Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure
The electric vehicle (EV) extreme fast charging (XFC) infrastructure ecosystem relies on multiple connected subsystems to include EV charging stations, data flow networks, and utility power distributers. This required interconnectedness of systems leaves users and the EV/grid infrastructure vulnerable to a range of threats and open to multiple attack vectors, both physical and cyber.
Managing Cybersecurity Risks for Electric Vehicle Extreme Fast Charging Infrastructure
Abstract
The Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure provides users with a national level, risk-based approach for managing cybersecurity activities for EV XFC systems. The profile enables industry members to apply work products for a secure deployment and management of the EV XFC infrastructure and the connected EV ecosystems by aligning cybersecurity controls to the NIST cybersecurity framework. Implementation and usage of the EV XFC profile facilitates cross-collaboration between the various industry stakeholders, vendors, and end users.
The NCCoE, U.S. Department of Energy, and industry stakeholders identified and prioritized mission objectives to connect operational activities to cyber activities. The EV XFC mission objectives reflect organizational priorities, and thanks to the continued support of industry stakeholders, vendors, and end-users, these mission objectives track to subcategories and informative references that facilitate and encourage sector adoption and use.
Due to the complex nature of the infrastructure needed for EV XFC and its subcomponents, it's imperative to strengthen the ecosystems against both traditional Information Technology-based as well as Operational Technology-based cyber threats and vulnerabilities that could impact the physical world.
Background
As the next step in charging speeds, EV extreme fast charging (XFC) offers a competitive solution by providing EV drivers up to, and potentially beyond, 350kW of power along transportation corridors, allowing small vehicles to charge in minutes instead of hours and laying groundwork to make large EVs realistic.
The EV XFC Infrastructure Ecosystem relies on multiple connected subsystems such as: XFC (i.e., EV charging stations), EV (i.e., interoperability and communication with XFC), XFC–Cloud or Third-party Operator (i.e., facilitation of charging and associated data flows), and XFC and Utility-building networks (i.e., network topologies and management and coordination of power distribution). Due to the required interconnectedness of this system of systems, multiple attack vectors, both physical and cyber, leave users and the EV XFC grid infrastructure vulnerable to a myriad of results from data theft to physical property damage.
Project Goals
- Identification of cybersecurity risks in the EV / XFC ecosystem with specific focus on four subsystems: (1) eXtreme Fast Charging (XFC) (2) Electric Vehicle (EV) (3) XFC – Cloud or Third party Operators (4) XFC and Utility – Building Networks
- Development of a risk informed cybersecurity activity-based risk mitigation methodology in the form of a Cybersecurity Framework Profile
- Alignment of applicable cybersecurity references and standards that inform control selection
Join the Community of Interest
A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI.