Contact

DKE  German Commission for Electrical, Electronic & Information Technologies of DIN and VDE
Stresemannallee 15
60596 Frankfurt am Main
Germany

Phone: +49 69 6308-0
Fax: +49 69 6308-9863
E-Mail: dke@vde.com

Schloss vor Datenverkehr zum Symbolisieren von IT-Sicherheit
Sergey Nivens / Fotolia
2018-05-17 page 117 0 TOP

IT-Security

Information security, as a process, applies to the entire lifetime of systems or system components. The DKE, too, takes an interdisciplinary approach to this topic. The main objective is to treat information security as an innovation-related topic and to address it in the relevant areas.

Icon bitte beachten

What is the aim of IT security standards?

Icon bitte beachten

Industry, energy, transport, the private sector: the different infrastructures are all converging. And the enabler of this revolutionary development is information technology. But the wide range of communication interfaces between the different systems is giving rise to a whole series of information security and data protection threats. Many of the existing solutions are currently proprietary and lack interoperability. There is a clearly recognizable need for standards. More than almost any other instrument, standardization supports the promotion of targeted current network effects to be promoted and raises the general level of security for the benefit of all. IT security standards ensure the necessary harmonization of requirements and implementation variants so that systems can interact reliably with one another and ultimately also be coordinated across different sectors. The aim is to increase the general level of security in information technology systems and networks, both within and across companies, and to promote the development of forward-looking technologies.

Contact

Andreas Harner
Icon Zahnrad

What is the focus of IT security standards?

Icon Zahnrad

Standards have become an integral part of IT security and are now absolutely indispensable due to the interlinking of data, man and machines. The Internet of Things is currently all-pervasive: here, all technologies and devices must be capable of generating, processing and distributing information. All this must be done in strict compliance with data protection requirements and while ensuring that personal rights are protected. Standards provide this protection. Security standards thus create the basis for data security and data protection in the smart grid. They ensure a dedicated level of security at the technical, organizational and process-related level. This is of great importance in electric vehicles, for example, since their communication generates vast amounts of data streams in the smart grid. The same applies to the information streams in the smart home, in which all devices are networked and communicate with each other. The increased complexity of the overall system has led to greater vulnerability. The growing levels of cybercrime, for instance, have therefore rendered the great importance of IT security indisputable. Secure identities are the starting point in the security chain that protects the data streams at the hardware, software and process level. Standards ensure that each machine, each piece of hardware, has its own unique identity which also meets the privacy protection requirements. Only thus can Industry 4.0, the smart home or smart traffic work. Because once an attacker succeeds in illegally assuming an identity, all the protective measures based on that identity – such as access protection – are rendered useless. To ensure that the sheer number of security solutions does not compromise system usability, the standards also ensure that the IT security measures protect technologies and users from risks while leaving the IT systems themselves user-friendly.

Go deeper into the topic:

IT security in electromobility

Icon bitte beachten

What is the aim of IT security for electromobility standards?

Icon bitte beachten

In the future, electric vehicles will communicate extensively with their environment. In the charging and billing process in particular, energy will be transferred but so, too, will significant amounts of data. Ensuring adequate IT security is of great importance: on the one hand, acceptable levels of data protection must be ensured for personal data that is collected, processed and communicated between the parties involved in the charging and billing process. On the other hand, a large number of electric vehicles must in future also be viewed as an integral part of the critical "energy" infrastructure. "Energy" is a central critical infrastructure which, in the event of a failure or disruption, has an extreme and direct impact on the other critical infrastructures and thus on the state, economy and society. If the charging infrastructure, involving large numbers of connected electric vehicles, is compromised, synchronous load shedding or consumption can have a devastating effect on the power grid.
The challenge is to enable interaction between the "automotive" and "power supply" industries involved. Only in this way can appropriate IT security levels be achieved and implemented. The aim of IT security standards for electromobility is thus to ensure cross-sector communication and to accord IT security the level of importance necessary for giving a decisive boost to electromobility and the digitalization of the energy transition. Only if standardized IT security can render electromobility sustainable and a safe investment can it establish itself permanently and make a positive contribution to Germany as an industrial location and export nation.

Contact

Christian Seipel
Icon Zahnrad

What is the focus of IT security standards for electromobility?

Icon Zahnrad

International standardization has already succeeded in creating a basis for the exchange of information between electric vehicles and the charging infrastructure in the current version of the ISO 15118 standard. To protect communication, the standard recommends the use of a PKI (Public Key Infrastructure), but does not specify how it should be implemented. The DKE has created a pre-standard document that fills this particular gap. The VDE application guide VDE-AR-E 2802-100-1 "Certificate handling for electric vehicles, charging infrastructure and backend systems in the context of the use of ISO 15118" describes how a PKI should be implemented. It contains requirements for operating a PKI, such as the provision, installation and withdrawal of certificates, as well as for roles that are necessary for implementing a PKI. The VDE application guide thus supports use of the "plug & charge" principle contained in ISO 15118 and ensures communication between all the relevant parties.
Communication between the electric vehicle and charging infrastructure is of decisive importance, but so, too, is that between the charging infrastructure (with connected backend and billing systems) and the supply grid. Communication has not yet been standardized in this area. German experts were responsible for initiating the IEC 63110 "Protocol for the operation of charging and discharging infrastructure for electric vehicles" series of standards. This is an international project aimed at defining a standardized protocol and communication interface for the operation of charging infrastructure.
DKE experts are also involved in the development of the IEC 63119 "Information exchange for electric vehicle roaming charging services" series of standards. This roaming process lays down how authorization, user and billing data must be exchanged between the various charging service providers. This allows drivers to use many different charging networks and value-added services, despite being contractually bound to only one provider.
The principle of "security by design" is applied in all projects, i.e. IT security is incorporated in the system approaches from the outset. Ultimately, the aim is for standardization to assist the transfer of the developed technologies to market in order to secure the long term market position of relevant users and companies in the national, European and international context.