Working draft of cyber security recommendations with changes agreed during the Cyber Security and OTA Updates task force teleconference on 8 December 2017.

Based on commented version 1.0 of 28 November 2017.

Draft paper from the Task Force on Cyber Security and Over-the-Air Updates following its 9th session, including a new format and numbering.

Draft paper of the Task Force on Cyber Security and Over-the-Air Updates pursuant to its 9th session, including a new format and numbering.

Vehicle manufacturer input for general brainstorming discussion on the regulation of automated driving systems and highly automated vehicles. OICA proposes a framework and has begun drafting elements of what might be included in a UN Regulation on highly automated (Levels 3-5) vehicles.

Updated and amended working draft of the cybersecurity recommendations for regulators pursuant to the 8th (October 2017) Cybersecurity and Over-the-Air Updates Task Force session.

Working draft “Recommendation of the Task Force on Cyber Security and Over-the-air issues”.

Draft framework for cybersecurity and data management guidelines.

RAMA is a graphical representation to model vehicular information and communication technology of (connected) vehicles. It models the integration of vehicles in their environment as well as the whole vehicular life cycle from the beginning of the development till scrapping. RAMA is an adaptation of the Reference Architectural Model Industrie 4.0 (RAMI 4.0) of the VDI, VDE and ZVEI for the automotive domain ¹.

Japan input for Annex 1 “List of threats and corresponding principles and mitigations” of the proposed paper on cybersecurity recommendations.

Initial outline for the recommendations to WP.29 from the Task Force on Cybersecurity and Over-The-Air Updates (TFCS).

An alternate version of this document with an explanatory page is also available.

The Cybersecurity Task Force has been developing recommendations on cybersecurity threat mitigation. This presentation opens a discussion on how such recommendations might be codified under the 1958 Agreement and Consolidated Resolution on the Construction of Vehicles (RE3).

Revised document on software type approvals (replacing the software type approval number—SWTAN—with a “software identification number” tied to a UN Regulation No., or RXSWIN where “X” would be replaced by the UN Regulation number).

Document on the tracking of software changes under UN Regulations within the type approval system, making use of “software identification numbers” (SWIN) tied to respective regulations (hence, RXSWIN).

Recommendations established by the Open Web Application Security Project.

OICA-CLEPA draft contribution to integrate SWTAN in UN Regulations

TFCS Task Force table prepared by the Chair incorporating input from the Netherlands, OICA, Japan, and the UK with additional UK comments.

Introduction to a US research consortium developing an architecture in collaboration with major automotive companies to prevent third-party intrusion into vehicle software systems.

Review of the TFCS work considering eventual regulatory responses to the impact of software updates on the validity of type approvals.

Table on CS threats prepared by Japan with extended CIA approach including mitigations from OICA, UK DfT principles and ITS-AD Guidelines.

Procedures in relation to type approval, etc. concerning update of vehicle systems by wireless communication technology.

Proposal first presented to the ACSF informal group for a type-approval mechanism to control for updates to software dependent systems.

Germany’s type-approval authority (KBA) input on monitoring and assessing changes to vehicle software applications that impact criteria used in the type approval of vehicles and component systems. The presentation discusses the possibilities for type approval of software applications and for the use of periodic technical inspections to detect significant anomalies.

This is an extraction and abridged summary of recommendations from papers on vehicle cybersecurity.

Summary of discussions, including related to the International Whole Vehicle Type Approval, on issues raised by the prospects for automated vehicle software updates under the type approval system.

Clean version of the draft document developed during the ad hoc group session.

Task force draft table considering levels of importance that software updates might have on the validity of type approvals/registrations of automated vehicles.

Ad Hoc “Threats” group draft matrix of potential cybersecurity threats pursuant to its consideration during the 4th Cybersecurity Task Force session.

Draft matrix of potential cybersecurity threats pursuant to the 4th Cybersecurity Task Force session, including notations of individual threats.

Draft table pursuant to the discussions on the second day of the task force session.

Request for input on motor-vehicle cybersecurity.

Japanese revisions to the draft ToR.