Working Party on Automated and Connected Vehicles | Session 7 | 21-25 Sep 2020
Web conference
Agenda Item 5. (a)
Cyber security and data protection

25. The expert from Japan, Co-Chair of the IWG on Cyber Security and Over-The-Air Software Updates (CS/OTA), reported on the activities of the group (GRVA-07-49) and introduced GRVA-07-04-Rev.1. GRVA discussed the need to adopt this document before the entry into force of UN Regulation No. [155] (Cyber Security and Cyber Security Management Systems). GRVA agreed that the Regulation stands on its own but also that cyber security was a rather new matter for some members of the community, who could immediately benefit from the documents.

26. GRVA endorsed GRVA-07-04-Rev.1, proposing guidance on how to interpret UN Regulation No. [155] and recommended it for endorsement by WP.29 at its November 2020 session, on the basis of an informal document.

27. The expert from the Russian Federation presented GRVA-07-08, proposing a clarification of para. 5.3.5. of UN Regulation No. [155]. The expert from Japan explained that the proposed clarification should be carefully reviewed as it could lead to restrictions to the rights of Contracting Parties according to the 1958 Agreement. The author agreed and mentioned that ECE/TRANS/WP.29/2020/97 already provided some clarifications.

28. The expert from the Netherlands, Chair of the IWG on Database for Exchange of Type Approval documentation (DETA), introduced GRVA-07-25 (aimed at clarifying DETA related provisions in ECE/TRANS/WP.29/2020/94). GRVA endorsed it, in principle, as a draft guidance for the Authorities on the way to use DETA, hosted by Germany, in line with the relevant provisions in UN Regulation No. [155]. GRVA noted that the document would be finalized prior to WP.29 in November 2020, so that it can be adopted together with the document above.

29. GRVA requested the secretariat to provide a specific place on its website for all cyber security and software updates related documents.

30. The expert from FIA presented GRVA-07-41, referring to WP.29-181-10 and proposing to insert in UN Regulation No. 155 the Protection Profiles that they developed in cooperation with TüVIT. The expert from OICA responded to the proposal (GRVA-07-36). The expert from FIA agreed to respond to the challenges raised by the expert from OICA. The expert from the Russian Federation asked for more details about the Protection Profiles in practice. The expert from CEN recalled his submission of WP.29-179-27 provided for information to WP.29. The expert from China inquired about the nature of the Protection Profile, if it was a guidance or regulatory requirements. The expert from FIA responded that Protection Profiles are a methodology. GRVA invited the stakeholders to continue discussion at the IWG level. The expert from the Netherlands agreed to support this discussion.

31. The expert from UK, Co-Chair of the R116Key IWG, reported on activities related to the request from GRSG, concerning the cyber security of virtual keys. GRVA stated that UN Regulation No. [155] (Annex 5, Part 4) covered the cyber security of virtual keys, as currently being defined by GRSG.

Documentation
GRVA-07-04/Rev.1 UN R155: Proposal for a cybersecurity regulation Interpretation Document
GRVA-07-08 UN R155: Proposal for a Supplement (Russia)
GRVA-07-25 UN R155: Guidelines on the use of DETA
GRVA-07-36 Cybersecurity: Comments on WP.29-181-10 (OICA)
GRVA-07-41 Protection profile for automated and connected vehicles (FIA Foundation)
GRVA-07-49 Status report of the Cyber Security and Software Updates informal working group
GRVA-07-76 GRVA: List of decisions taken during the 7th (September 2020) session under the silence procedure