Publications

Cybersecurity certification programs for Electric Vehicle Supply Equipment (EVSE) are fragmented due to no single certification covering all aspects of the device and additionally the existence of multiple programs and under different levels of regulation. These devices are also confronted by the intricate assembly of product software, firmware, and hardware. Devices contain both logical and physical interfaces. These multifaceted devices have vulnerabilities at many levels and interconnect with other potentially vulnerable systems including the electric vehicle, the cloud where data and payment information are stored, and the electric grid and electric grid equipment including utilities. Of the EVSE certification programs that are found, none are directly for the cybersecurity of EVSE. Many standards are for safety, specifically battery safety, some are cybersecurity standards for other types of equipment and can be modeled for EVSE. In specific, ISA/IEC 62443 is found to be significantly in line with EVSE security needs and will be used in future testing to certify EVSE and help guide the project to demonstrate where gaps exist, where strengths lie in the standard and how this can be used to lead the certification efforts in harmonizing EVSE cybersecurity standards. In addition, there are multiple efforts that are currently seeking to build EVSE standards or revise existing standards to address gaps. This effort is seeking to establish a cybersecurity program for EVSE that will inform customers and help increase the level of security across products and state EVSE procurements to achieve consistency across different jurisdictions.