Link Search Menu Expand Document
Cybersecurity Research
  1. 6. Coordination
    1. 6.1 Standards Coordination
    2. 6.2 Public Sector Coordination
    3. 6.3 Private Sector Coordination
    4. 6.4 Public-Private Coordination

6. Coordination

In order to address the unique cybersecurity challenges in electric vehicle cybersecurity, coordination and harmonization among stakeholders is essential. Coordination helps to reduce parallel research efforts, define clear roles and responsibilities for various stakeholder groups, and maximize return on investment for the greater research community. The cross-domain nature of electric vehicle cybersecurity, which bridges two critical infrastructure groups, energy and transportation, places an even greater emphasis on inter-organizational and interdisciplinary approaches to information sharing, research and development activities, standards development, and technology transfer than is seen in other large scale cybersecurity programs.

Coordination efforts can be broken into three major categories: public sector coordination, private sector coordination, and public-private coordination. Public sector coordination involves all stakeholders representing a government entity, including federal agencies, international governments, and state or local governments. Private sector coordination involves stakeholders from the electric and automotive industries, including OEMs, trade associations, and standards bodies. Public-private coordination involves the necessary communication between these two groups.

6.1 Standards Coordination

Standards are the basic building blocks for interconnectivity and interoperability. Even voluntary standards make it easier to develop unambiguous requirements. Without standards (even competing ones) there would be no hope of achieving interoperability within the EV environment. Appendix A contains a brief overview of some of the more technical standards found in the EV environment that address EV and charging infrastructure cybersecurity.

6.2 Public Sector Coordination

Public sector coordination involves stakeholders from all levels of government, from state and local governments, to federal agencies, and to international partners. Each of these public sector organizations have a unique role regarding electric vehicle cybersecurity and the communication and coordination between these organizations is essential.

One of the major challenges in public sector coordination is the lack of a centralized hub for communication between public sector stakeholders, such as: DOE, National Labs, NIST, DOT (i.e. NHTSA, FHWA, FMCSA and the Volpe Center), DHS (Cybersecurity Division), OSTP’s National Science and Technology Council (NSTC), and DoD. This lack of coordination results in confusion about stakeholders roles and responsibilities regarding cybersecurity for electric vehicles and the infrastructure on which they depend. Coordination requires dedicated understanding of the complex challenges underpinning electric vehicle cybersecurity and the response effort to those challenges.

It may be beneficial to develop a joint task force across relevant agencies to help support public sector coordination. A coordinating body could help align strategic objectives through:

  • Defining, prioritizing, and funding key research gaps in electric vehicle and infrastructure cybersecurity

  • Establishing and disseminating industry best practices and standards

  • Addressing and defining regulatory and enforcement concerns

6.3 Private Sector Coordination

Private sector coordination involves stakeholders from the electric and automotive industries. Both are mature industries with complex supply chains. Currently, each industry has its own set of industry standards bodies, such as IEEE for electricity and SAE for automotive.

In the automotive domain, original equipment manufacturers (OEMs) integrate components manufactured by Tier 1 suppliers. The OEM then sells the vehicle on the primary market to the primary consumer, which may be an individual or a company with a fleet. After a period of time, the vehicles can be resold on the secondary market, generally to individual consumers. Once a vehicle is sold, there is an entire industry dedicated to aftermarket enhancements, such as up-fits and fleet management technology.

Another challenge in the private sector is that there are a number of nascent businesses which are developing, installing, and maintaining EVSE. Since the EVSE segment of the electric industry is relatively new, they have a limited amount of resources to dedicate to solving EVSE cybersecurity concerns individually. EVSE providers can address this concern by working with existing trade associations, like NEMA, which can leverage resources from its members to establish industry best practices for cybersecurity.

6.4 Public-Private Coordination

Public-private coordination is necessary in order to address electric vehicle and infrastructure cybersecurity concerns both nationally and internationally. Agreeing upon and setting international standards is frequently a time consuming and difficult task. One of the greatest challenges is determining which organizations and government agencies should be a part of the standards making process.

In addition to working together to set standards, government and industry in the automotive and electricity sectors have established their own Information Sharing and Analysis Centers, which are organizations dedicated to sharing and analyzing threat intelligence and vulnerability information with their stakeholders in a timely manner. Below is information on both ISACs:

  • Automotive ISAC24 - The Automotive Information Sharing and Analysis Center (Auto-ISAC) is a non-profit information sharing organization that provides a trusted environment and platform for automotive manufacturers and suppliers to collaborate on cybersecurity. Founded by a global group of automakers in 2015, the Auto-ISAC is the central hub for industry-wide sharing of cyber threats, vulnerabilities, and best practices related to the connected vehicle. Members embrace a working together model, engaging across the community with automotive strategic partners, trade associations, researchers and universities, and government. Membership is open to light and heavy-duty automotive manufacturers, suppliers, carriers, and fleet operators.

  • Electricity ISAC25 - The E-ISAC establishes situational awareness, incident management, coordination, and communication capabilities within the electricity sector through timely, reliable, and secure information exchange. The E-ISAC, in collaboration with the Department of Energy and the Electricity Subsector Coordinating Council (ESCC), serves as the primary security communications channel for the electricity sector and enhances the sector’s ability to prepare for, and respond to cyber and physical threats, vulnerabilities and incidents.

One way to close the communications gap between these industries is to leverage organizations which are common to both industries, such as the ISACs, trade associations, and standards bodies. Formal communications between these entities improve response and coordination during a cyber incident and could also help each industry stay aware of cross-sector threats.

24 www.automotiveisac.com

25 www.eisac.com