1 / 8

Overview on the activities of the UN Task Force on Cyber Security and Over-the-air Issues

Overview on the activities of the UN Task Force on Cyber Security and Over-the-air Issues. Overview. Task Force – Cyber Security, Data Protection and Over-the-Air issues Start of activity: 21 December 2016 (kickoff meeting at UK DfT , London) Co-Chair: Mr. Darren Handley (UK/ DfT )

mpowers
Download Presentation

Overview on the activities of the UN Task Force on Cyber Security and Over-the-air Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Overview on the activities of the UN Task Force on Cyber Security and Over-the-air Issues

  2. Overview Task Force – Cyber Security, Data Protection and Over-the-Air issues Start of activity: 21 December 2016 (kickoff meeting at UK DfT, London) Co-Chair: Mr. Darren Handley (UK/DfT) Mr. Tetsuya Niikuni (Japan/NTSEL) Secretary: Mr. Jens Schenkenberger (OICA/Hyundai) Participants: Contracting Parties (AU, BE, CN, EC, EG*, FR, DE, JP, KR, NL, NO, RU*, ES, SE, CH, UK, US) NGO (ITU, FIA, CITA, IRU*, ISO, SAE, OICA, CLEPA) Participation: Type approval and cyber security experts approx. 30-40 people per meeting * No active participation yet

  3. Structure of the Recommendation on Cyber Security „Cyber Security Guidance“ Sets out what good cyber security looks like through 10 principles Describes a range of threats that should be considered in the design of a vehicle Describes possible controls that could be used to mitigate risks „Cyber Security Regulation“ Requires Manufacturers to have a „cyber security management system“ • Needs to show processes cover all phases of a vehicle life until scrappage • Processes required cover: organisational set up; risk management processes; design processes; verification processes; monitoring; response • Needs to show processes for managing suppliers • Approval of vehicle type for cyber security • Vehicle architecture and connectivity needs to be described • Approval given based on audit of risk assessement, controls implemented to reduce risks and evidence provided to show the effectiveness of the controls

  4. Structure of the Recommendation on SoftwareUpdate Processes Software update guidance“ Guidance on processes and procedures for national administrations to approve post-production software updates, based on processes for „in production“ software updates Guidance on what processes, tests and documentations might be expected in order to approve post-production software updates „Software update processes Regulation“ Requires manufacturers to have a „software update management systems“ Configuration management and quality control processes at manufacturer Processes for ensuring updates are executed safely and will not affect the safety or type approvals of vehicles Processes for informing users of updates Approval of software update mechanisms for vehicles Software updates can be delivered safely and securely It is possible to identify the status of the software on the vehicle Requirements for being allowed to deliver over the air updates

  5. Next step – testing the regulation • Aim of the „test phase“ • => Provide guidance on how to assess the regulatory requirements and documentation required • => Verify the effectiveness/robustness of the Regulation(s) • => Verify that approval authorities/technical services are able to reach the same conclusions based on identical OEM documentation Aim is to assure the Regulation(s) and not to test the products!

  6. Overview • Outputs of the „test phase“ • => Interpretation guideline • => If necessary, proposals for clarifying the Regulations • => Report of the test phase to cover:- conclusions on the effectiveness /robustness of the Regulation(s)- verification that Approval authorities/ Technical Services are able to reach the same conclusions

  7. Proposed timeline for the test phase GRVA-03Geneva Feb.2019 18 Jan.2019 May/June2019 Feb.2019 Jun/Jul2019 Aug2019 TFCS Web meeting TFCS-15 TFCS-16TBC TFCS Web meeting TFCS-14Paris GRVA-02Geneva 24-27 Sep.2019 Identification of participants(latest feedback) Final Evaluation Start Preparation Phase Start Assessment Phase Coordination Meeting 2 Coordination Meeting 1 28 Jan. - 01 Feb. 2019 March 2019 04-05 Dec. 2018 June2019 July2019 Sept. 2019 Preparation Phase Assessment Phase Reg. amendments Prep Report on TP Prep Final Interpret Doc V1.0

  8. For more information • UNECE wiki page for the task force is: • https://wiki.unece.org/pages/viewpage.action?pageId=60362218 • Draft regulations are: • GRVA-01-xx (UN TF-CS_OTA) Final Draft Recommendation on Cyber Security incl. Annex A-D • GRVA-01-xx (UN TF-CS_OTA) Final Draft Recommendation on Software Updates incl. Annex A-B.docx

More Related