Networked electric vehicle (EV) chargers are part of the burgeoning Internet of Things (IoT), which is connected to electricity grid infrastructure and the banking system through payment apps that handle sensitive personal and financial information. That makes them tempting targets for computer-savvy bad actors of many kinds, who may be focused on larceny, fraud or broader sabotage and mayhem, writes Peter Donaldson.

As more chargers are rolled out around the world, public and home-charger security has become a crucial issue; one that IoT intelligent systems and embedded platforms specialist Advantech is addressing in partnership with testing, inspection and certification services provider Bureau Veritas (BV).

The author spoke with a team from the two companies during a web meeting in late May, to discuss their approach to the issue, which is centred on the application of standards such as IEC 62443. This is a set of international standards covering cyber security for operational technology in automation and control systems.

Together with BV, Advantech aims to ensure all its edge computers, whether X86- or ARM-based, can satisfy requirements to a defined level under IEC 62443 and many similar security standards, says Advantech’s Stephen Liu.

“We are working with BV on a recognition scheme called cyber-tested and cyber-verified computers within Advantech. The process is recognised by BV, so that if customers later want to go through the certification process with their whole systems, preferably with BV, they will save a lot of time and effort because we have done things right for them in the first place,” he says.

Meeting standards

BV’s Pascal Le Ray and Aaron Chen say that even though IEC 62443 is an industrial standard and not mandatory, in all the projects on which the organisation is working with Advantech, it wants to make sure the company’s products meet basic security standards ahead of time.

“If such a standard becomes mandatory, or if customers have specific requirements, we can then develop based on them and move forward,” says Chen.

Explaining the nature of the risks, Advantech’s Pascal van Kesteren began with the connection between the car and the charger, which involves the transfer of contract information from one to the other during ISO 15118 vehicle-to-grid energy transfer.

While there may be a chance of electricity being stolen through a breach in cyber security, he says the real risk is that all the chargers supplied by a certain company might be disabled by an exploit, which could have an impact on the wider economy.

“That’s an aspect of security that, with the number of EV chargers deployed in the field, is becoming more and more of a risk in daily life,” adds van Kesteren.

Getting personal

Advantech’s Liu elaborates that when an EV is connected to a charger, it transfers a lot of the driver’s personal information such as their name and billing address, to multiple parties.

“You are telling the charger who you are and what car you are driving, and that data is exchanged with the mobile service provider and the back-end system. You want to make sure this data is not leaked and that there’s no compromise during the communication,” he says.

“As a charger maker, you want to make sure everything works properly. For example, if the car is asking for 30 kW, you are not giving it 80, 120 or 180 kW, in which case the car would get damaged. But imagine if the hacker wants to damage your business, or wants to tamper with the whole electricity grid; there are many ways of penetrating the charger and making the kind of command that would damage the car or even the grid.”

One essential piece of the security puzzle is authentication, of which there are many methods available, Liu says. “The whole EV charging industry is talking about standards such as ISO 15118, especially 15118-2 or -20. These new standards regulate the authentication method.

“No matter whether you are looking at it from the charger’s point of view, the EV’s point of view, from the back end or the mobile service’s point of view, certificates are required to prove your identity for every step in the charging process.

“For example, when you plug your charging gun into your EV, you have to exchange your real certificate for the first time. Then, when the onboard charger gets a request from the EV charger and tries to send that request to the charger controller, you are exchanging another certificate. And then you have to exchange another certificate to verify your authenticity when you try to talk to the backend system and try to start the billing.”

Liu adds: “It’s very important to make sure all the certificates are issued by a legal, valid authority. There should be one from each car company, from each charger company and from each mobile operator, much like your cell phone network, so everybody has to have a working public key infrastructure (PKI).”

Inter-communications

Communication between the car and charger using certificates is only applicable when using 15118. In all other situations (at this moment that is almost 100%) it is a RFID identifier (phone or card) and charger only, Liu explains.

Inevitably, the chargers are all computer-controlled, so every time they are powered on they have to go through a secure boot sequence, he explains. “We need a security chain from the CPU all the way up to the application to ensure no step is being tampered with.”

For example, he says it is essential to ensure the BIOS configuration and the operating system have not been hacked or replaced with fakes.

“Finally, we can implement multi-factor authentication for a user when they log into the charging system to maintain it,” Liu adds.

“So this is the future,” says van Kesteren. “In the beginning of charging there was no interest in hacking anything because only a few people needed charging stations, and RFID was safe enough to take care of administration on the back end to make sure the contract was billed in the right way.

“Then Tesla created plug-and-charge, meaning you just plug the cable in and it starts charging because the contract was in the car. ISO 15118 allows the rest of the world to do the same thing, and with that came new requirements for security.”

Legal obligations

In Europe, the General Data Protection Regulation (GDPR) and Alternative Fuels Infrastructure Regulation (AFIR) place yet more legal obligations around data security onto charger providers. “We cannot walk away any more from the idea that the installed base is so big that it needs to be secure,” says van Kesteren.

Liu emphasises that while secure PKI is essential, if private keys are stolen or compromised the security system fails. “We want to make sure your private key is securely stored, preferably on hardware that is not removable or rewritable by anyone else,” he says.

The established technology for this is the trusted platform module (TPM), which is hardware on most X86 devices where the private key for PKI certificates can be stored, and Advantech uses it for this on its own X86-based charger controller.

“Furthermore, we can use that key to authenticate your storage device,” Liu says. “In the Windows environment it’s called BitLocker, while in Linux systems, such as Ubuntu, it’s called disk encryption.”

Advantech is developing an NXP I.MX-based, single-board computer incorporating EdgeLock to strengthen security and achieve TPM features in charger controllers. Advantech is also working in partnership with SecEdge, which offers firmware TPM (fTPM).

In addition to TPM solutions for private key security, the company encourages EV charger manufacturers to use other security tools to protect their runtime environments. For Windows, they suggest a tool from Trellix that ensures only authorised applications can control the charger. Liu says such a whitelist approach is more effective than using antivirus software, because that requires constant updates and can affect system performance.

Keeping up to date

As with any computer operating system, Liu cautions that it is vital to keep it updated. Microsoft supports Windows, of course, while with Linux it’s important to find a properly supported distribution.

“Ubuntu is definitely the best choice, as Canonical offers up to 10 years of long-term support and security patching,” he says. “If you are using Yocto Linux, that’s a problem, but Advantech offers Yocto maintenance as well. We are happy to offer long-term support.”

Finally, Advantech has what Liu calls a unique technology to protect against unexpected shutdowns caused by brief grid outages, for example. By adding supercapacitors to their solid-state drives they can ensure all data is saved and the drive shuts down gracefully.

Charger firmware updates have to be managed securely to ensure the integrity of the process. Liu admits this is a challenge for which there is no perfect solution, but one that Advantech is addressing.

“There should be another PKI or certificate system on the embedded level so that each and every component on the motherboard, for example, can verify each other,” he says. “That’s the most ideal situation, but we’re not there yet. It’s very costly.”

With such a solution, Liu says that even if a hacker were to have physical access to the charger controller and try to flash hardware on the motherboard, they would fail because they wouldn’t be authenticated.

For over-the-air updates, Advantech offers DeviceOn, which is off-the-shelf device-management software for IoT and edge computers. The product allows the updating of all applications and firmware, even BIOS configuration, remotely and securely through the use of the latest certificate standard, X.509.

“We use the MD5 checksum process to ensure the integrity of the file,” Liu says.

Cyber guards

While many protocols and standards can be used to protect EV chargers from cyber threats, he believes IEC 62443 is the overarching framework for many industrial standards.

“In Europe, there is the Cyber Resilience Act, and in the energy industry we are talking about IEC 62351. There are many other new standards coming up that actually originated from IEC 62443,” Liu says. “We realised that if we can build a very solid solution for IEC 62443, we can deal with those other similar standards.”

There is a security issue to be resolved with the Open Charge Point Protocol (OCCP) that handles communications between the charger and the charge-point operator, says van Kesteren.

He explains that although OCCP 2.0 is secure and has been available for years, the less secure OCCP 1.6 is much more widely used and charge-point operators with large, installed bases are reluctant to make the change. “Somewhere down the line, legislation will have to become part of the story.”

The physical safety and security of chargers are also crucial, so they remain robust in harsh environments and offer protection against tampering. He notes that Advantech’s hardware is designed to withstand extremes of temperature, with its industrial display qualified to -40 C, for example, and its computers are designed to work with voltages from 9 V to 24 V.

There are obvious dangers involved in opening a charger casing improperly, and Advantech’s computers will inform the operator if that happens.

“The system will detect that and trigger some embedded component, such as a super I/O chip, to send a real-time alert and keep a record of the event,” Liu says. “Even if some crazy guy were to cut the power cable and try to open the casing, the incident would be recorded because there is a very small, battery-powered device on the motherboard that can detect such incidents.”

Aaron Chen is an account manager in the Taiwan branch of Bureau Veritas’ business development division. Pascal Le Ray is BV’s general manager at that branch. Pascal van Kesteren is senior business development manager at Advantech Europe. Stephen Liu is business development manager at Advantech.