OICA review of the various national and regional guidelines on automated vehicle testing and development and perspectives for the development of a regulatory framework and vehicle certification procedure.

Proposal from the Task Force on Cyber Security and Over-The-Air Software Update Issues to provide recommendations for the mitigation of risks of unauthorized access to critical automated vehicle software systems, including a proposal for a new UN Regulation.

Copy of doucment TFCS-13-21.

This document is also available in a version showing the revision mark ups from the previous version.

Revised terms of reference submitted by the UK for the subgroup on physical certification and auditing of automated vehicles and driving systems.

Netherlands input towards defining framework and work of the AV informal group.

Proposed objectives and guidelines for an informal working group on the physical certification of automated vehicles (i.e., proving ground tests) and audit of manufacturers (certification of the management of safety-critical aspects such as cybersecurity, data protection, and software updates).

Draft regulation contained in Annex A of the draft Recommendations Paper on cybersecurity, including comments from OICA-CLEPA and Japan.

Japan proposes the modification of the relevant parts (especially chapter 6.,7. and 9.) in the regulation annexes of the draft UN Regulations on cybersecurity and software updates to describe that both AA and TS can carry out the testing.

(Duplicate of document TFCS-12-20.)

Draft text from the Cybersecurity task force effort.

Cybersecurity and OTA updates task force summary review of the draft proposal for a UN Regulation on cybersecurity requirements (Annex A of the "recommendations paper) comparing the previous document TFCS-ahRCSP3-04 with the proposal as restructured by this cybersecurity ad hoc review group.

Comments on the consolidated draft text after ahRCSP2 session.

Discussion document prepared under the WP.29 committee for coordination on the creation of a permanent GR Working Party dedicated to automated/autonomous and connected vehicles.

Draft paper pursuant to the webex ad hoc review session prepared by the chair and not yet reviewed by the stakeholders.

Annex C List of Security Controls related to cybersecurity threat mitigations

Summary slides on the results and decisions of the 12th Cyber Security and OTA Software Updates Task Force session.

Updated Day 2 document with revised paragraph 2.1.2 of annex 1 of Annex A.

Proposal for wording regarding vehicle manufacturer responsibility for supplier cybersecurity: “The vehicle manufacturer shall demonstrate that he has processes in place with his suppliers to ensure cybersecurity.”

Updated list of terms and definitions pursuant to the 2nd ad hoc TFCS session of definitions (TFCS-ahDef).

Working draft paper pursuant to the 4 April 2018 ad hoc “Cyber Security Paper” session.

Draft annex 2 (mitigations and security controls) prepared by the TFCS secretary pursuant to the ad hoc telephone conference session on “Cyber Security Annexes on Risks and Mitigations”.

Updated annex 1 on risks and vulnerabilities pursuant to the WebEx session.

Proposals from the TFCS chair.

Paper as updated during the ad hoc “Cyber Security Annexes on Risks and Mitigations” web conference of 26 Mar 2018.

Definitions as developed during the TFCS “Definitions” ad hoc session.

Clean version of the draft paper prepared by the group secretary for review by the task force.

Draft of an Annex 5 to the Cybersecurity Recommendations Paper as revised during the TFCS ad hoc session presenting a proposal for a type approval regulation, based upon the format of UN Regulation No. 133 on vehicle recyclability. A clean version of this proposal is also available.

Draft recommendations paper integrating edits agreed upon through Day 3 of the 10th TFCS informal group session.

Summary of the discussions held on the draft papers concerning recommendations on cybersecurity and software updates. The cybersecurity discussion was held on 8 December while the software update discussions were held on 7 December and 16 December. (This version supersedes the earlier minutes posted in December 2017.)

Input for the annex on the “List of threats and corresponding principles and mitigations”.

Discussion of structure for regulating vehicle-level software safety through a resolution on known threats and mitigations and compliance and testing provisions under one or more regulations.

Working paper draft from the task force chairman.

Working draft of cyber security recommendations with changes agreed during the Cyber Security and OTA Updates task force teleconference on 8 December 2017.

Based on commented version 1.0 of 28 November 2017.

Draft paper of the Task Force on Cyber Security and Over-the-Air Updates pursuant to its 9th session, including a new format and numbering.

Draft paper from the Task Force on Cyber Security and Over-the-Air Updates following its 9th session, including a new format and numbering.

Vehicle manufacturer input for general brainstorming discussion on the regulation of automated driving systems and highly automated vehicles. OICA proposes a framework and has begun drafting elements of what might be included in a UN Regulation on highly automated (Levels 3-5) vehicles.

Updated and amended working draft of the cybersecurity recommendations for regulators pursuant to the 8th (October 2017) Cybersecurity and Over-the-Air Updates Task Force session.

Working draft “Recommendation of the Task Force on Cyber Security and Over-the-air issues”.

Draft framework for cybersecurity and data management guidelines.

RAMA is a graphical representation to model vehicular information and communication technology of (connected) vehicles. It models the integration of vehicles in their environment as well as the whole vehicular life cycle from the beginning of the development till scrapping. RAMA is an adaptation of the Reference Architectural Model Industrie 4.0 (RAMI 4.0) of the VDI, VDE and ZVEI for the automotive domain ¹.

Japan input for Annex 1 “List of threats and corresponding principles and mitigations” of the proposed paper on cybersecurity recommendations.

Initial outline for the recommendations to WP.29 from the Task Force on Cybersecurity and Over-The-Air Updates (TFCS).

An alternate version of this document with an explanatory page is also available.

The Cybersecurity Task Force has been developing recommendations on cybersecurity threat mitigation. This presentation opens a discussion on how such recommendations might be codified under the 1958 Agreement and Consolidated Resolution on the Construction of Vehicles (RE3).

Recommendations established by the Open Web Application Security Project.

Document on the tracking of software changes under UN Regulations within the type approval system, making use of “software identification numbers” (SWIN) tied to respective regulations (hence, RXSWIN).

Revised document on software type approvals (replacing the software type approval number—SWTAN—with a “software identification number” tied to a UN Regulation No., or RXSWIN where “X” would be replaced by the UN Regulation number).

OICA-CLEPA draft contribution to integrate SWTAN in UN Regulations

TFCS Task Force table prepared by the Chair incorporating input from the Netherlands, OICA, Japan, and the UK with additional UK comments.

Review of the TFCS work considering eventual regulatory responses to the impact of software updates on the validity of type approvals.

Introduction to a US research consortium developing an architecture in collaboration with major automotive companies to prevent third-party intrusion into vehicle software systems.

Table on CS threats prepared by Japan with extended CIA approach including mitigations from OICA, UK DfT principles and ITS-AD Guidelines.

Procedures in relation to type approval, etc. concerning update of vehicle systems by wireless communication technology.

Proposal first presented to the ACSF informal group for a type-approval mechanism to control for updates to software dependent systems.

Germany’s type-approval authority (KBA) input on monitoring and assessing changes to vehicle software applications that impact criteria used in the type approval of vehicles and component systems. The presentation discusses the possibilities for type approval of software applications and for the use of periodic technical inspections to detect significant anomalies.

This is an extraction and abridged summary of recommendations from papers on vehicle cybersecurity.

Summary of discussions, including related to the International Whole Vehicle Type Approval, on issues raised by the prospects for automated vehicle software updates under the type approval system.