Securing the road ahead: Security challenges and opportunities for EV chargers

Securing the road ahead: Security challenges and opportunities for EV chargers

Feature articles |
By Christoph Hammerschmidt

Government mandates, including one by the European Union (EU) that will only allow new cars with zero CO₂ emissions from 2035 onwards, as well as shareholder pressure and consumer awareness of the climate crisis, are accelerating the shift to eMobility. One in 11 new cars sold in the EU in 2021 was fully electric, a jump of 63% versus 2020, according to the European Automobile Manufacturers’ Association (ACEA).

As eMobility efforts around the world accelerate, so do efforts to create a broad network of EV charging stations, comparable to the one that exists for gas-powered vehicles. This, however, creates a new challenge: How to build large swathes of EV infrastructure quickly, without compromising on the security requirements of such a system.

The industry faces several significant hurdles, including how to securely communicate with chargers in the field from the cloud, ensuring interoperability, transactions authentication, and preventing fake or unauthorized chargers. Here, we explore those challenges, and how to overcome them by having the right solutions in place.

EV charging infrastructure expectations

Society still takes the delivery of fossil fuels for granted – despite rising costs, you can fill up your car at any service station. Yet at the same time, ACEA notes that Europe currently has only 374,000 public EV chargers, two-thirds of which are concentrated in just five countries – the Netherlands, France, Italy, Germany and the United Kingdom. According to US Department of Energy data, there are around 43,000 public EV charging outlets in the United States, the majority of which are in California.

This is in stark contrast to the estimated demand for EV chargers. A report by EY and Europe’s utilities trade body Eurelectric estimates that Europe will need 65 million EV chargers – nine million public and 56 million residential – to handle the 130 million EVs that are set to be on the road by 2035. In the US, McKinsey estimates that by 2030, the country will need 1.2 million public chargers. This means a substantial build-out of charging infrastructure will be required.


Despite successes in the EU, such as promoting a common EU plug standard, and improving access to different charging networks, the European Court of Auditors cites that the availability of charging stations varies between countries, payment systems are not harmonized with minimum requirements and there is inadequate information for users.

There’s also an interoperability issue at stake, particularly for ultra-fast, high-power DC charger network deployments that are mostly linked with specific automotive brands. (There is a small yet growing number of high-voltage DC charge points available, which can deliver much higher levels of charge than an AC charge point and therefore reduce charging time.)

Transactions authentication

As with traditional service stations, there’s often an expectation that drivers can charge anywhere they find a point and receive one bill at the end of the month or pay as they charge via a point-of-sale terminal.

Here, data protection and secure connectivity are essential to enable charge management and secure automated billing. In particular, the industry requires secure data transactions and device authentication for standard charging with one provider, versus fast charging with a ‘deluxe’ provider, often at a premium rate.

Fake/unauthorized access

To avoid fake or unauthorized access to the electric vehicle supply equipment (EVSE) infrastructure, there needs to be a standardized way of securely unlocking the EV charging station via user credentials. There’s also security against cyberattacks of the EV charging infrastructure itself and the value chain to consider.

A 2022 EV charging station study conducted by Carlos Alvarez College of Business’ Department of Information Systems and Cyber Security examined 16 different EV charging systems and uncovered 13 significant areas of security threats and vulnerabilities, the most severe being missing authentication and cross-site scripting (XSS).

First time right

The good news is that to avoid unauthorized access, secure protocols based on the industry standard near-field communication (NFC) can be used to unlock the EV charging station. These could be credentials like a physical smartcard or smartphone, and can be aligned with other smart city applications, such as parking and public transport. NXP, for example, offers smartcard solutions that have been proven in hundreds of cities around the world and offer benefits such as high level security, confidentiality, portability, and, as a consequence, convenience.

Incorporating secure elements in the EVSE to comply with industry standards like ISO 15118 for vehicle to charger communication or calibration laws – such as the German Eichrecht – is also critical. For example, NXP’s latest EdgeLock® SE05x family of embedded security solutions offers enhanced Common Criteria EAL 6+ and FIPS 140-2 certified security, for strong protection against the latest attack scenarios. At the same time, the point of connection remains safe and easy to use. It also acts as a security enabler for the entire value chain providing communication between the EV, EV charging station, and the cloud.

Put simply, it simplifies key and credential management for OEMs and service providers, and offers certified, future-proof security that is easily updateable in the field. As such, NXP offers the EasyEVSE EV charging development platform to accelerate the setup of a secure connection between a simulated EVSE and cloud services.


The EV industry is growing at a pace, fueled by consumer demand and government policies. As such, the most important measures that need to be taken to make EV charging points safe and easy to use are high levels of efficiency, accuracy, interoperability, connectivity and security.

About the authors:

Giuseppe Guagliardo is a Product Manager at NXP Semiconductors. As part of the IoT security team, he is driving NXP’s secure element offering for IoT products making security more accessible. He works with IoT and industrial customers and supports them in understanding security threats and in the realization of their secure IoT solution. Giuseppe has experience in system engineering roles with focus on IoT, edge and cloud architectures.

Antje Schütz is Senior Marketing Manager IoT Security at NXP Semiconductors. With more than 20 years’ experience in the semiconductors market, Antje leverages her understanding of security and mass market to drive secure element solutions at NXP into both established and new markets, such as industrial and EV charging.


If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News


Linked Articles