Security Essential as Electric Vehicles Accelerate

The electric vehicle (EV) market continues to expand at a rapid pace and demonstrated strong year-over-year growth before the pandemic emerged. According to a recent survey by IEA, sales of electric cars topped 2.1 million globally in 2019, boosting the total stock to 7.2 million electric cars.

As the EV market takes off, the infrastructure to support them continues to grow as well. More than 7.3 million chargers have been deployed worldwide for public use. They provide a combination of convenience and cost-effectiveness, and are proliferating rapidly according to IEA:

“Globally, the number of publicly accessible chargers (slow and fast) increased by 60% in 2019 compared with the previous year, higher than the electric light-duty vehicle stock growth.”

An additional 6.5 million private chargers are also in use, supported by rebates and other policies that incentivize their adoption. Although these private chargers are contributing to the growth of EVs, offering an exceptional experience at public chargers is most important, because consumers are on the move by definition. Ideally, an EV driver should be able to pull up to a charger, plug in and automatically charge their vehicle with seamless, frictionless payment via the cloud—no credit cards or other payment methods required. However, questions emerge about how charging works when a driver goes beyond their local geographic area and may encounter different standards. Maintaining interoperability and security as drivers roam between infrastructures requires a common solution that extends across locations and proprietary systems.

How Secure Are Public Chargers?

Public chargers are an essential part of the EV experience. Although Tesla utilizes a proprietary charging system, the EV industry has also developed its own standard, ISO 15118, to provide a “Plug and Charge” feature for vehicles from any manufacturer. This international standard outlines the digital communication protocol that an electric vehicle (EV) and charging station should use to recharge the EV’s high-voltage battery. As part of the Combined Charging System (CCS), ISO 15118 covers all charging-related use cases across the globe.

The proposed process is based on having a unique identity for each vehicle. The EV owner works with a mobility operator (MO), which in turn issues a contract certificate tied to the owner account. This contract certificate is transmitted to the charging station and the CPO verifies its validity. The MO then invoices the owner and handles all associated back-end processes.

To establish identity among the different elements of the system, ISO 15118 employs public key infrastructure (PKI), a proven technology that enables large-scale authorization and reliable encryption, for an extremely high level of trust. PKI provides a scalable authentication, encryption and integrity technology layer to verify each connection point and the data shared between them.

However, although the basic process is fairly simple and straightforward, the proposed standard does leave some areas vulnerable, which introduces governance issues. There are technical limitations associated with mixed tier PKI, and the lack of a common set of management requirements can expose key usage vulnerabilities.

How Can the Industry Take Charge of Security?

DigiCert and Eonti Inc. have evaluated the current ISO 15118 standard and offer a variety of recommendations to strengthen its PKI implementation and mitigate some of the security issues that have arisen around EV charging.

The first step is to enhance governance. EV and charger manufacturers should take steps to establish a common level of trust, based upon interoperable certificates across the ecosystem. They should also support the improved integrity of certificates and private keys, through steps including establishing certificate revocation policies and key management policies.

The second recommendation is to simplify the standard’s multi-tier PKI system to minimize cost and complexity. With a simplified, two-tier PKI system, manufacturers can avoid some of the challenges associated with a mixed-PKI system. They can also enable a common set of management across the ecosystem, minimizing training and providing more consistent control.

Manufacturers also should strengthen operations to address subscriber onboarding requirements. They should also develop certificate lifecycle management requirements and take steps to ease EV charging certificate provisioning.

Finally, manufacturers should build momentum and drive consensus by establishing a coalition with a diverse set of skills and experiences to lead the effort. The coalition should provide governance and collaborate to create a standards-based solution that is secure, scalable and interoperable while reducing the costs and complexity of implementing PKI within the EV charging ecosystem.

With the Right Approach, the EV Industry Can Continue to Grow

As the EV market continues to accumulate momentum, the time is now for manufacturers to support it with secure, interoperable charging solutions that can scale easily. By complementing their impressive vehicle performance with a safe, frictionless charging experience for customers, EV manufacturers can continue to build on their gains from recent years, and drive continued adoption of more environmentally friendly transportation.

Avatar photo

Mike Nelson

Mike Nelson is the VP of IoT Security at DigiCert, a global leader in digital security. In this role, Nelson oversees the company’s strategic market development for the various critical infrastructure industries securing highly sensitive networks and Internet of Things (IoT) devices, including healthcare, transportation, industrial operations, and smart grid and smart city implementations. Nelson frequently consults with organizations, contributes to media reports, participates in industry standards bodies, and speaks at industry conferences about how technology can be used to improve cyber security for critical systems and the people who rely upon them. Nelson has spent his career in healthcare IT including time at the US Department of Health and Human Services, GE Healthcare, and Leavitt Partners – a boutique healthcare consulting firm. Nelson’s passion for the industry stems from his personal experience as a type 1 diabetic and his use of connected technology in his treatment.

mike-nelson has 18 posts and counting.See all posts by mike-nelson