|
As car manufacturers enable advanced communication and security features, the security of connected car data becomes critical. With the improvement of connectivity, the risk of automotive network security also increases. In fact, the number of automotive cyber attacks has risen sharply. Today, an average car contains as many as 150 electronic control units and approximately 100 million lines of software code. By 2030, this number is expected to reach 300 million lines of code.
In response, regulators have begun to take action to address the growing vulnerabilities in the data security of connected cars. WP.29 regulations will require manufacturers to implement measures in four areas: Manage vehicle cyber risks; Ensure vehicle safety through design to reduce risks in the value chain; Detect and respond to safety incidents throughout the fleet; Provide safe software updates and ensure that vehicle safety is not affected. In the European Union, all new cars produced from July 2024 will be subject to mandatory automotive cybersecurity regulations. Japan and South Korea also agreed to implement regulations in accordance with their respective timetables. They do not apply to North American automakers. The WP.29 regulation defines automotive cyber security requirements to approve vehicles based on the type (car, truck, truck, and bus) and the certificate of conformity for the cyber security management system (CSMS). CSMS refers to a system that supports the manufacturer's network security. It includes all processes, activities and personnel to ensure vehicle safety.
In addition, the International Organization for Standardization (ISO) is developing automotive cybersecurity standards. The
ISO/SAE 21434 standard establishes a "network security design" throughout the life cycle of a vehicle. ISO 21434 provides a model for the development of a risk assessment system and specifies the process and work products. The entire process of WP.29 compliance can be divided into three stages: Evaluation, including scoping and status evaluation. The result should be a compatible framework. The scope of implementation includes cybersecurity organization (based on ISO 21434), the definition of risks, personnel and tools, and the final determination of organizational processes. Operations include monitoring, evaluation and continuous processes. It led to the launch of CSMS, followed by model approval.
In response to the COVID-19 global pandemic and the resulting shift to remote work, automakers can take several remote measures to ensure compliance with UNECE vehicle cybersecurity regulations. From the start of the evaluation, you can check the existing settings, conduct interviews with internal experts, and conduct remote analysis for new requirements. Organization, process and management system settings can also be defined remotely. Last but not least, the technical implementation of process automation solutions and CSMS technology can be done remotely. As more and more vehicles are subject to cyber attacks and bring more risks, the industry needs standard procedures and international regulations for automotive cyber security. (quoated from : Mr.Arndt Kohler)
At the upcoming 5th Annual China Automotive Cyber Security Summit 2020 to be held on the 3rd - 4th in Shanghai, will present a series topics to help automakers in affected countries will need to comply with the new UNECE standards and change the way they work. The ISO 21434 standard aims to make the compliance process more transparent and lay the foundation for overall standardization. The technological changes within the automotive industry are complex. Many automakers will need to align their interconnected car data security practices with international regulations and standards. The sooner they start to prepare, the more opportunities they have to implement the necessary changes to comply with new regulations and standards.
|
For more speakers and topics of ACSS2020 please click here to download the Agenda.
Presentation Topic: " Automotive OEMs - How to Deal with WP29 Cyber Security Compliance"
• UNECE GRVA WP29 Cyber Security Compliance Background Introduction
Organizational structure, compliance background, scope of applicable vehicle models, response attitudes of the banned country, etc.
• Description of the relationship between WP29 and ISO21434
WP29 compliance requirement framework—correspondence between WP29 and ISO21434
• Car companies’ WP29 compliance status differences and rectification routes
The main target difference of safety governance—The main difference of safety business execution target—The WP29 car company's comprehensive rectification route
• Introduction of Deloitte WP29 project experience and service capabilities
Introduction to Deloitte WP29 Project Experience—Introduction to the core methodology of Deloitte WP29 project implementation
Speaker:Boris Zhang, Engagement Partner, CIA、CISA. Deloitte
|
Presentation Topic:" TISAX---Information security assessment of automotive supply chain"
TISAX has become the general information security capability requirement of German automotive industry. From OEM to traditional parts suppliers and more extensive partners such as automatic driving and intelligence mobility, the whole industry chain follows the same information security standard (VDA-ISA), and obtains the corresponding TISAX Label through the third-party audit report, which not only protects the key information assets and core IPs of OEMs and suppliers, but also helps enterprises establish continuous cyber governance capabilities. Nearly 100 enterprises have passed this strict assessment in China, which will help the whole industry to realize the comprehensive cyber security governance, from ISMS to CSMS, from enterprise management to the life cycle of its product & service.
Speaker: Frank Wu, Associate Director of KPMG China
|
Presentation Topic: "Cybersecurity challenges specific to V2V communications; Weighing the benefits and challenges of DSRC, C-ITS and C-V2X"
Speaker: Ye Tian, Network security researcher and Project manager, Department of Security Technology, Research Institute of China Mobile Communications Corporation
Dr. Tian Ye is network security researcher and project manager in department of security technology, research institute of China Mobile. He is engaged in C-V2X security and cellular network security research for many years, currently mainly focus on 4G/5G network service for vertical industries, C-V2X security solution research, C-V2X security technology standardization and industry application promotion.
|
Presentation Topic:" Cybersecurity considerations for EV, Autonomous and the futureof Mobility.”
This presentation will investigate and analyse the latestcybersecurity trends seen in the automotive industry which will affect the EV,autonomous and future mobility market. We will investigate the adoption of cybersecurity features within the vehicles, the factors to consider withrespect vehicle architecture and security operations centre. We will investigate what the drivers are and the effects of up and coming typeapprovals within WP.29 and the introduction of ISO/SAE 21434.
Speaker: Gangsong Zhou, Cyber Security Specialist, Secure Car Department, SBD Automotive
|
|
|
Presentation Topic: "Secure Automotive Software Development in the Age of ISO/SAE 21434"
This talk presents cybersecurity activities in the software development process based on ISO/SAE 21434 to help automotive companies develop more secure systems. We will discuss practical implementation examples for each cybersecurity step in the development process. Specifically, we will provide some examples on what is required for automotive organizations from a resources and tools perspective to ensure efficient and practical implementations of the various steps in order to create a secure automotive software development process.
Speaker: Dennis Kengo Oka, Principal Automotive Security Strategist, Synopsys Software Integrity Group
|
Presentation Topic:
Research on Data Security of Autonomous Driving and Evaluation Framework"
Risk analysis of data security in automatic driving; Data classification of automatic driving and security architecture Research on cybersecurity evaluation framework.
Speaker: Youlei Chen, Chief Security Architect in the Policy and Standard Patent Department of Intelligent Automotive Solutions BU of Huawei Technologies co., LTD.
|
|
|
Presentation Topics: "Cybersecurity Issues and Solutions for In-vehicle Networks"
With the rapid development of automotive intelligence, autonomous driving technologies will gradually be put into practical use, and requirements for the security of the in-vehicle network are gradually raised. This presentation covers CAN / CANFD, Ethernet and other buses from the perspectives of threat analysis and risk assessment, best practices, standards, and solutions, which explores the network security protection system of the in-vehicle network.
Speaker: Yun Li, Ph.D, Vecentek Co., Ltd./University of Electronics Science & Technology of China
|
Presentation Topics: " When IOV Security Meets Security Certification "
With the increasing intelligence and Internet of automobiles, the information security of the Internet of Vehicles is also developing rapidly, and the potential risk factor is also increasing. The information security of the Internet of Vehicles has become a "new battlefield" for vehicle safety. This speech starts from the information security threats faced by the Internet of Vehicles, and leads to the mainstream information security authentication mechanism at home and abroad, and illustrates the process and necessity of the information security certification of the Internet of Vehicles products.
Speaker: Haichun Zhang, Senior researcher, Vehicle Security Laboratory, Seczone Group
|
|