The Biden-Harris Administration set an ambitious goal to build a national network of 500,000 public electric vehicle (EV) charging stations across the country by 2030 to ensure that all Americans can access a convenient, affordable, and reliable charge for their EVs. Currently, there are more than 175,000 public EV charging stations in the United States. While this growth of EV charging stations and their integration with the U.S. electric grid is necessary to support the transition to a clean energy future, it also presents a unique cybersecurity threat within the EV charging infrastructure. Read part 1 of this series to learn more about why cybersecurity is so important in this arena.
The Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) is focused on ensuring cybersecurity is accounted for in the EV charging system in the U.S. Between 2022 and 2025, CESER will have invested over $8 million in several research projects with public and private partners to develop and promote cybersecurity standards for the EV and EV supply equipment (EVSE) ecosystem and to identify tools and technologies to prevent and mitigate cyber attacks to EV charging infrastructure.
This research, largely conducted by DOE’s National Laboratories with some public-private partnerships, focuses on addressing the biggest cybersecurity challenges in the EVSE ecosystem, such as:
- Testing emerging EV charging technologies for cybersecurity vulnerabilities. CESER partnered with researchers at several National Labs to complete the first demonstration cycle of the Congressionally directed EV Secure Architecture Laboratory Demonstration (SALaD) pilot. It aims to improve EVSE security and resilience by developing technologies that detect malicious activity in the power source and prevent an attack from occurring. Through partnerships with industry manufacturers, EV SALaD researchers test these new technologies in demonstrations on EV charging systems to understand their effectiveness and share the results with the industry partners. This pilot completed in 2023 and will continue as a program for a second demonstration cycle in 2024. The first demonstration resulted in further development and testing of an early Vehicle Technologies Office (VTO) prototype (Cerberus) that won a R&D 100 award in 2023 and also spurred a novel new testing tool.
- Coordination of cybersecurity risk management strategies and approaches among EV stakeholders. CESER and DOE’s VTO co-funded the Cybersecurity Framework Profile for EV Extreme Fast Charging (XFC) Infrastructure, published by the National Institute of Standards and Technology in October 2023. The Profile provides EV XFC stakeholders a means to assess and communicate their cybersecurity postures by addressing risks specific to the EV charging ecosystem. Users will find a risk-based approach for managing cybersecurity activities and an opportunity for cross-collaboration between the various industry stakeholders.
- Improving secure communications within the EV charging infrastructure. Public key infrastructure (PKI) is a method used in a secure EV charging process that encrypts information and certifies it’s received by the appropriate user. CESER has jointly funded several research & development projects related to implementing PKI authentication. One includes a collection of live events at a DOE National Laboratory where industry partners will be able to test the critical integration and interoperability of PKI in EV charging systems. These tests will assess recovery and response functions and resolve PKI implementation inconsistencies for EVSEs across the industry. Another project includes development of a prototype to enable table top PKI testing.
- Assessment and coordination of EVSE cybersecurity standards. In 2023, DOE’s Grid Modernization Initiative funded a $39 million lab call, including one project funded by CESER. Researchers at several National Labs will work to identify gaps in cybersecurity and provide a baseline for efforts related to harmonizing cybersecurity standards and voluntary cybersecurity testing across the EV charging ecosystem. In coordination with the Biden Administration’s National Standards Strategy for Critical and Emerging Technology, this project is co-led by the VTO and will work with the DOE/DOT Joint Office of Energy and Transportation. The intended project outcomes will be a standardized set of differing levels of voluntary testing requirements for EVSE equipment that are inspired by a “Security Star” EV Charging System Cybersecurity Certification Program (inspired by "Energy Star").
Public-private partnerships are imperative for success in these areas. Next week, look out for the final blog in our Securing EV Charging Systems series to learn about our partners in this work, including other DOE Offices, National Laboratories, and industry partners.
