Autonomous Vehicles Standardization & Cybersecurity Challenges
Technical standards play a crucial role in ensuring product safety and compliance in the field of autonomous vehicles, facing challenges such as increased connectivity and unpredictability. Certification processes, terminology, and the involvement of various stakeholders are essential aspects discussed in the context of cybersecurity risks. The need for international standards and new testing methods is highlighted in the fast-evolving landscape of autonomous transportation.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Autonomous vehicles, standardization & cybersecurity VERONIKA OLNER KOV INSTITUTE OF STATE AND LAW, CZECH ACADEMY OF SCIENCES
Technical Standards & Product Safety Part of preventive liability concept Way of ensuring product safety Directive 2001/95/EC of the European Parliament and of the Council of 3 December 2001 on general product safety Specific product safety rules: dangerous goods, vulnerability of consumers, need for compatibility Involvement of all parties manufacturers, distributors, users, law-makers Challenges by autonomous vehicles: increased connectivity, unpredictability, software carries out actions independently
Terminology Technical standards description of a product from a technical perspective, construction, materials and other criteria Certification when a product needs prior certification before it can be available on the market mandatory standards Homologation/Confirmation Assesment Confirmation of compliance with certification through testing Motor and aerial vehicles each vehicle/product is regularly tested to verify, that is complies with its certification through its lifecycle Example: Once a car does not comply, you must not use it anymore
Technical Standards Although normative, do not have legal nature Recommendation for manufacturers, best practice Can be binding, if referenced in law often published as a delegated act Involvement of all parties manufacturers, distributors, users, law-makers Adopted by specialized authorities, also private bodies (IASB, IEC, ISO, ETSI), Regional, national, international, NIST(USA), CEN, CENELEC (EU) Economic globalisation leads to the demand of international standards However: lack of standards for SF, new methods of testing compliance / homologation are needed
Autopilot in Planes - Differences Technical standards in the field of avionics - DO-178B, Software Considerations in Airborne Systems and Equipment Certification Software in autonomous vehicles has different challenges Pedestrian crossings, objects in the road, other vehicles Changing traffic conditions Piloted by a citizen, consumer, not by a professional Multitude of sensors radar, lidar, camera MARTIN, James, et al. Certification for autonomous vehicles. Automotive Cyber-physical Systems course paper, University of North Carolina, Chapel Hill, NC, USA, 2015.
UNECE standard no. 79 Standard of United Nations Economics Commission for Europe ( UNECE ) no. 79, the agreement concerning the adoption of uniform technical prescriptions for wheeled vehicles, equipment and parts which can be fitted to and/or be used on wheeled vehicles and the conditions for reciprocal recognition of approvals granted on the basis of these prescriptions. Exclusion of autonomous steering systems (Art. 2.3.3) All vehicles in states under 1968 Vienna Convention on Road Traffic must comply with this standard 78 parties Sets rules for homologation of vehicles and their parts Development: Vienna Convention amended Resolution on the Deployment of Fully and Highly Autonomous Vehicles in Road Trrafic
Development in 2021 World Forum for Harmonization of Vehicle Regulations WP.29 Adopted amendments to UN Regulations Nos. 79, 90, 152 and 157 Amendments to Vienna Convention under consultation Related standards entered into force in 2021 UN Regulation No. 155 on Cyber Security and Cyber Security Management Systems UN Regulation No. 156 on Software Updates and Software Updates Management Systems UN Regulation No. 157 on the type approval of Automated Lane Keeping Systems (ALKS)
The content of new UNECE standards Managing vehicle cyber risks; Securing vehicles by design to mitigate risks along the value chain; Detecting and responding to security incidents across vehicle fleet; Providing safe and secure software updates and ensuring vehicle safety is not compromised, introducing a legal basis for so-called Over-the-Air (O.T.A.) updates to on-board vehicle software. Regulation texts: https://unece.org/sustainable-development/press/un- regulations-cybersecurity-and-software-updates-pave-way-mass-roll
Cybersecurity and AI Role of Cybersecurity Legislation in regulating AI Cybersecurity a system containing various aspects securing security part of information security package NIS Directive, Cybersecurity Act, GDPR, Proposal for AI Act Technical standardisation one of the means how to ensure security on the basis of the Cybersecurity Act sets a certification framework for products Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (Text with EEA relevance)
AI ACT from April 2021 Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL LAYING DOWN HARMONISED RULES ON ARTIFICIAL INTELLIGENCE (ARTIFICIAL INTELLIGENCE ACT) AND AMENDING CERTAIN UNION LEGISLATIVE ACTS Proposal for a Regulation laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) April 2021 Focus on High-Risk AI Devices Regulates safety components of regulated products (sectorial legislation applies medical devices, machinery, toys ) and stand-alone AI systems defines general areas, use cases will be updated (biometrics, critical infrastructure, education, employment ) Risk-management system, traceability, Classification of Risk Requrirements for AI do they ensure the SECURITY OF AI?
AI ACT and Cybersecurity standards Article 15 - Accuracy, robustness and cybersecurity Article 42 Presumption of conformity with certain requirements High-risk AI systems that have been certified or for which a statement of conformity has been issued under a cybersecurity scheme pursuant to Regulation (EU) 2019/881 of the European Parliament and of the Council (Cybersecurity Act) Two issues No specific rules for applying Cybersecurity standards is set, no specific scheme is attached to this requirement Autonomous vehicles are not regulated by the AI Act
What do we need? What is the correct performance of AI? We need a system that can periodically test the abilities of the car s software, confirm that its abilities to perform critical driving functions are intact and that it is still compatible with other units (for example by installing issued updates) Testing during the whole lifecycle this is required also by the cybersecurity regulation and other specific legislations (f.e. medical devices) A vigilance system Standardisation as a preventive measure and also as means to create tools to explain actions of AI allows subsequent analysis of the conduct of AI Bodies that are able to certify and assess conformity of such products
Thank you for your attention! The Oatmeal
