NEVI Section 12 - Physical Security and Cybersecurity

MassDOT will consider physical security measures, such as station design and on-site cameras, to prevent physical threats to the site. Ongoing work out of the Office of the Chief Safety Officer to determine risks associated with EV charging on MassDOT properties has been taking place, and these safety evaluations are transferable to non-DOT-owned and NEVI sites. MassDOT also plans to bring on a consultant to assist in the physical safety aspect of the sites.

The Design Recommendations for Accessible Electric Vehicle Charging Stations from the U.S. Access Board will be utilized to assist in the design and construction of the stations so they are accessible and usable by people with disabilities. 

Comprehensive and proactive cybersecurity measures are essential to give EV drivers the confidence that EVs are a feasible and secure transportation technology, as well as assurances to DCFC operators and owners. Possible cybersecurity threats may include, but are not limited to, viruses or hacking of EVs or DCFCs, service disruptions, and data and privacy breaches. MassDOT acknowledges that threats and risks to EV infrastructure may evolve over time.

Requests for Proposals and contract documents with private or non-profit sector entities who construct, own, operate, and/or maintain DCFC infrastructure will require entities to implement appropriate cybersecurity countermeasures and comply with industry standards. This may include contractual provisions requiring a cybersecurity management plan and regular monitoring, risk assessments, and software updates. Cybersecurity countermeasures include security software and firmware, protocols to handle sensitive data, point of sale security, and secure data transmission protocols. Cybersecurity requirements will also address network preservation to isolate corrupted DCFC infrastructure and limit impacts to the network system.