Data Security in Charging Infrastructure: Why Modbus is Negligent in Managing EV Charging Systems and Why OCPP is the Better Choice

Modbus is a communication protocol developed in 1979 by Modicon (now Schneider Electric). It is widely used in industrial applications due to its simplicity and robustness. Modbus facilitates communication between various devices such as programmable logic controllers (PLCs) and remote monitoring systems.

The Open Charge Point Protocol (OCPP) was developed to standardize communication between electric vehicle charging stations and central management systems. OCPP is an open standard that is continuously updated to ensure interoperability between devices from different manufacturers and to address new security threats.

Lack of Encryption

A major problem with Modbus is the absence of encryption. Data is transmitted in plain text, making it easy for attackers to intercept and manipulate sensitive information. This poses serious risks, especially when managing charging infrastructures. Data security in charging infrastructure is significantly compromised by this vulnerability.

Lack of Authentication

Modbus does not offer integrated mechanisms for authenticating devices within the network. Without authentication, unauthorized devices can easily access the system and send malicious commands. This presents a significant security risk, as attackers can manipulate systems without restriction.

Vulnerability to Cyberattacks

Recent studies, such as the Dragos report on "FrostyGoop," demonstrate the vulnerability of Modbus-based systems to cyberattacks. The lack of encryption and authentication makes these systems an attractive target for attackers looking to inject malware or take control of the systems.

Encryption

One of the biggest advantages of OCPP is the use of HTTPS for communication between the charging station and the backend system. This ensures that the transmitted data is encrypted and cannot be intercepted by unauthorized parties. Encryption thus provides a high level of protection against data manipulation and theft, enhancing data security in the charging infrastructure.

Authentication

Another advantage of OCPP is the ability to authenticate charging stations and central systems. This ensures that only authorized devices and users can access the network. Authentication mechanisms prevent unauthorized access and protect the system from manipulation.

OCPP is an open standard that is continuously updated to address new security threats and ensure interoperability between different manufacturers. This makes OCPP future-proof and adaptable to the changing demands of the electromobility sector.

OCPP enables standardized communication between charging devices and management systems. This facilitates the integration of various hardware and software solutions and ensures seamless collaboration.

Since OCPP is an open standard, operators of charging infrastructures can use devices from different manufacturers without being limited to proprietary solutions. This fosters competition and innovation in the charging infrastructure market.

OCPP is continuously updated to keep pace with technological advancements and new requirements. This ensures that charging infrastructures using OCPP remain compatible and secure in the future.

OCPP offers advanced functions to optimize the charging process, such as load management, user management, and billing systems. This allows for more efficient use of available charging power and improves the user experience.

A Zero Trust Policy is based on the principle "Never trust, always verify." It assumes that threats can originate both inside and outside the network. Therefore, every access to the network, regardless of location or user identity, is verified and authenticated.

In integrating charging infrastructures with the energy market and critical infrastructure, a Zero Trust Policy is essential. Any unencrypted or unauthorized communication poses a potential risk to the entire infrastructure. By implementing OCPP and adhering to a Zero Trust Policy, operators can ensure that all connections are verified and secured, minimizing the risk of cyberattacks.

ChargePilot leverages the advantages of OCPP to ensure the secure and efficient management of charging systems. By using HTTPS and enabling authentication, ChargePilot provides a high standard of security. This minimizes the risks of cyberattacks and ensures a reliable charging infrastructure.

An example of the successful implementation of OCPP in ChargePilot is its use in a large corporate fleet. Through OCPP, secure and seamless communication between charging stations and the central management system was achieved, leading to increased reliability and security of the entire charging infrastructure.

In recent years, there have been several incidents where electric vehicle charging stations were hacked. These examples underscore the need for secure communication protocols like OCPP:

1. Incident in Norway (2018): Charging stations operated by a major provider were compromised, leading to outages and manipulation of charging times. The attack exploited unsecured Modbus connections to gain access to the system. (Source)
2. Hacker Attack in Germany (2020): Hackers infiltrated a provider’s network, manipulating charging prices and billing data. Vulnerabilities in communication security were exploited in this case. (Source)
3. Kaspersky Report (2021): Kaspersky reported several cases where charging stations were targeted by DDoS attacks and malware infections, causing significant operational disruptions. (Source)

These incidents highlight the importance of secure communication protocols and the implementation of a Zero Trust Policy to prevent such attacks.

Choosing the right communication protocol is crucial for the data security of charging infrastructure and the efficiency of electric vehicle charging systems. While Modbus presents significant security risks, the advantages of OCPP offer a future-proof and secure solution. ChargePilot deliberately relies on OCPP to meet the high demands of modern IT security and to ensure a reliable charging infrastructure. Operators of charging systems should therefore also adopt OCPP and implement a Zero Trust Policy to ensure the data security of their charging infrastructure and protect against cyberattacks.

Sources and Further Reading

1. ^{Dragos Report on "FrostyGoop": Download PDF}
2. ^{Report by the Baden-Württemberg Office for the Protection of the Constitution: Link}
3. ^{Further Information on OCPP and ChargePilot: The Mobility House}
4. ^{The Mobility House Knowledge Center: Why OCPP is Important}
5. ^{Security Forum Norway: Hacked Charging Stations}
6. ^{Cybersecurity Insider: Hacker Attack in Germany}
7. ^{Kaspersky Blog: Report on Hacked Charging Stations}