Overviewing UK’s EV charging stations and energy grid regulations regarding cybersecurity protection and consumption stability.
As part of the UK’s commitment to net zero greenhouse gas emissions by 2050, a demand for regulations on the Electric Vehicle charging process is required. As many consumers will be charging their vehicles at private home stations, smart charging regulations are being offered in order to optimize the process to be scheduled for low-demand electricity periods or in high renewable electricity cycles. The response from the consumer to assist in electric grid assistance is called DSR (Demand-Side Response). Without smart charging regulations, EV charging will become a bottleneck when consumers all return home at around the same time, and will cause soaring electricity demands that could result in over-peaking.
The policy mandates that all domestic and workplace charge points in the UK must have the technical capabilities for smart charging: charge points and cables that have smart functionality and will maintain levels above 50KW. Furthermore, charge points must be capable of ensuring user charging even when the Wi-fi connection is down, and for consumers to have the ability to freely switch between energy suppliers. The new legislation requires users to also have access to big data on their energy consumption, allowing the consumer to actively monitor their electricity use and to allow facilities to be prepared for response services.
To mitigate grid instability, the legislation requires that charge grids maintain a balance between generation and demand of energy, by mandating a randomized delay function in the grid system. This manifests in charge point switching in a staggered manner.
One of the main potential threats to the stability of such a grid system is the cyber attack vector. Because smart charging points will have a vast communication & control system, the level of device hacking could create a hazardous and chaotic ecosystem. Strong cyber requirements must be implemented in such a system, and include best-practice configurations, set out in the DCMS code of practice for IoT devices and the EU cybersecurity standard ETSI EN 303 645. A statement of compliance must be provided for each charging point.
General cybersecurity principles mandate that charging points must provide cyber protection against risks and damage, both to the charging point and to the electricity grid system. Software systems for these points must support OTA updates, and must be able to validate authenticity and integrity of software being updated. Part of the authenticity process will verify that software and updates have not be altered, and that any unauthorized change will be detected and notification of this will be communicated across encrypted networks, including informing the owner. Additionally, software must run with the minimum level of access privileges needed to deliver functionality, and security log data must be incorporated into the relevant charge points. Any and all cybersecurity attempts, whether successful or not, must be registered. Any breach or tamper sensed, or unauthorized access, must be logged. Information regarding security attacks must be reported periodically and for each software update.
The automotive cybersecurity industry is taking notice. The UK first to imagine a reality of the Electric Vehicle future, and the first to include regulations to ensure energy stability from the EV grid prospective. Karamba Security is as usual ahead of the curve and ready with a plethora of cybersecurity tools and services that can address the needs for secure charging points. Karamba’s XGuard IDPS is an embedded software agent and cloud-based backend that prevents malware and fileless attacks, and detects and monitors any anomalous behavior and suspicious malware. It integrates as part of the existing firmware and seamlessly integrates with the binaries of the ECU and other devices, without effecting product functionality. Fleet-level monitoring can be maintained using XGuard/VSOC for broad threat coverage.
Additionally, Karamba’s binary analysis tool, VCode, automatically identifies cybersecurity issues in ECUs and supplier binaries, detecting vulnerabilities, risky tools, misconfigurations, outdated credentials and CVEs. With a supplemental feature of a vulnerability management system for multiple fleets of devices, it is a perfect match for cyber protection according to the UK EV smart charging points legislation.
