PPT FG 2019 WP6 (002).pptx - Read-Only
Transcript of PPT FG 2019 WP6 (002).pptx - Read-Only
22/11/2019
1
F. Guichard
UNECE/TRADE/WP.6 29 May 2019Geneva, Room XII
Cyber Security related activities at GRVA
François E. GuichardMechanical Engineer
(Technical) Secretary of the Working Party on Automated/Autonomous and Connected Vehicles (GRVA)
F. Guichard
Content
• Presentation of the UNECE’s World Forum “WP.29” and its “GRVA”
• Cyber security in transport – introduction
• Task Force on Cyber Security and OTA issues
• Standards and Regulations - essential
22/11/2019
2
F. Guichard
Agenda 2030 – Sustainable Development Goals
Our challenges:• Environmental issues• Road safety tragedy• Urban transport• …
F. Guichard
UNECE and vehicle regulationsConventional vehicles
Automated and Connected Vehicles70
22/11/2019
3
F. Guichard
Content
• Presentation of the UNECE’s World Forum “WP.29” and its “GRVA”
• Cyber security in transport – introduction
• Task Force on Cyber Security and OTA issues
• Standards and Regulations - essential
F. Guichard
Cyber security in Transport
• Aviation (ICAO)
– ICAO Assembly Resolution A39-19
– Declaration on cybersecurity in civil aviation (Dubai, UAE, April 2017)
– ICAO Cyber Security and Resilience Symposium (Oct. 2109)
Including a number of recommendations at state level
• Maritime (IMO)
– Guidelines on maritime cyber risk management (MSC-Fal.1/Circ.3)
The resolution encourages administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code) no later than the first annual verification of the company's Document of Compliance after 1 January 2021.
– Reference to voluntary guidelines, ISO/IEC 27001 and the NIST Framework
22/11/2019
4
F. Guichard
Cybersecurity – wake up call
F. Guichard
Technical progress and new behaviors
@Tesla @Chevy Bolt
OTA updates
22/11/2019
5
F. Guichard
Technical progress and … new behaviors
@Volvo @Faurecia
F. Guichard
Cyber security and automotive• Adoption of a Guideline on cyber security and data protection
United Nations (UNECE) Guideline on Cyber Security and Data Protection adopted in 2016
The guideline includes requirements regarding:
• Security (by design)
• Privacy (by design and by default)
• Secure software updates
• Integrity of internal communication as well as online services
It also states (among others) :
• The system shall be accessible for verifying the measures implemented by automotive manufacturers, component/system suppliers and service providers to ensure cybersecurity and data protection by independent authorised audit
• The protection of connected vehicles [...] requires verifiable security measures according security standards (e.g. ISO 27000 series, ISO/IEC 15408)
• Establishment of the Task Force on Cyber Security and OTA issues in 2016
22/11/2019
6
F. Guichard
Content
• Presentation of the UNECE’s World Forum “WP.29” and its “GRVA”
• Cyber security in transport – introduction
• Task Force on Cyber Security and OTA issues
• Standards and Regulations
F. Guichard
Task Force on Cyber Security and OTA issues
Chairpersons Cyber security
CSMS approval
Cyber security approval
(OTA) Software updates
SUMS approval
SU approval
SI requirements
Work
First drafts
Testing Phase
Fine tuning
Focus on the following key safety elements:• Cyber security• Software Updates
Ambition:Completion in February 2020
NTSEL DfT NHTSA
22/11/2019
7
F. Guichard
Test phase• The first draft regarding cyber security was subject to a test phase.
– The aims of the test phase were to verify the effectiveness/robustness of both proposed Regulation and to verify that approval authorities/technical services are able to assess the information and, if provided the same information, reach the same conclusions
• Countries were invited to test the regulatory text drafted:
– Involved 7 countries (in Europe and Asia)
– Involved 15 vehicle manufacturers (globally)
– One manufacturer was able to work with two technical services to provide for a joint assessment of the same information
• No requirement imposed on countries to select inspectors with a specific profile
Countries involved experts with certified expertise, including both TA and cyber profiles
• Risk management approach is assessed positively.
This can be recommended as in ECE/CTCS/WP.6/2019/9 tabled this week
F. Guichard
Content
• Presentation of the UNECE’s World Forum «WP.29»
• Automation and connectivity innovations
• Some regulatory activities aimed at addressing technological progress
• Standards and Regulations
22/11/2019
8
F. Guichard
Regulation through cooperation with various sectors & SDOs
• Lighting and Light Signalling sector:
– IEC standards: IEC 60061, IEC 60809
Specific UN Regulations on light sources
• Tire sector:
– ISO, ETRTO, JTMA standards
Regulation on tires
Regulation on tire installation
• ICT and Telecom sector:
– eCall
– Cyber Security and OTA
F. Guichard
Cyber security regulations and standardsInitial R&D
Technology Testing Production Type approval
Communi-cation
Field monitoring
Incident management
Software updates
Certification framework
Management Status
UN Regulation on cybersecurity
X O X X X X X Pending
UN Regulation on Software updates
X O X X X Pending
ISO / SAE 21434 (cybersecurity
engineering)
X O O O X O O X Drafting
ISO 24089 (software update
engineering)
X O X O X Drafting
SAE J 3061 (Guidebook for cyber physical
vehicle systems)
X O O O O X Final (01/2019)
IEC 62443 X X X Final(02/2019)
Source: Dr. Markus Tschersich
22/11/2019
9
F. Guichard
Standards to prepare supply chain for compliance
Objectives Regulation Standardization
Ensuring capabilityof the organization
Cyber security management systemCertificate of compliance
VehicleType A
VehicleType B
... VehicleType N
Cyber security performance of the vehicles
Audit of Organization e.g. based on ISO/SAE 21434
Assessment report e.g. based on ISO/SAE 21434
UN Regulation on Cybersecurity
Source: Dr. Markus Tschersich
F. Guichard
THANK YOU VERY MUCHFOR YOUR ATTENTION
UNECE
http://www.unece.org/automated-vehicles