Final Report of TF-CS/OTA

Similar documents
Status report of TF-CS/OTA

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)

Current status and next steps. Haileyesus Getahun Coordinator IACG Secretariat World Health Organization

ITU activities on secure vehicle software updates

Economic and Social Council

Terms of Reference (ToR) for ICAT support to MRV in the Energy Sector in Kenya

Remit Issue April 2016

National Accreditation Board for Certification Bodies

IMO MEASURES TO ENHANCE MARITIME SECURITY. Outcome of the 2002 SOLAS conference. Information on the current work of the ILO

CONTINUOUS PROFESSIONAL DEVELOPMENT (CPD) POLICY

Voluntary certification at an intermediate stage of manufacture

MEASURES TO ENHANCE MARITIME SECURITY. Cyber risk management in Safety Management Systems. Submitted by United States, ICS and BIMCO SUMMARY

GOAL BASED NEW SHIP CONSTRUCTION STANDARDS. Development of the Interim guidelines for goal-based standards safety level approach SUMMARY

IAF Mandatory Document KNOWLEDGE REQUIREMENTS FOR ACCREDITATION BODY PERSONNEL FOR INFORMATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)

ISO/IEC TS Conformity assessment Guidelines for determining the duration of management system certification audits

COPUOS Scientific and Technical Subcommittee Activities. Working Group on the Long-term Sustainability of Outer Space Activities

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Cybersecurity Risk and Options Considered by IMO

INSPIRE status report

Role of I&C Conceptual Design in NPP Licensing

Stakeholder consultation process and online consultation platform

Inter American Accreditation Cooperation. IAAC, IAF and ILAC Resolutions Applicable to IAAC MLA Peer Evaluations

European Aviation Safety Agency

Coordination Meeting of Standardisation Activities for assessing the Environmental Impact of ICT

Implementation of the Quality Management System in AIM units. GREPECAS Project G3. (Presented by the Secretariat) SUMMARY REFERENCES

ISO/IEC INTERNATIONAL STANDARD

Content of mandatory certificates

INAB Mandatory and Guidance Documents Policy and Index

ECC Recommendation (17)04. Numbering for ecall

Cyber Security Reliability Standards CIP V5 Transition Guidance:

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Entity authentication assurance framework

LOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE. Loughborough University (LU) Research Office SOP 1027 LU

Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment

ISO/IEC INTERNATIONAL STANDARD

EGNOS and ESSP Certification. ESESA Aviation Workshop 26 th - 27 th October 2010

Alberta Reliability Standards Compliance Monitoring Program. Version 1.1

International Civil Aviation Organization SECOND HIGH-LEVEL CONFERENCE ON AVIATION SECURITY (HLCAS/2) Montréal, 29 to 30 November 2018

Department of Veterans Affairs VA DIRECTIVE April 17, 2006 WEB PAGE PRIVACY POLICY

BDT Activities on Spectrum Management István Bozsóki Head of Division BDT/IEE/SBD

REPORT 2015/186 INTERNAL AUDIT DIVISION

SPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF INFOR- MATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)

Technical guidelines implementing eidas

PART IV GLOSSARY OF TERMS

OIML-CS PD-05 Edition 2

Standard Development Timeline

Draft Thick RDDS (Whois) Consensus Policy and Implementation Notes

ISO/IEC JTC 1 N 13145

Regulation update Monitoring and Compliance

INAB Mandatory and Guidance Documents Policy and Index

Training of BRs/NCs reviewers and experts for Biennial Update Reports technical analysis. 5 th BRs and NCs lead reviewers meeting

ISO9001:2015 LEAD IMPLEMENTER & LEAD AUDITOR

Audit Report. Mineral Products Qualifications Council (MPQC) 31 March 2014

OIML-CS PD-08 Edition 1

EUROCONTROL SWIM Standards Evolution Workshop

Procedure for Network and Network-related devices

136 FERC 61,039 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. [Docket No. RM ] Smart Grid Interoperability Standards

Conformity assessment Requirements for bodies providing audit and certification of management systems. Part 6:

Policy drivers and regulatory framework to roll out the Smart Grid deployment. Dr. Manuel Sánchez European Commission, DG ENERGY

Internal Audit Follow-Up Report. Multiple Use Agreements TxDOT Office of Internal Audit

Cyber Security Supply Chain Risk Management

Cyber Security Standards Drafting Team Update

Session 2: CORSIA MRV System: Monitoring of CO 2 Emissions. ICAO Secretariat

Inhalt. Description of Certification Procedure ISO 22000, HACCP and DIN 15593

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

INTERNATIONAL STANDARD

DFARS Cyber Rule Considerations For Contractors In 2018

IEEE Maintenance Task Force 12 th July 2017 Berlin, Germany

EA-01/01 List of EA Publications

NY DFS Cybersecurity Regulations August 8, 2017

Grid Security Policy

Audit Report. Chartered Management Institute (CMI)

Richard Atkins FRIAS, RIBA, FRSA Managing Director, Home Energy and Data Services Limited. How the Schemes Work

WHO Secretariat Dr Oleg Chestnov Assistant Director-General Noncommunicable Diseases and Mental Health

ISO/IEC INTERNATIONAL STANDARD. Conformity assessment Supplier's declaration of conformity Part 1: General requirements

APPROVAL PROCESS TO BE FOLLOWED FOR PROVISIONAL ACCREDITATION OF CBs UNDER FM CERTIFICATION SCHEME

ISO/IEC Conformity assessment Fundamentals of product certification and guidelines for product certification schemes

IT Updates. Maryland Health Benefit Exchange Board Meeting April 15, Presented by: Isabel FitzGerald Secretary, DoIT

Trust. Trustworthiness Trusted. Trust: Who? What? When? Why? How?

SGS INTRON CERTIFICATIE CERTIFICATION AND ATTESTATION REGULATIONS 2015 TABLE OF CONTENT

Cyber Security of ETCS

Japan s Measures against Spam

ISO/IEC INTERNATIONAL STANDARD. Information technology Software asset management Part 1: Processes and tiered assessment of conformance

NISP Update NDIA/AIA John P. Fitzpatrick, Director May 19, 2015

Budget Review Process (BRP) Preliminary List of Business Initiatives. Stakeholder Meeting April 10, 2017

Policy for Accrediting Assessment Bodies Operating within the Cradle to Cradle Certified Product Certification Scheme. Version 1.2

IECEx Scheme Braunschweig Meeting of ExTAG 4 th and 5 th of September. Draft Minutes and decision list

Scheme Document. For more information or help with your application contact BRE Global on +44 (0) or

ETSI European CA DAY TRUST SERVICE PROVIDER (TSP) CONFORMITY ASSESSMENT FRAMEWORK. Presented by Nick Pope, ETSI STF 427 Leader

RECOMMENDATION FOR USE

SME License Order Working Group Update - Webinar #3 Call in number:

IAEA Action Plan on Nuclear Safety

RESOLUTION 45 (Rev. Hyderabad, 2010)

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

July 30, Q2 Quarterly Report on Progress in Processing Interconnection Requests; Docket No. ER

HOW TO REACH OICA. Taxi is really expensive.

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management systems Overview and vocabulary

Session 609 Tuesday, October 22, 2:45 PM - 3:45 PM Track: IT Governance and Security

Prot. DC2018SSV120 Milano, To all Certification Bodies (CBs) with OH&S accreditation. To the associations of Conformity Assessment Bodies

ISO/IEC INTERNATIONAL STANDARD

Client Services Procedure Manual

Transcription:

Submitted by the Secretary of the UN Task Force on Cyber Security and Over-the-Air issues Informal document GRVA-01-19 1st GRVA, 25-28 September 2018 Agenda item 6 (b) Final Report of TF-CS/OTA United Nations, Palais des Nations, Geneva 25-28 September 2018 1

The remit of the group was to produce a recommendation on cyber security a recommendation on software updates develop draft regulations on both topics How was the work addressed Task force containing experts from Contracting Parties and NGO s (CITA, FIA, ITU, OICA, CLEPA, ISO and others) Thirteen meetings to agree on proposed recommendations 2

The UN Task Force on Cyber Security and Over the Air issues (TF- CS/OTA) provides two recommendations: Data protection Cyber Security Software updates Legal aspects Security aspects Security aspects Certification aspects Safe execution out of scope Threat analysis preregistration postregistration Develop flow diagram Develop recommendation for safe execution Define mitigation principles Define approval method Develop Recommendation on Cyber Security Develop Recommendation on Software Updates 3

Structure of the Recommendation on Cyber Security Recommendation Cyber Security Cyber Security Guidance Guidance on process and procedures; best practices (threats & mitigations);... Main body of the Recommendation (Chapter 1-6) Annex B ( List of threats and corresponding mitigations ) Annex C ( Examples of Security Controls related to mitigations - informative) Cyber Security Regulation Annex A Requirements for approving OEM C/S Management System; Certification of OEM Approval of vehicle type C/S Cyber Security requirements refer to Resolution 4

Structure of the Recommendation on S/W update processes Recommendation Software updates processes S/W update guidance Main body of the Recommendation (Chapter 1-6) S/W update Regulation Annex A Regultory text RxSWIN Annex B Guidance on processes and procedures, and advice to support national registration processes Requirements for approving OEM S/W update Management; Incl. process verification, audits & assessment of OEM capability S/W update requirements for vehicle types incl. safety and security Software Identification Number be introduced in existing UN Reg. (where appropriate) 5

Things to note : - Output: 2 recommendation papers incl. 2 new draft UN Regulations and a draft proposal for amending existing UN Regulations - Innovative approach taken: a) Assessment of vehicle manufacturers management systems and approval of vehicle types in a two step approach to give type approval b) Consideration of how to address post-production phase c) No specific test provisions, instead assessment of declared processes and procedures of the vehicle manufacturer (modeled on UN Regulation No. 133) - Due to innovative aproach, a test phase before implementation may be required 6

Things to note (continued): - Papers are delivered as informal documents to GRVA-01 - GRVA-02 to consider the recommendations in detail in order to have them submitted to WP.29 for: - Final decision on the recommendations within both Recommendations (see Chapter 7), - Adoption of the Draft Regulations (Annexes A) and - encourage its GR s to consider the Draft Regulatory Amendment (Annex B of the Software Update Process Recommendation). - Task force would need to be reformed or mandate extended in order to answer any major requests or questions since the mandate is ending in Dec. 2018. - Secretariate may be able to answer clarification questions. 7

Suggested timeline for implementation TFCS-13 London GRVA-1 Geneva Current Mandate of TFCS GRVA-2 Geneva WP29 WP29 18-20 Sep. 2018 25-28 Sep. 2018 Dec. 2018 Jan. 2019 June 2019 Nov. 2019 Review by GRVA Review by WP.29 Test phase?? GTR?? Task Force is asking for comments until 31 October 2018. Earliest adoption of draft Regulations 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback