Presentation is loading. Please wait.

Presentation is loading. Please wait.

Report of Japanese Test Phase <Cyber Security>

Published byÅge Leiv Evensen Modified over 4 years ago

Similar presentations

Presentation on theme: "Report of Japanese Test Phase <Cyber Security>"— Presentation transcript:

1 Report of Japanese Test Phase <Cyber Security>
Test Phase Coordination Meeting 2 17-18, July, 2019 Leiden, Netherlands

2 Outline 4 Manufacturers, 1 TS, 1 AA and the Government are actively involved in the Japanese Test Phase. Evidencing documents which have been developed with a format in the same manner with existing regulations were reviewed. Summary of results in the first round of the test phase will be shared in the later pages.

3 Cyber Security Evidences which are described in the current draft of “Interpretation Document” are sufficient in general in comparison with the results of Japanese test phase.

4 Cyber Security (Continued)
“Interpretation Document” “ID” will not define the criteria on quality of evidencing. “ID” will not define assets to be protected. Such assets shall be defined by OEM in their process for e.g. threats analysis. “ID” will not define boundary conditions on OEM’s process for risk assessment.

5 Cyber Security (Continued)
Interpretation of “Interpretation Document” (Post production phase) “-Additionally, the different phases ~” This interpretation means that CSMS could cover the lifetime considering reducing the risk of attacks through connection channels with disconnecting such channels? In addition, “lifecycle” and “lifetime” should be used carefully in the interpretation document. (“Lifecycle” => design, production, use, disposal…)

6 Cyber Security (Continued)
Interpretation of “Interpretation Document” (f) (The processes used for ensuring that the risk assessment is kept current.) “-Sources: Auto ISAC” It should be clarified here that “Auto ISAC” is just one of examples.

7 Cyber Security (Continued)
Interpretation of “Interpretation Document” (i) (The processes used to appropriately react to new and evolving cyber threats and vulnerabilities.) “-For vehicles not yet registered ” Does this mean the vehicles which are stored in e.g. motor pool? No difference between such vehicles and registered vehicles on cyber threats is seen. This should be deleted. If this context implies the concern for vehicles owned by nobody, this issue could be covered by the requirement of (post-production phase). This is also related to the software update management system. Relevant part: (SU regulation ) Documentation listing target vehicles for the update and verification of the compatibility of the registered configuration or last known configuration of those vehicles with the up date.

8 Cyber Security (Continued)
Interpretation of “Interpretation Document” 7.3.6 (The vehicle manufacturer shall describe what testing has been performed to verify the effectiveness of the security measures implemented and the outcome of those tests.) “-Methodology used and why” Japan understands that the purpose of such tests to confirm whether the security measures which CSMS had planned were implemented.

9 Cyber Security (Continued)
“Demonstration” The demonstration specified in paragraph 7.2, which will be conducted for the certification of OEM’s processes shall include audits on the sites, such as vehicle design department. Such auditing includes e.g. interviews. The demonstration for type approval specified in paragraph 7.3 shall be done from the viewpoint of investigation whether vehicle was actually designed in accordance with content of application form. This demonstration includes investigation of actual vehicle.

10 Cyber Security (Continued)
Referring ISO ISO xxxxx which are written in the current draft of “Interpretation Document” are examples as reference. Evidences to ISO requirements are not identical to evidences to TS and AA. “ISO21434” should be listed in e.g. reference part, should not be written at each requirement in chapter 7.

11 Summary of Test Results
TSs can accumulate sufficient evidences for each requirement in the standardized manner by the identified evidences in the current interpretation document. (More detailed evidences could be accumulated if necessary) TSs need to confirm processes implemented in the Management System by submitted documents evidencing each regal requirement. Detailed documents which may not be submitted to TS need to be stored in the Management System so that they are able to be traceable whenever TS demanded them.(Requirements 7.3.2(a)and(b) for SC / for SU could cover it.)

12 Proposal for amendments of draft regulations
 (e) The processes used for testing verifying the security of the system throughout its development and production phases;

Download ppt "Report of Japanese Test Phase <Cyber Security>"

Similar presentations

Software Quality Assurance Plan

Software Quality Assurance Plan
Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.

Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
FPSC Safety, LLC ISO 14001 4.5.4 AUDIT.

FPSC Safety, LLC ISO AUDIT.
ASPEC Internal Auditor Training Version 1.0 2013.

ASPEC Internal Auditor Training Version
Quality Representative Training Version 1.0 2014.

Quality Representative Training Version
Introduction to Software Quality Assurance (SQA)

Introduction to Software Quality Assurance (SQA)
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Visit us at E mail: Tele: +91-79-2656

Visit us at E mail: Tele:
Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.

Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
NAPHSIS REAL ID Overview June 6, 2007 In support of this key requirement,

NAPHSIS REAL ID Overview June 6, 2007 In support of this key requirement,
BSBPMG406A Apply Communications Management Techniques Apply Communications Management Techniques Unit Guide C ertificate IV in Project Management 17871.

BSBPMG406A Apply Communications Management Techniques Apply Communications Management Techniques Unit Guide C ertificate IV in Project Management
Web Security for Network and System Administrators1 Chapter 2 Security Processes.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.
Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.1 Steps in the Licensing Process Geoff Vaughan University.

Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.1 Steps in the Licensing Process Geoff Vaughan University.
Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,

Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,
Release Management Configuration management. Release Management Goal Coordinate the processes through the project development life cycle Ensure the.

Release Management Configuration management. Release Management Goal Coordinate the processes through the project development life cycle Ensure the.
Workshop Overview What is a report? Sections of a report Report-Writing Tips.

Workshop Overview What is a report? Sections of a report Report-Writing Tips.

Similar presentations

Ads by Google