As I was just watching the webinar about the new EVCS with embedded Ethernet port, the topic about securing access to it came up.
Anybody who could physically access or open the EVCS could get access to the network cable, connect a laptop to it and thus access the full internal network.
The classical (old) approach to securing a network (wired or wifi) is to add a MAC address whitelist. But as the device MAC address is typically printed on a sticker on the device, this would make the entire whitelist approach moot.
In Corporate environments (and starting in domestic networks these days as well), the approach is to use 802.1x network authentication.
This can either be a username & password up to a certificate (supplicant) being installed on the client device in order to authenticate to the network.
These supplicants already exist for Linux.
In a perfect world, a User Interface on VRM and/or API would exist where username/password/certificate can be uploaded and then pushed to the relevant device (GX or EVCS for example).
IMNSHO it would be an advantage for Victron if this feature could be added to the roadmap.