UN Informal Working Group Activities on Cyber Security & Software Update

UN Informal Working Group focuses on Cyber Security and Over-the-Air Issues since December 2016. Their activities cover cyber security regulation for manufacturers, software update processes, and recommendation structures. The group emphasizes managing risks, designing secure processes, and ensuring safe software updates for vehicles.

• Cyber Security
• Software Update
• UN Informal Working Group
• Vehicle Security
• Regulation

rec_go Follow

Uploaded on Feb 15, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Overview on the activities of the UN Informal Working Group on Cyber Security and Over-the-air Issues 1

2. Overview Informal Working Group Cyber Security and Software Update/Over-the-Air issues Start of activity: 21 December 2016 (kickoff meeting at UK DfT, London) Co-Chair: Ms. Mary Versailles (US/NHTSA) Mr. Tetsuya Niikuni (Japan/NTSEL) Mr. Darren Handley (UK/DfT) Secretary: Mr. Jens Schenkenberger (OICA/Hyundai) Participants: US and other CPs) NGO (ITU, FIA, CITA, IRU*, ISO, SAE, OICA, CLEPA) Contracting Parties (EC, FR, DE, JP, KR, NL, UK, Participation: Type approval and cyber security experts approx. 30-40 people per meeting 2 * No active participation yet

3. Deriverables on Cyber Security Cyber Security Regulation Requires Manufacturers to have a cyber security management system Needs to show processes cover all phases of a vehicle lifecycle Processes required cover: organisational set up; risk management processes; design processes; verification processes; monitoring; response Needs to show processes for managing suppliers Approval of vehicle type for cyber security Vehicle architecture and connectivity needs to be described Approval given based on audit of risk assessement, controls implemented to reduce risks and evidence provided to show the effectiveness of the controls Refernece:E/ECE/TRANS/505/Rev.3/Add.154, UN Regulation No.155 - Cyber security and cyber security management system "Interpretaion document Guidance for the interpretation of requirements in UN R155 Example of evidence to comply with the requirements Refernece:WP.29-182-05 (GRVA) 3

4. Structure of the Recommendation on Software Update Processes Software update processes Regulation Requires manufacturers to have a software update management systems Configuration management and quality control processes at manufacturer Processes for ensuring updates are executed safely and will not affect the safety or type approvals of vehicles Processes for informing users of updates Approval of software update mechanisms for vehicles Software updates can be delivered safely and securely It is possible to identify the status of the software on the vehicle Requirements for being allowed to deliver over the air updates Refernece: E/ECE/TRANS/505/Rev.3/Add.155 - UN Regulation No. 156 - Software update and software update management system Software update guidance Guidance for the interpretation of requirements in UN R156 Example of evidence to comply with the requirements Refernece:WP.29-182-06 (GRVA) 4

5. Current activity Development of technical requirement for 98 agreement mumber states The group is developing guidance for Contracting Parties to the 1998 Agreement that they may use when formulating national legislation on cyber security for automotive vehicles and/or legislation regarding software updates and the processes for updating vehicle s software. The aim of the guidance is to enable a harmonized approach to the adoption of such legislation for contracting parties to both the 1998 and 1958 Geneva Conventions. 5

6. Next step Development of technical requirement for 98 agreement mumber states This approach is suggested as it should enable contracting parties to the 1998 Agreement to formulate national regulation/legislation that is equivalent to UN Regulations Nos. 155 and 156, permitting a harmonised approach. The guidance lists technical requirements for the vehicle and technical requirements for management systems. The technical requirements for the management systems list requirements that are external to the vehicle but need to be in place to effectively manage the cyber security of a vehicle over its lifecycle and to ensure software updates will be sufficiently appraised and protected before they are sent to a vehicle. 6

7. Timeline for the comming meetings TFCS Web meeting TFCS Web meeting 22 Jan. 2021 Sep. 2021 The mandate defined by the frame work document of GRVA is Nov. 2021. (GRVA-09-31e) 26-27 Jan. 2021 April 2021 UN R155 and R156 came into force GRVA-10 7

8. For more information UNECE wiki page for the IWG is: https://wiki.unece.org/pages/viewpage.action?pageId=40829521 8