The future is electric and smart
Electric vehicles (EVs) are on the rise, making up almost 9 percent of new car registrations in the US and around 25 percent in the European market. With EU legislation set to stop new registrations of internal combustion engine cars by 2035, the future can only be electric.
Another thing that is certain is that EV supply equipment (EVSE) such as chargers will become smarter – no matter if at home, in residential and business areas, or on highways. The main reason is to protect the power grid from too many EVs being charged at the same time.
Smart charging through a coordinated manner can facilitate charging of more EVs
compared to dumb/uncontrolled/uncoordinated charging, thereby effectively increasing
EV hosting capacity of a distribution feeder. More importantly, at peak load condition,
smart charging will not only be able to limit the peak load, but it can also help in peak
shaving, hence reducing the need for grid upgradation." (A critical review: Smart charging strategies and technologies for electric vehicles)
Equipped with internet connectivity and linked to a central system, smart EV chargers can dynamically regulate the charging power or current of individual EVs.
Smart chargers are vulnerable
The biggest strength of smart chargers is also their greatest vulnerability: exposure to unsecured networks. Recent security issues [1][2] demonstrate how attackers could exploit EVSE, issuing unauthorized commands and potentially form a botnet that could destabilize or even collapse the power grid.
Considering the Mirai botnet that infected millions of internet-connected devices which then brought down several Webservices by an orchestrated DDoS attack – an alike botnet by EV chargers whose power cycles are coordinated could deteriorate or bring down the power grid.
While chargers can use Wi-Fi for connecting to the internet, this option often puts a private individual in charge of safeguarding the last mile of network security. Wi-Fi is also especially susceptible to attacks: wrongly configured, poorly password-protected, or not regularly updated, Wi-Fi routers can present an entry door for attackers – exposing the EV chargers on the public internet.
In case of a power grid failure, the question is then whose responsibility (or liability) will it be? The private individual? The charger manufacturer? Operator? Or the person responsible for writing the backend or load-balancing software?
1. Take control of EV charging security with cellular connectivity
Cellular connectivity puts last-mile security back in the hands of the EV charging service provider. By separating the charger from local networks and connecting it reliably over-the-air, it reduces risks from nearby unsecured devices.
With IoT-focused providers, this added security and dependable connectivity come at minimal cost compared to the charger’s overall price, along with additional operational and security benefits.
2. Overcome OCPP security gaps with a private cellular network
The Open Charge Point Protocol (OCPP) has been the standard for EV charging stations since 2011. However, earlier versions (1.5 and 1.6), which are still widely used, suffer from significant security and interoperability challenges.
While OCPP establishes a standard, implementations often vary between manufacturers. Starting with version 1.6, manufacturers seeking Open Charge Alliance (OCA) certification must test interoperability with other vendors. However, security measures in these versions were not standardized, leading manufacturers to create their own, often inconsistent, security solutions.
Only OCCP version 2.0.1 introduces a comprehensive security concept that provides a secure, encrypted communication channel that also allows authentication between charge point and charging station management systems. Despite these advancements, only a small number of charging stations currently support OCPP 2.0.1.
In 2020 OCA released OCPP 2.0.1, which is a big step forward from OCPP 1.6. OCPP 2.0.1 is not an incremental extension of OCPP 1.6, even though it uses many of the same concepts and even shares some of the same messages. As a result, OCPP 2.0.1 is not backward compatible with OCPP 1.6." (Open Charge Alliance)
A private cellular network can effectively address these vulnerabilities by providing a secure and isolated communication channel, significantly enhancing the security and reliability of EV charging systems.
3. Secure private DNS without firmware changes
Public DNS services are one of the most common targets for attacks as they are used by any connected device to translate a host name to an IP address. DNS attacks can cause amplified Distributed Denial of Service attacks (through DNS requests with forged source IPs) or reroute traffic to an evil host (through poisoning the DNS cache with wrong entries).
Charge points that use cellular connectivity together with a private IPsec network do not need to use public DNS services. The charge point can communicate with a private DNS server in the CSP infrastructure that is completely protected against external attacks. Ensuring that all charge points – regardless of vendor or firmware version – use the private DNS can also be enforced by the cellular connectivity provider by offering custom DNS settings.
4. More data visibility for security intrusion detection
Managing a fleet of charging stations is challenging. How do you quickly identify operational issues, disconnections, or device misuse? The answer lies in centralizing all your data—usage metrics, connectivity errors, and traffic patterns—into one central repository.
This gives you complete visibility into your network. Set up simple alerts for unusual data consumption or network errors, and you’ve got an effective starting point for intrusion detection, allowing you to respond proactively to potential threats.
Cellular connectivity: The most secure option for connecting charge points
Cellular connectivity is the most secure way to interconnect charge points from different vendors or OCCP versions.
When choosing a cellular connectivity provider for your deployment, we suggest checking if your provider supports the following features to secure your chargers: IPsec, IMEI lock, custom private DNS setting, and a real-time data stream of connectivity data.
At emnify we use an automated IPsec setup, without the need for any private APNs as with regular operators, and we provide all the necessary features and 24/7 support that you need to run your charging solution successfully.
Christian Henke
If you want to understand how emnify customers are using the platform Christian has the insights. With a clear vision to build the most reliable and secure cellular network that can be controlled by IoT businesses Christian is leading the emnify product network team.
