Presentation is loading. Please wait.

Presentation is loading. Please wait.

Suggestion for Summarizing Process of the Principles

Published byKathleen Snow Modified over 6 years ago

Similar presentations

Presentation on theme: "Suggestion for Summarizing Process of the Principles"— Presentation transcript:

1 Suggestion for Summarizing Process of the Principles
TFCS-05-07 Suggestion for Summarizing Process of the Principles Japan (Security TF of ITS/AD May / Paris)

2 Background The security TF has worked on threats analysis on the threats table approach which is based on the reference vehicle model. ITU and OICA/CLEPA kindly support the approach. Thanks of dedication of many experts, the security TF has obtained technical elements to support the principles(described in TFSC-01-03e from UK DfT, The security guide line by ITS/AD ). Also, the TF has to manage the time for work considering the time line on the ToR.

3 Suggestion The security TF is ready to start to unite such technical elements with the principles. This uniting process should be started soon and be proceeded respecting views of road vehicle regulations which WP29 is in charge of. Concerns Describing detailed security measures as open documents of WP29 will give hints to evil hackers to attack vehicles…

4 HEADLINE PRINCIPLES: (TFSC-01-03e from UK DfT)
Organisational security is owned, governed and promoted at board level. Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain. Organisations need product aftercare and incident response to ensure systems are secure over their lifetime All organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system. Systems are designed using a defence-in-depth approach. The security of all software is managed throughout its lifetime. The storage and transmission of data is secure and can be controlled. The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail.

5 Security guideline: (TFSC-01-07e by ITS/AD)
2.1 General Everyone’s right to his or her privacy and communications has to be respected. Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject. Automotive manufacturer, component/system supplier and service providers shall respect the principles of data protection by design and data protection by default (see Definitions 1.6 and 1.7). Automotive manufacturers, component/system suppliers and service providers must ensure that there is adequate protection against manipulation and misuse both of the technical structure and of the data and processes. To prevent non-authorized access to vehicles via the “cyberspace” automotive manufacturers, component/system suppliers and service providers shall ensure the secure encryption of data and communications. The system shall be accessible for verifying the measures implemented by automotive manufacturers, component/system suppliers and service providers to ensure cybersecurity and data protection by independent authorised audit.

6 Security guideline: (TFSC-01-07e by ITS/AD)
2.2 Data protection The principle of lawful, fair and transparent processing of personal data means in particular respecting the identity and privacy of the data subject, not discriminating against data subjects based on their personal data, paying attention to the reasonable expectations of the data subjects with regard to the transparency and context of the data processing, maintaining the integrity and trustworthiness of information technology systems and in particular not secretly manipulating data processing, taking into account the benefit of data processing depending on free flow of data, communication and innovation, as far as data subjects have to respect the processing of personal data with regard to the overriding general public interest. ensuring the preservation of individual mobility data according to necessity and purpose. The means of anonymization and pseudonymization techniques shall be used. Data subjects shall be provided with comprehensive information as to what data are collected and processed in the deployment of connected vehicles and vehicles with ADT, for what purposes and by whom. Data subjects shall give their consent to the collection and processing of their data on an informed and voluntary basis. The collection and processing of personal data shall be limited to data that is relevant in the context of collection. If applicable, the data subject shall have the right to withdraw his or her consent if it involves functions that are not necessary for the operation of their vehicle or for road safety. In addition, appropriate technical and organizational measures and procedures to ensure that the data subject’s privacy is respected shall be implemented both at the time of the determination of the means for processing and at the time of the processing. The design of data processing systems installed in vehicles such shall be data protection friendly, i.e. taking data protection and cybersecurity aspects into account when planning the components ("privacy by design") as well as designing the basic factory settings accordingly ("privacy by default").

7 Security guideline: (TFSC-01-07e by ITS/AD)
2.3 Safety Standards for the functional safety of critical electric and electronic components or systems in vehicles such as ISO shall be applied in the light of security-related requirements for connected vehicles and vehicles with ADT. The connection and communication of connected vehicles and vehicles with ADT shall not influence on internal devices and systems generating internal information necessary for the control of the vehicle without appropriate measures. shall be designed to avoid fraudulent manipulation to the software of connected vehicles and vehicles with ADT as well as fraudulent access of the board information caused by cyber-attacks through; wireless connection wired connection via the diagnosis port, etc. shall be equipped with measures to ensure a safe mode in case of system malfunction, e.g. by redundancy in the system. When connected vehicles and vehicles with ADT detect fraudulent manipulation by a cyber-attack, the system shall warn the driver and, if appropriate, control the vehicle safely according to the above requirements.

8 Security guideline: (TFSC-01-07e by ITS/AD)
The protection of connected vehicles and vehicles with ADT requires verifiable security measures according security standards (e.g. ISO series, ISO/IEC 15408). SEC2) Connected vehicles and vehicles with ADT shall be equipped with integrity protection measures assuring e.g. secure software updates appropriate measures to manage cryptographic keys SEC3) The integrity of internal communications between controllers within connected vehicles and vehicles with ADT should be protected e.g. by authentication. SEC4) Online Services for remote access into connected vehicles and vehicles with ADT should have a strong mutual authentication and assure secure communication (confidential and integrity protected) between the involved entities.

9 Example of uniting a case of threat and principles

10 Activities for post-attacks.
Present approach: Threats analysis Mitigation Principles To consider defense against threats(attacks) To review the existing principles and modify them To create new principles The principles include activities(warning, (emergency )stopping) for post-attacks. Such activities are not direct countermeasures against the threats(attacks). Such principles could be discussed in a different approach.

Download ppt "Suggestion for Summarizing Process of the Principles"

Similar presentations

IS Audit Function Knowledge

IS Audit Function Knowledge
ISO 9000 Certification ISO 9001 and ISO 9000.3.

ISO 9000 Certification ISO 9001 and ISO
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No. 619682 ) Business Convergence WS#2 Smart Grid Technologies.

Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Information Security tools for records managers Frank Rankin.

Information Security tools for records managers Frank Rankin.
T.Russell Shields, Co-Chair, Collaboration on ITS Communication Standards Martin Adolph, Programme Coordinator, ITU ITU activities on secure vehicle software.

T.Russell Shields, Co-Chair, Collaboration on ITS Communication Standards Martin Adolph, Programme Coordinator, ITU ITU activities on secure vehicle software.
FIA MOBILITY & TOURISM Gerd Preuss, FIA Representative at UNECE, WP 29 Protection Against Mileage Fraud Current Status in ITS-AD 110 th GRSG Meeting Geneva,

FIA MOBILITY & TOURISM Gerd Preuss, FIA Representative at UNECE, WP 29 Protection Against Mileage Fraud Current Status in ITS-AD 110 th GRSG Meeting Geneva,
Status report on the activities of TF-CS/OTA

Status report on the activities of TF-CS/OTA
Principles Identified - UK DfT -

Principles Identified - UK DfT -
Law Firm Data Security: What In-house Counsel Need to Know

Law Firm Data Security: What In-house Counsel Need to Know
HIPSSA Project PRESENTATION ON SADC DATA PROTECTION MODEL LAW

HIPSSA Project PRESENTATION ON SADC DATA PROTECTION MODEL LAW
Roadmap For An Effective Compliance And Ethics Program

Roadmap For An Effective Compliance And Ethics Program
Making the Connection ISO Master Class An Overview.

Making the Connection ISO Master Class An Overview.
The Ethics of Telepsychology

The Ethics of Telepsychology
Chapter 6 Negotiating access and research ethics

Chapter 6 Negotiating access and research ethics
Outcome TFCS-05 // May OICA, Paris

Outcome TFCS-05 // May OICA, Paris
and Security Management: ISO 28000

and Security Management: ISO 28000
Status report on the activities of TF-CS/OTA

Status report on the activities of TF-CS/OTA

Similar presentations

Ads by Google