Electric vehicle manufacturers recently gathered at the National Renewable Energy Laboratory (NREL) to evaluate enhanced cybersecurity issues related to the connections between EVs and charging infrastructure. Participants representing companies such as ChargePoint, Ford and Rivian met at NREL’s Energy Systems Integration Facility to discuss high-voltage cabling and other technology.
The event was organized to evaluate the application of public key infrastructure (PKI)—a method for encrypting information exchange and certifying the authenticity of devices—to help ensure digital trust between vehicles and charging stations. Although PKI had been adopted for many industries, this kind of authentication between different companies’ electric vehicles and charging stations is not commonplace and has not yet matured in the EV charging ecosystem.
“NREL has assembled unique power systems, cyber facilities and insights to assist these teams to assess the cybersecurity of electrified transportation systems under real operating conditions, and this project is a great opportunity to marry industry expertise and government evaluation resources,” says Tony Markel, project lead from NREL.
NREL has previously studied the vulnerabilities associated with EV interconnections and has evaluated strategies to mitigate those vulnerabilities. This event went a step further by showing how PKI could improve the security of communications required to enable charge sessions to take place.
According to Markel, successfully securing these communications will help protect against financial fraud and defend drivers, vehicles, manufacturers and charge-network operators from cyber intrusions.
Participants completed dozens of tests, using valid and invalid PKI implementations to ensure systems are robust enough to correctly capture and identify accurate and faulty behaviors. In future tests, Markel and his colleagues plan to expand the number of companies involved and the test cases performed to widen the impact of testing on the EV charging sector. The test cases will include adversarial drills against EV connections in the spirit of a hack-fest to confirm the full cyber strength of a PKI implementation strategy.
The interest in PKI for EV charging follows an industry assessment that found opportunities for improvement in current standards pertaining to EV cybersecurity. SAE is organizing the international EV charging sector, as well as public and research entities, to collaboratively increase overall security in this critical connection between the mobility and energy industries. The two-year project is intended to deliver an operational PKI method agnostic to charging platforms that is available to industry worldwide.
“SAE International is pleased to have gathered our SAE EV Charging PKI Cooperative Research Project (CRP) industry partners at the National Renewable Energy Laboratory for our first test event,” says Tim Weisenberger, SAE program manager of emerging technologies. “SAE CRP projects are joint ventures that perform targeted, precompetitive research to develop solutions by industry for industry. In this project, we are designing and testing an inclusive, worldwide EV charging industry PKI platform that is secure, trusted, scalable, interoperable and extensible.”