Working Party on Automated and Connected Vehicles | Session 14 | 26-30 Sep 2022
Geneva
Agenda Item 5. (a)
Cyber security and data protection

59. The expert from CEMA presented GRVA-14-33, detailing the standardization activities and corresponding timeline of the agricultural vehicle industry regarding cyber security and software updates. He clarified, upon request by the expert from the United States of America, that his delegation would support the establishment of a new working group to deal with this issue.

60. The expert from Italy supported the process and activities presented by CEMA. The expert from Germany agreed to review the document prepared by CEMA. The expert from the United Kingdom of Great Britain and Northern Ireland noted that the deliverables of the IWG on Cyber Security (CS) and Over the Air (OTA) issues were very generic, i.e. risk assessment-based requirements and felt that waiting until the standardization process was completed would be too long. The expert from Canada confirmed that the work of the Group was general enough to encompass agricultural vehicles and explained that he was not convinced that there would be many other requirements that the IWG on CS/OTA should review.

61. GRVA noted that some delegations needed more time to consider the CEMA proposal. GRVA encouraged CEMA to liaise with the IWG on CS/OTA. GRVA agreed to keep GRVA-14-33 and GRVA-14-34 on its agenda for the January 2023 session.

62. The expert from the Japanese National Traffic Safety and Environment Laboratory presented GRVA-14-07, summarizing the outcome of the workshop on Vehicle Cyber Security, organized for the contracting parties of the 1958 and 1998 Agreements by NTSEL and the secretariat, upon request of GRVA (ECE/TRANS/WP.29/GRVA/13, paras. 48-50). GRVA noted the workshop conclusions: (a) the main impact of UN Regulation No. 155 was due to the Threat Analysis and Risk Assessment (TARA) related requirements, (b) Annex 5 should not become the primary focus or the checklist otherwise the consequence could be a less effective impact of the requirements. GRVA welcomed this report. GRVA agreed on the possibility of organizing another workshop for the contracting parties of the 1958 and especially 1998 Agreements, if requested by a contracting party.

63. The expert from the Japanese National Traffic Safety and Environment Laboratory presented GRVA-14-46, reporting on the outcome of workshops on the implementation of UN Regulation No. 155. He recalled the purpose of these workshops, gathering Type Approval Authorities and Technical Services nominated by the contracting parties of the 1958 Agreement. He explained that the outstanding issue discussed by the group was the conditions for acceptance of foreign cyber security management system certificates in the contexts of multi-brand projects and multi-stage type approval. GRVA noted that the workshop activities would come to an end soon and discussed the potential need for similar activities related to UN Regulation No. 156 and software update management systems. GRVA welcomed the report received and noted that the work could result in an amendment proposal to the interpretation document for UN Regulation No. 155 or draft amendments to UN Regulations that could be reviewed by IWG on CS/OTA before submission to GRVA.

64. The expert from SAE International recalled his presentation at the previous session of GRVA. He introduced ECE/TRANS/WP.29/2022/17 and ECE/TRANS/WP.29/2022/18 (GRVA-14-06 provides a version of ECE/TRANS/WP.29/2022/18 with tracked changes), aimed at seeking clarification of the requirements of Annex 5, regarding the authentication of Global Navigation Satellite System (GNSS) messages. The proposals received comments from CLEPA and OICA (GRVA-14-11). GRVA agreed to transmit these four documents listed in this paragraph to IWG on CS/OTA for further discussion.

65. GRVA noted the number of tasks given to the IWG on CS/OTA and noted that the next session of the group was a two-hour virtual meeting. GRVA requested the IWG to provide more time for discussions. GRVA noted that the mandate of the IWG was going to expire in November 2022. GRVA agreed that the mandate of the IWG on CS/OTA could be extended at least for one year. GRVA requested the secretariat to provide information to AC.2 and WP.29 at their November 2022 sessions, that the proposed deliverables of the group would be detailed at the next session.

Documentation
GRVA-14-06 UN R155: Proposal for amendment to the interpretation document (SAE)
GRVA-14-07 UN R155: Summary of Vehicle Cyber Security Workshop with the contracting parties of the 1958 and 1998 Agreements (NTSEL)
GRVA-14-11 UN R155: Comments on document GRVA-14-06 (CLEPA and OICA)
GRVA-14-33 Cyber Security: Agricultural machinery industry roadmap (CEMA)
GRVA-14-34 UN R155 and R156: Roadmap for Category R, S, and T vehicles (CEMA)
GRVA-14-46 UN R155: Questions and Answers/Comments derived from the Workshop on the implementation (NTSEL)
GRVA/2022/17 UN R155: Proposal for a Supplement (SAE)
GRVA/2022/18 UN R155: Proposal for amendments to the interpretation document (SAE)