U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure

The electric vehicle (EV) extreme fast charging (XFC) infrastructure ecosystem relies on multiple connected subsystems to include EV charging stations, data flow networks, and utility power distributers. This required interconnectedness of systems leaves users and the EV/grid infrastructure vulnerable to a range of threats and open to multiple attack vectors, both physical and cyber.

Managing Cybersecurity Risks for Electric Vehicle Extreme Fast Charging Infrastructure

The Cybersecurity Framework Profile for Electric Vehicle (EV) Extreme Fast Charging (XFC) Infrastructure provides users with a national-level, risk-based approach for managing cybersecurity activities for EV XFC systems.

Abstract

The Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure provides users with a national level, risk-based approach for managing cybersecurity activities for EV XFC systems. The profile enables industry members to apply work products for a secure deployment and management of the EV XFC infrastructure and the connected EV ecosystems by aligning cybersecurity controls to the NIST cybersecurity framework. Implementation and usage of the EV XFC profile facilitates cross-collaboration between the various industry stakeholders, vendors, and end users.

The NCCoE, U.S. Department of Energy, and industry stakeholders identified and prioritized mission objectives to connect operational activities to cyber activities. The EV XFC mission objectives reflect organizational priorities, and thanks to the continued support of industry stakeholders, vendors, and end-users, these mission objectives track to subcategories and informative references that facilitate and encourage sector adoption and use. 

Due to the complex nature of the infrastructure needed for EV XFC and its subcomponents, it's imperative to strengthen the ecosystems against both traditional Information Technology-based as well as Operational Technology-based cyber threats and vulnerabilities that could impact the physical world.

Background

As the next step in charging speeds, EV extreme fast charging (XFC) offers a competitive solution by providing EV drivers up to, and potentially beyond, 350kW of power along transportation corridors, allowing small vehicles to charge in minutes instead of hours and laying groundwork to make large EVs realistic.

The EV XFC Infrastructure Ecosystem relies on multiple connected subsystems such as: XFC (i.e., EV charging stations), EV (i.e., interoperability and communication with XFC), XFC–Cloud or Third-party Operator (i.e., facilitation of charging and associated data flows), and XFC and Utility-building networks (i.e., network topologies and management and coordination of power distribution). Due to the required interconnectedness of this system of systems, multiple attack vectors, both physical and cyber, leave users and the EV XFC grid infrastructure vulnerable to a myriad of results from data theft to physical property damage.

Diagram showing the four components of the electric vehicle charging ecosystem: charging stations, electric vehicles, third-party charging networks, and the electric utility.

Project Goals

  • Identification of cybersecurity risks in the EV / XFC ecosystem with specific focus on four subsystems: (1) eXtreme Fast Charging (XFC) (2) Electric Vehicle (EV) (3) XFC – Cloud or Third party Operators (4) XFC and Utility – Building Networks
  • Development of a risk informed cybersecurity activity-based risk mitigation methodology in the form of a Cybersecurity Framework Profile
  • Alignment of applicable cybersecurity references and standards that inform control selection

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself