uses and interactions and accordingly different risks managed, PKI complexity, certificate trust models, certificate life cycle and revocation practices etc. They are each typically served by organisations relevant to their industries, with many such precedents in production globally running just fine.

These solutions have existed for years and are well-documented.

And of the other plug?

How do you do this with CHAdeMO? Easy - you can't. There is no way to encrypt or authenticate EV-to-charging-infra comms.

Which should put a reasonable pin in any discussions about V2G futures with grey imports long before the ASD needs to enter the chat and tell all to settle down.

We can't seriously care about the scale and wonder of a managed charging future - let alone a V2G future - if turning a blind eye to cybersecurity.

So then, Australia

• Formally adopt CCS and all that comprises it (ISO 15118 included)
• Formally adopt OCPP as IEC 63584 (or whatever makes us comfortable)
• Establish appropriate, independently-governed, market-relevant PKI and distribution of certificates thereof
• Stop giving taxpayer money to solutions that don't employ competitive, standardised, independently-certified security.
• Get strong on limiting airtime for actors suggesting we can't afford to get serious on smarter charging because doing so is complex and/or would leave any part of industry behind.

That last one's real. It's a major logical fallacy to campaign for first-rate EV adoption and lobby for second-rate means to charge as much. You know who you are.

The above are par for the course in all leading markets. We should want no less.

Following up

Want links to any of the above? Connect with and contact me.

Want to get relevant and learn about/contribute to the bleeding edge of the above among a global community getting on with it? Join the Open Charge Alliance at https://openchargealliance.org/join-us/.