This standard is developed in accordance with the rules given in GB/T 1.1-2009 Directives for standardization - Part 1: Structure and drafting of standards.
This standard was proposed by the China Electricity Council.
This standard was proposed by the Standardization Center of the China Electricity Council. Chief drafting organization of this standard: Computer and Microelectronics Development Research Center of the Ministry of Industry and Information Technology, Electric Power Research Institute Co., Ltd. of State Grid, Shanghai Electrical Apparatus Research Institute, Potevio new energy Co., Ltd., State Grid Network Security (Beijing) Technology Co., Ltd., Zhejiang Anke Network Technology Co., Ltd., Science and Technology Development Service Center of China Electricity Council, and China Electricity Technology Market Association. Chief drafters of this standard: XUE Xiaoqing, FU Jing, ZHANG Xiaofei, JU Chen, FANG Hongbo and WANG Hongkui. Participating drafting organizations of this standard: Xuchang KETOP Testing Technology Co., Ltd., Qingdao TELD New Energy Co., Ltd., Huawei Technologies Co., Ltd., Shenzhen Clou Electronics Co.,Ltd., Integrated Electronic Systems Lab Co.,Ltd. (iESLab), Global Energy Interconnection Research Institute Co. Ltd., XCharge, Inc., Jiangsu Wanbang Dehe New Energy Technology Co.,Ltd., Zhejiang Wanma Co., Ltd., Electric Power Research Institute of State Grid Beijing Electric Power Company, State Grid EV Service Co., Ltd., and Guangdong Electric Power Design Institute Co., Ltd.
The issuing authority of this standard shall not be held responsible for identifying any or all such patent rights.
This standard is issued for the first time.
In the process of implementing this standard, the relevant comments and recommendations, whenever necessary, may be fed back to the Standardization Center of China Electricity Council (No.1, 2nd Lane, Baiguang Road, Beijing, 100761, China).
Technical specification for information security of electric vehicle charging facilities
1 Scope
This specification specifies the technical requirements for information security of electric vehicle charging facilities.
This specification is applicable to the design, operation and maintenance, R&D, test and evaluation and other links of information security protection of the operation platform, charging equipment and mobile intelligent terminal software related to electric vehicle charging facilities.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated reference, only the edition cited applies. For undated references, the latest edition (including any amendments) applies.
GB/T 9387.1 Information technology - Open systems interconnection - Basic reference model - Part 1: The basic model
GB/T 18336.3-2015 Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance components
GB/T 19596 Terminology of electric vehicles
GB/T 29317-2012 Terminology of electric vehicle charging/battery swap infrastructure
GB/T 34975-2017 Information security technology - Security technical requirements and testing and evaluation approaches for application software of smart mobile terminals
T/CEC 102.4 Interactive of charging and battery swap service information for electric vehicle - Part 4: Data transmission and security
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 19596 and GB/T 29317-2012 and the following apply.
3.1
charging facilities
charging piles, charging pile groups and charging stations that can provide external charging services in the charging operation network, including charging equipment, operation platform and mobile intelligent terminals
3.2
basic software
underlying software running on basic resources, generally including host operating system, system database, network security protection software, audit application and middleware
3.3
operation system
system that provides services for the end users and business operators of the platform
3.4
mobile intelligent terminal
mobile communication terminal products that can access the mobile communication network, have an open operating system capable of providing an application development interface, and allow users to install, run and uninstall application software by themselves
3.5
mobile intelligent terminal software
application software developed for mobile intelligent terminals, including those of charging facility manufacturers and those provided by Internet information service providers that can be downloaded, installed and upgraded through mobile application distribution platforms such as websites and app stores, and is suitable for charging facilities
3.6
information service system
application system centered on processing the electric vehicle charging service information as its core, consisting of main service units in the charging operation network, including platforms, facilities and terminals
3.7
operation platform
information service system that undertakes the operation and provision of the back-end charging service function in the charging operation network, consisting of IT infrastructure and application software system
3.8
charging equipment
AC/DC charging equipment and supporting equipment offering the charging service function
3.9
terminal
intelligent application (App) used by electric vehicle users to access to charging service and complete charging service transaction and payment
3.10
charging service certificate
information proof of the occurrence or completion of charging service, including real objects (such as intelligent cards), etc.
4 General requirements for information security of charging facilities
4.1 Information security protection objects and objectives
4.1.1 Protection objects
The information security protection objects of electric vehicle charging facilities are mainly classified into the following two types:
a) Real objects, namely Rref in Figure 1. This type mainly refers to charging equipment, operation platform and mobile intelligent terminal in charging facilities.
b) Interfaces, namely Iref in Figure 1. This type mainly refers to the information exchange interfaces between real objects involved in charging facilities, namely, that between charging equipment and operation platform, that between operation platform and mobile intelligent terminal, that between charging equipment and mobile intelligent terminal, that between charging equipment and electric vehicle, and that between operation platform and other platforms.
See Figure 1 for the specific relationship between information security protection objects of charging facilities.
Figure 1 Relation diagram for information security protection objects of charging facilities
4.1.2 Objectives
Based on the different information security protection objects of charging facilities, the main objectives of security protection are classified into two types:
a) System security objective: protect the physical systems to ensure their safe and reliable operations, prevent them from malicious attacks and ensure the availability of system services. The system security objectives are divided into five key parts, namely, access control, identity authentication, content security, monitoring audit and backup recovery.
b) Interface security objectives: during the information exchange via the interfaces, protect data from leakage, destruction, unauthorized use, etc., during storage, transmission and processing. Interface security objectives are divided into three key parts, namely, confidentiality, integrity and availability.
4.1.3 Overall objectives
Information security protection objects of charging facilities must be defined and meet the requirements of overall security protection objectives. See Table 1 for details.
Table 1 Overall objectives for information security protection objects of charging facilities
Protection objects Protection objectives
System safety objectives Interface security objectives
Rref Operation platform √ √
Rref Charging equipment √ √
Rref Mobile intelligent terminal √ √
Iref Interface between equipment and operation platform √ √
Iref Interface between equipment and mobile intelligent terminal √ √
Iref Interface between equipment and electric vehicle — √
Iref Interface between operation platform and other platforms — √
Note: "—” indicates that it is not involved and "√" indicates that it is involved in this standard.
4.2 Infrastructure and interface
4.2.1 Information infrastructure
The information exchange infrastructure of electric vehicle charging facilities is shown in Figure 2. From the perspective of information infrastructure, information security protection objects include the information service system and the information exchange interface.
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 General requirements for information security of charging facilities
4.1 Information security protection objects and objectives
4.1.1 Protection objects
4.1.2 Objectives
4.1.3 Overall objectives
4.2 Infrastructure and interface
4.2.1 Information infrastructure
4.2.2 Information service system
4.2.3 Information exchange interface
5 Information security technical requirements
5.1 Technical requirements for operation platform
5.1.1 System security protection
5.1.2 Network security protection
5.1.3 Security protection for basic software
5.1.4 Security protection for operation system
5.2 Technical requirements for the charging equipment
5.2.1 Equipment security
5.2.2 Data security
5.2.3 Control security
5.3 Technical requirements for mobile intelligent terminal software
5.3.1 Operation mechanism requirements
5.3.2 Security requirements for applications
5.3.3 Malicious behavior prevention requirements
5.3.4 Other security requirements
5.4 Technical requirements for interface security
5.4.1 Interface between charging equipment and operation platform
5.4.2 Interface between charging equipment and electric vehicle
5.4.3 Interface between operation platforms
5.4.4 Mobile intelligent terminal as the authentication interface
5.4.5 Intelligent card as the authentication interface