Securing Eletric Mobility Charging Networks

Securing Eletric Mobility Charging Networks

H2020 Concordia work package 2 is composed by 4x Sector-Specific Pilots:

  • Task T2.1: Telecom Sector
  • Task T2.2: Finance Sector
  • Task T2.3: Transport E-Mobility Sector
  • Task T2.4: e-Heath Sector
Related with T2.3 CRF and EFACEC are working together on a pilot project focused on the Security of the e-Charging Infrastructure.

Nowadays due urgent needs for climate and energy frameworks for GHG emissions, the increase the Eletric mobility charging networks availability and security it´s a real need for the future. On Eletric charging stations and networks, due the geographic dispersions the need of equipment’s, several concerns with this topic shall be covered, looking for the security relevant standards/regulations like:

  • GDPR: EU regulation for data protection and privacy
  • ISO 27001: Security standard that provides requirements for establishing, implementing, maintaining and continually improving an information security management system
  • IEC 15118: Vehicle to grid communication interface for bi-directional charging/discharging of EV. Additional requirements for secure Plug & Charge feature to automatically identify user to the charging station

While GDPR covers more details about regulation, ISO 27001 draws a more technical detailed topics that need to be implemented like Access control, Cryptography, Physical and environmental security, Operations security, Communication security, Information security aspects of business continuity [1].

One of relevant aspect in cybersecurity, is that security tests shall be done for relevant components, using at least already available market or open source tools. During this task several components were tested using the following tools:

  • OpenVAS : open source security assessment scanner, with a relevant issue database
  • OWASP : open source security assessment scanner dedicated for web portals
  • NIKTO : open source security assessment scanner dedicated for web portals
  • Nessus Essentials: security network assessment scanner
  • NMAP: basic but essential network port scanner
  • JDWP_SHELLIFIER: exploit access scanner for Java software

During the current project, and using the data gather from the components test phase, we started a task of building a new Operating system that delivered some of the following specifications:

  • Account hardening
  • Firewall implementation on OS level
  • Data encryption

For the Operation system build we use the open source tool ELBE (embedded Linux build system), that is an environment to generate RFS (root-filesystems) [2], using a XML receipt, what is an agile methodology to quick generate RFS and test the operating system changes and results. For the image creation we use the last stable Debian version with Kernel 4.9. This version also permits the creation of UEFI based firmware. UEFI secure boot is a mechanism that ensures that the boot process loads a thrusted software.

References:

  1. Security architecture for electric vehicle charging infrastructure, ENCS
  2. ELBE, https://elbe-rfs.org/docs/sphinx/index.html

If you are interested in cybersecurity, make sure that you follow us on our communication channels because we will lead its future.

(By Filipe Campos, Efacec)