SAE and NREL Partner to Strengthen EV-Charging Cybersecurity

The project uses PKI to help protect the connection between EVs and charging stations.

Rivian engineers Sarah Hipel (left) and Gabriel Lopez plug in an R1T during tests at NREL. (Bryan Bechtold/NREL)

Members of the electric vehicle industry gathered at the National Renewable Energy Laboratory (NREL) in early April to evaluate enhanced cybersecurity for the connections between EVs and charging infrastructure. As more EVs enter the market and connect to the electrical grid, potentially exposing cyber vulnerabilities, vehicle security is drawing increased interest. The collaborative event supports a two-year project led by SAE International to strengthen EV cybersecurity through wide industry engagement on pre-competitive research and technology prototyping in the EV charging space.

The event, held at NREL’s Golden, Colorado Energy Systems Integration Facility, was organized to evaluate the application of public key infrastructure (PKI) – a method for encrypting information exchange and certifying the trusted authenticity of devices – to help protect the connection between vehicles and charging stations. Although PKI had been adopted for many industries, this kind of authentication between different companies’ electric vehicles and charging stations is not commonplace nor has it matured in the EV charging ecosystem.

NREL has previously studied the vulnerabilities associated with EV interconnections and has evaluated strategies to mitigate those vulnerabilities. The event went a step further into showing how PKI could improve security of communications required to enable charge sessions to take place. Successfully securing these communications would help protect against financial fraud and defend drivers, vehicles, manufacturers, and charge network operators from other cyber intrusions.

Participants including Ford Motor Co., Rivian, Shell Global Solutions and ChargePoint brought EVs and charging infrastructure to this initial test event. The teams used a PKI system designed by Eonti and implemented with Digicert to focus on establishing primary system functionality for the PKI-strengthened charging connection. Once basic functions have been demonstrated, the participants and NREL can begin planning for future efforts that will guide the team to implement a defensible system for protecting charging infrastructure in the field.

“NREL has assembled unique power systems, cyber facilities and insights to assist these teams to assess the cybersecurity of electrified transportation systems under real operating conditions and this project is a great opportunity to marry industry expertise and government evaluation resources,” said Tony Markel, project lead at NREL.

The product teams completed dozens of tests, using valid and invalid PKI implementations to ensure systems are robust enough to correctly capture and identify accurate and faulty behaviors. In follow-on tests, researchers intend to expand the number of companies involved and the test cases performed to widen the impact of testing on the EV charging sector. The test cases will include adversarial drills against EV connections in the spirit of a hack-fest to confirm the full cyber strength of a PKI implementation strategy.

The interest in PKI for EV charging follows an industry assessment that found opportunities for improvement in current standards pertaining to EV cybersecurity. SAE is organizing the international EV charging sector, as well as public and research entities, to collaboratively increase overall security in this critical connection between the mobility and energy industries. The project is intended to deliver an operational PKI method agnostic to the charging platform that is available to industry worldwide.

SAE’s PKI Cooperative Research Projects (CRP) are joint ventures with industry partners that perform targeted, pre-competitive research to develop solutions – by industry for industry. The NREL project encompasses the designing and testing of an inclusive, worldwide EV charging industry PKI platform that is secure, trusted, scalable, interoperable, and extensible.

SAE International is seeking to expand the network of participating entities to join this critical project. Future activities include proving the scalability of PKI for EV charging, ensuring its compatibility across products, and sharing results to influence standards. Learn more about NREL’s cybersecurity  for grid-vehicle integration research and other sustainable transportation and mobility initiatives.

Tim Weisenberger is SAE Program Manager of Emerging Technologies; This email address is being protected from spambots. You need JavaScript enabled to view it.