2021 May 21 |
AFCAR Secure On-board Telematics Platform (S-OTP) Proposal | GRVA-10-09
|
2021-05-21 |
2021-05-21 07:36:27 UTC |
2020 April 21 |
Software Updates: Aftermarket Coalition comments on Interpretation Document | TFCS-ahID-07
|
2020-04-21 |
2020-04-21 08:25:00 UTC |
2020 April 21 |
Cybersecurity: Aftermarket Coalition comments on Interpretation Document | TFCS-ahID-08
|
2020-04-21 |
2020-04-21 08:26:26 UTC |
2020 March 2 |
Cybersecurity: Proposal for amendments to GRVA/2020/3 and GRVA-05-05-Rev.1 | GRVA-06-04
Document Title: Cybersecurity: Proposal for amendments to GRVA/2020/3 and GRVA-05-05-Rev.1
|
Document Reference Number: GRVA-06-04
|
Description: Proposal to require vehicle manufacturers to provide relevant cybersecurity information (cybersecurity goals, specifications, requirements) to authorised replacement-part manufacturers.
|
Submitted by: FIGIEFA
|
Meeting Session: 6th GRVA session (3-4
Mar 2020)
|
Document date: 01 Mar 20 (Posted 02 Mar 20)
|
Document status: Informal GR review
|
This document concerns UN Regulation No. 155 | Cyber Security and Cyber Security Management.
|
Meeting Reports
|
Working Party on Automated and Connected Vehicles | Session 6 | 3-4
Mar 2020
18. The expert from FIGIEFA introduced corrections to the wording that they proposed at the fifth session of GRVA. GRVA agreed with the corrections proposed for paragraph 1.4. GRVA referred the part of the proposal addressing the Interpretation Document to the Task Force on CS/OTA for detailed review.
|
|
2020-03-02 |
2020-03-02 11:25:55 UTC |
2020 February 12 |
Cybersecurity: Proposal for amendments to the draft Regulation | GRVA-05-54
Document Title: Cybersecurity: Proposal for amendments to the draft Regulation
|
Document Reference Number: GRVA-05-54
|
Description: Proposal to insert the provision, “This regulation is without prejudice to national or regional regulations dealing with the development and replacement of parts and systems, physical and digital, with regards to ensure their compatibility with cybersecurity.”
|
Submitted by: FIGIEFA
|
Meeting Session: 5th GRVA session (10-14
Feb 2020)
|
Document date: 12 Feb 20 (Posted 12 Feb 20)
|
Document status: Informal GR review
|
This document concerns UN Regulation No. 155 | Cyber Security and Cyber Security Management.
|
|
2020-02-12 |
2020-02-12 16:04:45 UTC |
2020 February 6 |
Cybersecurity: Explanatory document | GRVA-05-15
Document Title: Cybersecurity: Explanatory document
|
Document Reference Number: GRVA-05-15
|
Description: Explanatory document submitted by the expert from FIGIEFA to be read in conjunction with the UN Regulation on Cybersecurity (ECE/TRANS/WP.29/GRVA/2020/2). This document describes process flow for national/regional authorities to define objective minimum compliance criteria.
|
Submitted by: FIGIEFA
|
Meeting Session: 5th GRVA session (10-14
Feb 2020)
|
Document date: 05 Feb 20 (Posted 06 Feb 20)
|
Document status: Informal GR review
|
This document concerns UN Regulation No. 155 | Cyber Security and Cyber Security Management.
|
Meeting Reports
|
Working Party on Automated and Connected Vehicles | Session 5 | 10-14
Feb 2020
25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.
26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.
27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.
28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.
29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.
30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.
31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.
32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.
33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.
34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above). - GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
- GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
- GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
- The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
- GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.
35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.
|
|
2020-02-06 |
2020-02-06 14:38:34 UTC |
2020 February 6 |
Cybersecurity: Proposal for amendments to the draft UN Regulation | GRVA-05-16
Document Title: Cybersecurity: Proposal for amendments to the draft UN Regulation
|
Document Reference Number: GRVA-05-16
|
Description: Text submitted by the experts from EGEA, FIA, FIGIEFA and ETRMA for amendments and modifications to ECE/TRANS/WP29/GRVA/2020/2 & ECE/TRANS/WP29/GRVA/2020/3
|
Submitted by: EGEA, ETRMA, FIA Foundation, and FIGIEFA
|
Meeting Session: 5th GRVA session (10-14
Feb 2020)
|
Document date: 05 Feb 20 (Posted 06 Feb 20)
|
Document status: Informal GR review
|
This document concerns UN Regulation No. 155 | Cyber Security and Cyber Security Management.
This submission is related to the following document(s):
|
Meeting Reports
|
Working Party on Automated and Connected Vehicles | Session 5 | 10-14
Feb 2020
25. The expert from the United Kingdom and Northern Ireland, Co-Chair of the Task Force (TF) on Cyber Security and Over-The-Air issues (CS/OTA), presented the outcome of the TF. He introduced the proposed draft UN Regulation on Cyber Security and Cyber Security Management System (ECE/TRANS/WP.29/GRVA/2020/2 (withdrawn), ECE/TRANS/WP.29/GRVA/2020/3 amended by GRVA-05-05). He mentioned that the revised proposal entailed a recent proposal from Germany and the European Commission (paragraphs 5.3.1.-5.3.3.) in square brackets. He recalled that the TF was planning to deliver further documents accompanying the UN Regulation: a resolution and an interpretation document. He stated that these documents would be further elaborated during the next session of the TF and would distillate the learnings of the test phase in 2019. He informed GRVA that the work on a UN Global Technical Regulation (GTR) had to start.
26. The expert from Japan introduced GRVA-05-20 proposing amendments to paragraph 7.3.8. on the use of cryptographic modules.
27. The expert from the European Commission introduced GRVA-05-22, aimed at clarifying the consequences of the Cyber Security Management System certificate expiration.
28. The expert from Japan introduced GRVA-05-13, expressing strong objections to the proposed paragraphs 5.3.1.-5.3.3. establishing prerequisites to the granting of type approvals not in line with the 1958 Agreement and posing a sovereignty risk. The expert from the Russian Federation expressed a similar position and proposed to draft an alternative proposal.
29. The expert from France introduced, GRVA-05-29 proposing an alternative to the proposed paragraphs 5.3.1.-5.3.3. as well as amendments proposal for paragraph 7.4 and Annex 5.
30. The expert from the European Commission introduced a compromise proposal (GRVA-05-42) for paragraphs 5.3.1.-5.3.3. aimed at addressing the proposals from Japan and France.
31. The expert from OICA introduced GRVA-05-33. He stated that the test phase’s general outcome was the confirmation of the applicability of the former draft. He explained their major concerns with the current text. He mentioned their concerns from the industry point of view regarding the major type approval procedure modifications introduced by paragraphs 5.3.1.-5.3.3. and the major delay associated risks.
32. He stated that insufficient considerations were given to existing vehicle architectures and requested the introduction of transitional provisions. He also stated that the reporting provisions were excessive. He called on GRVA to consider these concerns and to resolve them on a consensus basis.
33. The expert from FIGIEFA introduced GRVA-05-15, proposing a process flow for national/regional authorities to define objective minimum compliance criteria for the UNECE cybersecurity regulation and a way forward for aftermarket issues.
34. GRVA reviewed in detail GRVA-05-05, having in mind the presentations received (paragraphs 26-32 above). - GRVA discussed the scope of the draft Regulation (keeping vehicles of Categories S, R, T, O in square brackets).
- GRVA discussed GRVA-05-17 and agreed to keep the proposed paragraph 1.4.
- GRVA agreed that the Regulation and the 1958 Agreement would not be prescribing the mutual recognition, among Contracting Parties, of CSMS (and Software Update Management System) certificates.
- The expert from Singapore requested clarifications concerning the reporting obligations according to the draft Regulation and wondered whether any reporting would only be shared among the Contracting Parties of the 1958 Agreement. The Co-Chair of the TF explained that the current draft did not impose reporting on existing cyber security threats. He explained that there were already information sharing platforms such as Automotive Information Sharing and Analysis Center (AutoISAC) in the United States of America. GRVA invited the TF to address the question raised.
- GRVA resumed discussion on the paragraphs 5.3.1.-5.3.3. The expert from the Russian Federation explained that provisions regarding the competencies of Technical Services should be introduced in Schedule 2 to the 1958 Agreement. He added that GRVA-05-42 was not enough and that not trusting Approval Authorities was not a good idea, as it would be time consuming and expensive. He stated that the Database for Exchange of Type Approval documentation (DETA) could have a useful role to play, that the TF could be entitled to learn from type approvals and propose relevant Regulation amendments to GRVA, as necessary, and he proposed the corresponding regulatory wording (GRVA-05-51). The expert from the Republic of Korea stated that these paragraphs could be misused. The expert from CEN proposed an alternative procedure based on the so-called common criteria approach and referred to WP.29-179-28 and WP.29-179-29. The TF Co-Chair noted that the common criteria approach was not complete. The expert from FIA introduced GRVA-05-16. GRVA requested the TF to provide comments on this document. GRVA noted to availability of GRVA-05-02 reproducing ISO/SAE DIS 21434 addressing aspects of the draft Regulation but not the mutual recognition aspect.
35. The Secretary produced a consolidation of the draft Regulation based on the input received during the session (GRVA-05-05/Rev.1). GRVA agreed to use this consolidation as a basis for further work until the next GRVA session.
|
|
2020-02-06 |
2020-02-06 14:44:54 UTC |
2020 February 6 |
Cybersecurity and Software updates: Proposals for amendments to the draft UN Regulations | GRVA-05-17
|
2020-02-06 |
2020-02-06 14:51:47 UTC |
2020 January 20 |
Proposal for cybersecurity process description for use with new UN Regulation | TFCS-17-13
|
2020-01-20 |
2020-01-20 11:22:18 UTC |
2020 January 20 |
Cybersecurity: Proposal for amendments to the draft UN Regulation | TFCS-17-12
|
2020-01-20 |
2020-01-20 11:26:08 UTC |
2020 January 20 |
Cybersecurity: Proposal for amendments to the draft UN Regulation | TFCS-17-24/Rev.1
|
2020-01-20 |
2020-01-20 11:45:53 UTC |
2020 January 20 |
Cybersecurity: Proposal for amendments to the draft Resolution | TFCS-17-25/Rev.1
|
2020-01-20 |
2020-01-20 11:48:21 UTC |
2020 January 20 |
Software Update Processes: Proposal for amendments to the draft UN Regulation | TFCS-17-27
|
2020-01-20 |
2020-01-20 11:58:44 UTC |
2019 November 7 |
Proposal for amendments to the draft Cybersecurity Resolution/Regulation | TFCS-16-27
|
2019-11-07 |
2019-11-11 14:36:04 UTC |
2019 September 21 |
Cybersecurity: Proposal for amendments to document GRVA/2019/2 | GRVA-04-04
|
2019-09-21 |
2019-09-21 18:17:33 UTC |
2019 September 18 |
Cybersecurity: Proposal for amendments concerning vehicle maintenance | TFCS-16-03
|
2019-09-18 |
2019-09-18 12:35:45 UTC |
2019 September 3 |
Cybersecurity: Comments on draft regulation and data access | TFCS-15-30
|
2019-09-03 |
2019-09-03 14:37:36 UTC |
2019 August 25 |
Cybersecurity: Proposal for amendments to the draft text | TFCS-15-23
|
2019-08-25 |
2019-08-25 10:04:43 UTC |
2019 June 3 |
Cybersecurity: FIGIEFA responses to the EC on the draft regulation | GRVA-03-16
Document Title: Cybersecurity: FIGIEFA responses to the EC on the draft regulation
|
Document Reference Number: GRVA-03-16
|
Submitted by: FIGIEFA
|
Meeting Session: 3rd GRVA session (3-4
Jun 2019)
|
Document date: 03 Jun 19 (Posted 03 Jun 19)
|
This document concerns UN Regulation No. 155 | Cyber Security and Cyber Security Management.
This submission is related to the following document(s):
|
Meeting Reports
|
Working Party on Automated and Connected Vehicles | Session 3 | 3-4
Jun 2019
34. The expert from FIGIEFA introduced GRVA-03-16 proposing amendments to ECE/TRAN/WP29/GRVA/2019/2. She mentioned the importance for the after sales sector to take into consideration their needs when drafting provisions. She proposed that Approval Authorities should, as neutral entities, determine independently from manufacturers the companies that are authorized parties. She proposed that the Regulation specifies that the manufacturers shall share with authorized parties: data, function calls and resources inside of the vehicle to allow third parties to provide services to maintain safety and security of vehicles during their lifetime. She also proposed to replace throughout the proposal “life cycle” by “life time”.
35. The expert from the United Kingdom, Co-Chair of the Task Force, explained that the Contracting Parties were able to nominate Approval Authorities according to their competencies (1958 Agreement, Article 2, para.2). He explained that the group did not reach consensus on the post production and support duration issue and that in that case existing national regulations would apply. He confirmed that the work of the group did not conflict with other regulations such as the European GDPR. He also confirmed that the group did not discuss in detail the level of access required in GRVA-03-16.
36. The expert from France stated that the Regulation should not freeze the market for repair and maintenance. But he also expressed concerns with safety and cyber security risks posed by automotive product modification and access as proposed in GRVA-03-16. The expert from Sweden also expressed interest to the position expressed in the document and agreed with France on the need for the right balance between access and security.
37. The expert from OICA stated that the access right matter is not a cyber security one. He added that such provisions clarifying access to data for the purpose of balanced market would be relevant for a Regulation dealing with access right issues.
|
|
2019-06-03 |
2019-06-03 12:50:29 UTC |