As charge point operators, our systems are responsible for the flow of energy to EVs. This is an exciting and relatively new area of technology. This also means that as charging networks grow in size, the amount of electricity controlled by charge point operators could become significant enough to influence the energy system.
What is the risk?
Newer generation EV chargers are typically ‘smart’, which means they are connected to the internet and can be operated remotely. Being smart opens up a number of opportunities for charge point owners; for example, the vast majority of charge point issues can be rectified remotely, software can be updated regularly via over the air updates and drivers can schedule their home charging to coincide with off-peak energy tariffs.
However, being connected to the internet does raise the risk of cybersecurity attacks, and it is right that this risk has been highlighted by groups such as Computest. As industry charge point operators, we have a responsibility to ensure that we understand and preemptively respond to cybersecurity risks.
Road’s commitment to cybersecurity
We have adopted the following security measures to prevent unauthorised access to our systems:
- We have dedicated teams for the continuous improvement of our network connectivity and security features, and our platform and backend have many security features such as 2FA, firewalls, anti-DDoS, SSO, Role-based-access-control (RBAC) and more.
- We support security profiles as described in the Open Chargepoint Protocol (OCPP) versions 1.6 and 2.0.1. Currently, charge point stations can connect with a security profile up to profile 2, and we are working with manufacturers to introduce full support for security profile 3. For hardware models unable to support secure connection, Road offers private networking solutions, with traffic between the charging station and our datacentre routed via a secure VPN tunnel.
- The Road platform also constantly monitors charge points for any signs of malicious activity and has automated systems for detecting hardware malfunctions, helping us to get ahead of any quality issues.
Data security and privacy are also of critical importance to Road. We have annual independent security audits of our platform and take measures to ensure we are compliant in privacy-aware jurisdictions (such as Europe’s GDPR, California’s CCPA and Japan’s APPI). Our cloud infrastructure provider (Google Cloud) also has an excellent track record of GDPR compliance and commitment. To ensure the security of transactions, we have automated systems for detecting fraud patterns.
We hope this article assures our customers that we are taking every possible step to ensure the security of our systems. Cybersecurity is a risk that Road will never underestimate.
