Undoubtedly, Industry 4.0 in the energy sector improves the conditions for automation, generation and distribution of energy, increasing the rate of electric vehicle manufacturing in recent years. As a result, more grid-connected charging infrastructures are being installed, whose charging stations (CSs) can follow standardized architectures, such as the one proposed by the open charge point protocol (OCPP). The most recent version of this protocol is v.2.0.1, which includes new security measures at device and communication level to cover those security issues identified in previous versions. Therefore, this paper analyzes OCPP-v2.0.1 to determine whether the new functions may still be susceptible to specific cyber and physical threats, and especially when CSs may be connected to microgrids. To formalize the study, we first adapted the well-known threat analysis methodology, STRIDE, to identify and classify threats in terms of control and energy, and subsequently we combine it with DREAD for risk assessment. The analyses indicate that, although OCPP-v2.0.1 has evolved, potential security risks still remain, requiring greater protection in the future.

毫无疑问，能源领域的工业 4.0 改善了能源的自动化、生产和分配条件，近年来提高了电动汽车制造率。因此，正在安装更多并网充电基础设施，其充电站 (CS) 可以遵循标准化架构，例如开放式充电点协议 (OCPP) 提出的架构。该协议的最新版本是 v.2.0.1，其中包括设备和通信级别的新安全措施，以涵盖以前版本中发现的那些安全问题。因此，本文分析了 OCPP-v2.0.1 以确定新功能是否仍然容易受到特定的网络和物理威胁，尤其是当 CS 可能连接到微电网时。为了使研究正式化，我们首先采用了著名的威胁分析方法 STRIDE，从控制和能量方面对威胁进行识别和分类，随后我们将其与 DREAD 结合起来进行风险评估。分析表明，虽然OCPP-v2.0.1已经进化，但潜在的安全风险仍然存在，未来需要加强保护。