The Open Charge Alliance announced today that they have published a new security white paper. According to the news release:
Secure communication and operation is a critical aspect of Electric Vehicle Charging Infrastructure. In the latest release of OCPP version 2.0 security features such as secure connection setup, security events/logging and secure firmware update, have been added to the specification. For OCPP 1.6 however, the security measures have up until now been designed by individual implementers of OCPP. To further assist the industry the Open Charge Alliance now publishes a white paper to describe a standard way to address security using OCPP 1.6-J. Security requirements are included, on security measures for both Charge Point and Central System, to help developers build a secure OCPP implementation.
This white paper contains the following security enhancements:
- Secure connection setup
- Security events/logging
- Secure firmware update
The OCPP 1.6 Security Whitepaper is also added to the OCPP 1.6 zip file that can be found on the download page of the OCA website.
I’m travelling at the moment, and haven’t had a chance to look through the document in detail. However it certainly sounds as though the OCA has ported the new security features in Open Charge Point Protocol 2.0 back into version 1.6. They are perhaps long overdue, since only a few days ago Kaspersky Lab revealed that “electric vehicle chargers supplied by a major vendor carry vulnerabilities that can be exploited by cyber-attackers” had just been patched.
Watch this space!
Following the flight from hell courtesy of RyanAir, I’ve now had a chance to skim the new “white paper”: