Charging infrastructure for electromobility stands and falls with cyber security

New research project ReSiLENT ensures high security at low cost for EV charging boxes

An important lever for the introduction of electromobility is the manageable cost of charging infrastructure, especially low-priced offers for wallboxes and low-cost charging columns. But this inevitably leads to problems with cyber security. Risk analysis provider asvin now wants to significantly minimise these risks within the framework of a top-class research group for resilient charging infrastructure. The goal is to support the rapid expansion of cost-effective, yet cyber-secure charging points.

Electromobility is politically desired and it is no longer possible to imagine the agenda of sustainable mobility without it. However, if savings are made here, an unintended side effect will be an increased security risk for consumers and for operators of critical infrastructures in the electricity grid. There would also be the risk that mass hacking of charging stations and wallboxes would lead to blackouts in the electricity grid.

A look at the segment of renewable power generation shows that the temptation to save on security is great and the risk high when it comes to cheap products for EV charging points. In the middle of this year, the Australian information service once again took up the inverter problem with devices from Chinese manufacturers. It had already been occupying US politics and business since 2018 and led to a ban on Huawei technology in the USA. Currently, the Biden administration in Washington is discussing binding standards for cyber security in the area of EV fast charging facilities.

In general, e-mobility charging infrastructure is an attractive target for hackers, as a hacked wallbox in a private garage can quickly lead to a blackout in an entire city. This is precisely where the ReSiLENT project comes in with the message that cheap is safe when innovative methods for risk assessment and automated risk minimisation are used. Three institutions are working together in the research project, which is scheduled to run for a total of three years.

Stuttgart-based asvin GmbH is providing the cybersecurity mesh architecture based on its expertise in context-based risk analysis. This enables an assessment of the cybersecurity of software in EV charging components and connected systems. KRITIS operators and automotive suppliers can thus identify security problems in charging points and EV fleets at an early stage and initiate countermeasures to remedy them in good time. At the same time, asvin’s know-how and research expertise will help to better prioritise cyber security incidents in EV fleets – critical first, less critical later. This also allows for incident handling with mostly lacking human resources, another advantage in rolling out the most cost-effective charging infrastructure possible.

The Faculty of Computer Science and Mathematics at the Ostbayerische Technische Hochschule (OTH) Regensburg is responsible for the requirements analysis as well as the development of the cyber security applications. This is expected to significantly increase efficiency in the prevention, detection, response and attribution of cyber attacks.

The provider of innovative solutions for the smooth operation of charging infrastructure ChargeIQ GmbH from Leinfelden-Echterdingen is responsible for the application and testing in a realistic demonstration platform. With ChargeIQ, charging stations can already be operated on their own today, as the provider’s software allows a modular charging infrastructure to be set up without a lock-in effect. Hardware, software and operating mode are freely selectable.

Overall, ReSiLENT is developing a novel approach to risk management. It allows cybersecurity information about actors and elements of a networked charging infrastructure to be rolled out via peer-to-peer protocols. The research partners are thus developing and establishing a resilient cybersecurity mesh architecture in which contextual information on security incidents can be automatically exchanged between elements, devices and actors within the charging infrastructure. The high degree of automation ultimately enables the economically feasible guarantee of cyber security in low-cost charging infrastructures.

Based on the findings, this architecture will be tested in iterative steps in a demonstrator and validated in field trials. For this purpose, cybersecurity applications in the areas of prevention, response and attribution and their interfaces will be created. The project also focuses on researching fundamental novel architecture concepts that take into account the aspects of decentralisation, cybersecurity, resilience, data sovereignty and scalability. To this end, current and promising new approaches in the area of technical protocols, system components, cryptography and semantics are being investigated, developed and implemented in the demonstrator as part of the sub-project.

The ReSiLENT research project is funded as part of the electromobility funding line of the Federal Ministry of Economics and Climate Protection (BMWK), funding priority “Resilient Low-Lost Charging Infrastructure”.

About asvin:

Using powerful technology, asvin creates predictive solutions that analyse and assess the best possible resilience of devices and systems against cyber attacks. asvin provides risk analysis and software risk management for the supply chain that meets operational and regulatory requirements. For this, asvin uses unique mesh architectures, graph methods and an innovative risk-by-context approach. This enables companies to stay one step ahead of threats, efficiently deploy their resources and optimise their security investments. asvin thus strengthens cyber resilience and protects customer systems throughout their entire lifecycle.

Press contact:

Konrad Buck