Proposal for a Recommendation on Cyber Security
Download in .pdf format Download in .docx format

Proposal from the Task Force on Cyber Security and Over-The-Air Software Update Issues to provide recommendations for the mitigation of risks of unauthorized access to critical automated vehicle software systems, including a proposal for a new UN Regulation.

Reference Number: GRVA/2019/2
Date: 19 November 2018
Proposal Status: Formal GR review
Related Documents:
GRVA-01-17 | Cybersecurity: Draft Recommendation on Cyber Security of the Task Force on Cyber Security and Over-the-air issues
GRVA-02-18 | Proposal for amendments to GRVA/2019/2 and GRVA/2019/3
GRVA-02-37 | Cybersecurity: Comments on document GRVA/2019/2
GRVA-03-14 | Cybersecurity: EC comments on the draft UN Regulation
GRVA-03-16 | Cybersecurity: FIGIEFA responses to the EC on the draft regulation
GRVA-04-25 | Cybersecurity/Software Updates: Proposal to amend GRVA/2019/2 and GRVA/2019/3
GRVA-05-17 | Cybersecurity and Software updates: Proposals for amendments to the draft UN Regulations
TFCS-15-05 | Cybersecurity: Proposal to amend the draft UN Regulation text
TFCS-16-17 | Cybersecurity: Comments on document GRVA/2019/2
TFCS-16-22 | Comments on document TFCS-16-08/Rev.1
TFCS-16-25 | Comments on draft cybersecurity resolution/regulation
WP.29/2017/46 | Proposal for draft guidelines on cyber security and data protection
Discussion(s):
Working Party on Automated and Connected Vehicles | Session 2 | 28 Jan-1 Feb 2019

18. The expert from Japan, Co-Chair of the Task Force on Cyber Security and Over-the-Air Software Updates presented GRVA-02-03, containing a status report of the group’s activities since the previous GRVA session and introducing ECE/TRANS/WP.29/GRVA/2019/2. He mentioned that the group responded in writing to all the questions and comments received on the proposal.

19. The expert from FIA welcomed the proposal produced by the group but mentioned that it did not reflect their position regarding life time requirements.

20. The expert from OICA wondered whether such aspect raised by FIA would belong to the scope of the 1958 Agreement. The secretariat answered that some precedents could help answering this question e.g. UN Regulation No. 49 (including conformity of in-service vehicles/engines provisions), UN Regulation No. 59 (Replacement (retrofit) silencing systems), UN Regulation No. 83 (including durability requirements and “in use” requirements), UN Regulation No. 90 (Replacement braking parts) and UN Regulation No. 133 (Recyclability of motor vehicles). He stated that he was not aware of any provision of the Agreement that would limit the activities under this Agreement only to the performance of new vehicles. The expert from OICA, Secretary of the Task Force agreed to submit in written an informal document highlighting the difficulty faced by the group with this aspect. He presented, on the last day of the second GRVA session, GRVA-02-46 that described the issue of post-production, understood as the product lifetime starting after the production is definitely discontinued.

21. The expert from Germany and the Netherlands stated that the document should address the three following phases: system/vehicle development, production and post-production.

22. The expert from Japan supported the proposal ECE/TRANS/WP.29/GRVA/2019/2 and stated the need to adopt this document during this session, since the new UN Regulation proposed in the document was one of the important and needed Regulations for the improvement of vehicle safety.

23. The expert from EC provided comments on the proposal (GRVA-02-37).

24. The expert from IMMA presented GRVA-02-18, proposing to exclude vehicles of category L from the scope of the document.

25. The expert from Japan, Co-Chair of the Task Force, responding to the advice received from the previous session of GRVA, reported on its proposal for a test phase to assure the draft produced. He presented the aim and the desired output of this activity.

26. GRVA agreed to keep the documents under this agenda item for continued review at next GRVA session. GRVA invited the Task Force to address the comments received and to proceed with the test phase. GRVA noted the need to make further progress on this item and requested the secretariat to explore the possibility to organize a special session of GRVA in May or June 2019.

24. The expert from the United Kingdom, Co-Chair of the Task Force on Cyber Security and Over-The-Air software updates (TF CS/OTA) reported (GRVA-03-02) on the work of the group (recommendations, a draft regulatory text with provisions for the approval of a manufacturer Cyber Security Management System and provisions for the approval of a vehicle with regards to cyber security), including the ongoing testing activities. He clarified that the outcome of the work did not aim at specifying technical solutions, preventing all kind of cyber security events to happen, securing systems outside of the vehicles (e.g. pendrives), specifying durability requirements, listing all risks and corresponding mitigation solutions, but rather a systems-based approach to security management.

25. He explained that the current testing phase was aimed at checking the robustness of the proposal. He noted that manufacturer involvement represented seventy per cent of the global sales. The expert from AVERE confirmed that North American manufacturers were involved in the testing phase. The output could result in the production of interpretation guidelines if necessary.

26. He answered to the questions raised by the GRVA experts. He confirmed that the work was involving Contracting Parties using the regime of self-certification, but that no Country had indicated their intention to become a sponsor in the sense of the 1998 Agreement.

27. The expert from the European Commission requested clarifications about the purpose of the non-regulatory text in ECE/TRANS/WP.29/GRVA/2019/2. He noted the importance to define pass/fail criteria (also for audits) in the context of mutual recognition of type approvals. He expressed the need to consider covering hardware updated in this context. He stated that cyber security impacts privacy protection and mentioned other regulations in other jurisdictions that could complement or impact the ongoing work, such as the European General Data Protection Regulation (GDPR).

28. The expert from France proposed to revisit the definition of a type in the regulatory draft. He proposed to consider the vehicle architecture as one discriminatory feature.

29. The expert from Germany expressed support to the test phase work and expressed the need to consider lifetime provisions.

30. The expert from CLEPA explained that their industry would have a role to play to support cyber security and asked that GRVA consider provisions that would address their role.

31. The expert from Sweden noted the proposal on slide 16 of GRVA-03-02 “UNECE may decide to develop a harmonized framework on [the post production and vehicle support by the manufacturer] topic” and proposed to reflect on this point.

32. The expert from Spain expressed concern with the lack of guarantee over the whole life cycle and proposed to look at practices of other industry sectors to explore best practices. She also noted that these activities were linked with the activities of existing cyber security authorities and that frameworks were already existing. She stated that the outcome of the test phase should result into amendments instead of interpretation documents.

33. The expert from ITU stated that basic requirements should be built in the communication side and that support provisions could be linked to the life of the communication system (He mentioned as an example the Global System for Mobile Communications (GSM) protocol shutdown).

34. The expert from FIGIEFA introduced GRVA-03-16 proposing amendments to ECE/TRAN/WP29/GRVA/2019/2. She mentioned the importance for the after sales sector to take into consideration their needs when drafting provisions. She proposed that Approval Authorities should, as neutral entities, determine independently from manufacturers the companies that are authorized parties. She proposed that the Regulation specifies that the manufacturers shall share with authorized parties: data, function calls and resources inside of the vehicle to allow third parties to provide services to maintain safety and security of vehicles during their lifetime. She also proposed to replace throughout the proposal “life cycle” by “life time”.

35. The expert from the United Kingdom, Co-Chair of the Task Force, explained that the Contracting Parties were able to nominate Approval Authorities according to their competencies (1958 Agreement, Article 2, para.2). He explained that the group did not reach consensus on the post production and support duration issue and that in that case existing national regulations would apply. He confirmed that the work of the group did not conflict with other regulations such as the European GDPR. He also confirmed that the group did not discuss in detail the level of access required in GRVA-03-16.

36. The expert from France stated that the Regulation should not freeze the market for repair and maintenance. But he also expressed concerns with safety and cyber security risks posed by automotive product modification and access as proposed in GRVA-03-16. The expert from Sweden also expressed interest to the position expressed in the document and agreed with France on the need for the right balance between access and security.

37. The expert from OICA stated that the access right matter is not a cyber security one. He added that such provisions clarifying access to data for the purpose of balanced market would be relevant for a Regulation dealing with access right issues.

Working Party on Automated and Connected Vehicles | Session 3 | 3-4 Jun 2019

18. The expert from Japan, Co-Chair of the Task Force on Cyber Security and Over-the-Air Software Updates presented GRVA-02-03, containing a status report of the group’s activities since the previous GRVA session and introducing ECE/TRANS/WP.29/GRVA/2019/2. He mentioned that the group responded in writing to all the questions and comments received on the proposal.

19. The expert from FIA welcomed the proposal produced by the group but mentioned that it did not reflect their position regarding life time requirements.

20. The expert from OICA wondered whether such aspect raised by FIA would belong to the scope of the 1958 Agreement. The secretariat answered that some precedents could help answering this question e.g. UN Regulation No. 49 (including conformity of in-service vehicles/engines provisions), UN Regulation No. 59 (Replacement (retrofit) silencing systems), UN Regulation No. 83 (including durability requirements and “in use” requirements), UN Regulation No. 90 (Replacement braking parts) and UN Regulation No. 133 (Recyclability of motor vehicles). He stated that he was not aware of any provision of the Agreement that would limit the activities under this Agreement only to the performance of new vehicles. The expert from OICA, Secretary of the Task Force agreed to submit in written an informal document highlighting the difficulty faced by the group with this aspect. He presented, on the last day of the second GRVA session, GRVA-02-46 that described the issue of post-production, understood as the product lifetime starting after the production is definitely discontinued.

21. The expert from Germany and the Netherlands stated that the document should address the three following phases: system/vehicle development, production and post-production.

22. The expert from Japan supported the proposal ECE/TRANS/WP.29/GRVA/2019/2 and stated the need to adopt this document during this session, since the new UN Regulation proposed in the document was one of the important and needed Regulations for the improvement of vehicle safety.

23. The expert from EC provided comments on the proposal (GRVA-02-37).

24. The expert from IMMA presented GRVA-02-18, proposing to exclude vehicles of category L from the scope of the document.

25. The expert from Japan, Co-Chair of the Task Force, responding to the advice received from the previous session of GRVA, reported on its proposal for a test phase to assure the draft produced. He presented the aim and the desired output of this activity.

26. GRVA agreed to keep the documents under this agenda item for continued review at next GRVA session. GRVA invited the Task Force to address the comments received and to proceed with the test phase. GRVA noted the need to make further progress on this item and requested the secretariat to explore the possibility to organize a special session of GRVA in May or June 2019.

24. The expert from the United Kingdom, Co-Chair of the Task Force on Cyber Security and Over-The-Air software updates (TF CS/OTA) reported (GRVA-03-02) on the work of the group (recommendations, a draft regulatory text with provisions for the approval of a manufacturer Cyber Security Management System and provisions for the approval of a vehicle with regards to cyber security), including the ongoing testing activities. He clarified that the outcome of the work did not aim at specifying technical solutions, preventing all kind of cyber security events to happen, securing systems outside of the vehicles (e.g. pendrives), specifying durability requirements, listing all risks and corresponding mitigation solutions, but rather a systems-based approach to security management.

25. He explained that the current testing phase was aimed at checking the robustness of the proposal. He noted that manufacturer involvement represented seventy per cent of the global sales. The expert from AVERE confirmed that North American manufacturers were involved in the testing phase. The output could result in the production of interpretation guidelines if necessary.

26. He answered to the questions raised by the GRVA experts. He confirmed that the work was involving Contracting Parties using the regime of self-certification, but that no Country had indicated their intention to become a sponsor in the sense of the 1998 Agreement.

27. The expert from the European Commission requested clarifications about the purpose of the non-regulatory text in ECE/TRANS/WP.29/GRVA/2019/2. He noted the importance to define pass/fail criteria (also for audits) in the context of mutual recognition of type approvals. He expressed the need to consider covering hardware updated in this context. He stated that cyber security impacts privacy protection and mentioned other regulations in other jurisdictions that could complement or impact the ongoing work, such as the European General Data Protection Regulation (GDPR).

28. The expert from France proposed to revisit the definition of a type in the regulatory draft. He proposed to consider the vehicle architecture as one discriminatory feature.

29. The expert from Germany expressed support to the test phase work and expressed the need to consider lifetime provisions.

30. The expert from CLEPA explained that their industry would have a role to play to support cyber security and asked that GRVA consider provisions that would address their role.

31. The expert from Sweden noted the proposal on slide 16 of GRVA-03-02 “UNECE may decide to develop a harmonized framework on [the post production and vehicle support by the manufacturer] topic” and proposed to reflect on this point.

32. The expert from Spain expressed concern with the lack of guarantee over the whole life cycle and proposed to look at practices of other industry sectors to explore best practices. She also noted that these activities were linked with the activities of existing cyber security authorities and that frameworks were already existing. She stated that the outcome of the test phase should result into amendments instead of interpretation documents.

33. The expert from ITU stated that basic requirements should be built in the communication side and that support provisions could be linked to the life of the communication system (He mentioned as an example the Global System for Mobile Communications (GSM) protocol shutdown).

34. The expert from FIGIEFA introduced GRVA-03-16 proposing amendments to ECE/TRAN/WP29/GRVA/2019/2. She mentioned the importance for the after sales sector to take into consideration their needs when drafting provisions. She proposed that Approval Authorities should, as neutral entities, determine independently from manufacturers the companies that are authorized parties. She proposed that the Regulation specifies that the manufacturers shall share with authorized parties: data, function calls and resources inside of the vehicle to allow third parties to provide services to maintain safety and security of vehicles during their lifetime. She also proposed to replace throughout the proposal “life cycle” by “life time”.

35. The expert from the United Kingdom, Co-Chair of the Task Force, explained that the Contracting Parties were able to nominate Approval Authorities according to their competencies (1958 Agreement, Article 2, para.2). He explained that the group did not reach consensus on the post production and support duration issue and that in that case existing national regulations would apply. He confirmed that the work of the group did not conflict with other regulations such as the European GDPR. He also confirmed that the group did not discuss in detail the level of access required in GRVA-03-16.

36. The expert from France stated that the Regulation should not freeze the market for repair and maintenance. But he also expressed concerns with safety and cyber security risks posed by automotive product modification and access as proposed in GRVA-03-16. The expert from Sweden also expressed interest to the position expressed in the document and agreed with France on the need for the right balance between access and security.

37. The expert from OICA stated that the access right matter is not a cyber security one. He added that such provisions clarifying access to data for the purpose of balanced market would be relevant for a Regulation dealing with access right issues.