SecurityEventNotification

Core CS->CSMS OCPP 2.0.1

Sent by the Charging Station to report a security-related event, such as a failed authentication attempt, tamper detection, or firmware signature failure.

Quick Reference

Required Fields

type string(50)

Type of security event (e.g., FirmwareUpdated, FailedToAuthenticateAtCsms, TamperDetected)

timestamp string (date-time)

Timestamp when the security event occurred

Optional Fields

techInfo string(255)

Additional technical information about the event

Example Payload

{
  "type": "FirmwareUpdated",
  "timestamp": "2024-01-15T03:15:00Z",
  "techInfo": "Firmware version v2.1.0 installed successfully"
}

Example Full Frame

[
  2,
  "msg-001",
  "SecurityEventNotification",
  {
    "type": "FirmwareUpdated",
    "timestamp": "2024-01-15T03:15:00Z",
    "techInfo": "Firmware version v2.1.0 installed successfully"
  }
]

Format: [MessageType, MessageId, Action, Payload]

Open in Builder Go to Validator

Overview

SecurityEventNotification is a new first-class feature in OCPP 2.0.1. It lets the Charging Station report security events to the CSMS in real-time, enabling security monitoring and incident response.

When to Send

  • After a firmware update (successful or failed)
  • When a TLS authentication failure occurs
  • When physical tamper detection is triggered
  • When invalid certificates are presented

Common Security Event Types

  • FirmwareUpdated — Firmware was changed
  • FailedToAuthenticateAtCsms — TLS handshake failed
  • TamperDetected — Physical tamper switch triggered
  • InvalidSignatureOnMessage — Message signature validation failed
  • ConnectedToNewNetworkTechnology — Network type changed
  • ResetOrReboot — Unexpected reset detected

Expected Response

Empty response {}.

Usage Notes

  • Critical events (severity 0-3) should trigger immediate CSMS alerts
  • Use GetLog with SecurityLog type to retrieve a historical log of all security events
  • techInfo provides additional context for incident investigation

Testing Tips

  • Verify FirmwareUpdated is sent after each UpdateFirmware operation
  • Simulate a TLS failure and verify FailedToAuthenticateAtCsms is reported

Common Errors

PropertyConstraintViolation

Cause: type exceeds 50 characters

Solution: Keep the security event type under 50 characters

Related Actions

GetLog InstallCertificate UpdateFirmware