IEA Report: Enhancing Cyber Resilience in Electricity Systems

In early April 2021, the International Energy Agency (IEA) released its Flagship Report ‘Electricity Security 2021’. The report consists of several topic-specific reports covering various present security aspects for the energy sector, such as climate resilience and transition challenges. ISS Director Guido Gluschke took part in the review process of the report ‘Enhancing Cyber Resilience in Electricity Systems’. This report focuses on the present and emerging cyber threats against the energy sector and the increased need for cyber resilience. Besides elaborating the challenges of increased digitalization for the electricity sector, the report also emphasizes the centrality of policy makers to this issue and provides them with concrete policy recommendations for facilitating cyber resilience in the face of the existing cyber threat landscape for the energy sector.

You can find the full IEA report ‘Enhancing Cyber Resilience in Electricity Systems’ here.

ISS Automotive Expert Dialogue

As a continuation of the Automotive Security Summit in November 2020, a follow-up expert dialogue on the newly enforced UNECE cybersecurity regulations R.155 and R.156 was organized and hosted by the ISS on the 25th of March. Representatives from over a dozen German car manufacturers and suppliers participated in the event, as well as representatives from UNECE, ENX Association, the German Association of the Automotive Industry (VDA) and the German Federal Office for Information Security (BSI).

While 2020’s Automotive Security Summit provided participants with a general overview on the upcoming regulations and potential challenges, the expert roundtable aimed to identify the challenges and needs of all stakeholders in the context of the regulations more concretely. Among the discussed topics were questions about a possible differentiation in cybersecurity requirements, forms of best practices exchange for the implementation of the regulations, difficulties for suppliers in managing different cybersecurity requirements from different manufacturers and questions concerning the future challenges of vehicle lifecycle and liability issues.

The ISS will continue this dialogue format on the new UNECE cybersecurity regulations with relevant stakeholders in the future, as the need for an information exchange format on this topic was clearly visible.

ITU & UNECE Future Networked Car Symposium 2021

Organized by UNECE and ITU, the Future Networked Car Symposium 2021 took place from 22 to 25 March. Under the slogan ‘Moving towards automated driving’ the event focused on regulatory, security, communication and technical aspects of automated driving throughout four days. The second session: Vehicle cybersecurity framework is ready: It’s time for deployment, featured a key note speech by ISS Director Guido Gluschke, and ISS Acting Director Swantje Westpfahl as a panelist. In his key note, Mr Gluschke addressed the challenges that the new UNECE regulations on cybersecurity pose for the automotive industry in a bigger picture: He referred to the security requirements for both production and business networks, questions of cybersecurity in both development and post-production, and the integration of secure automated and connected driving into smart infrastructures.

The subsequent panel featured representatives of major car manufacturers as well as regulators and telecommunication providers to explore themes like general implementation challenges for the regulations, challenges with regulations on over-the-air updates for vehicles specifically, implications for user experience and the question on whether readiness for implementing the new regulations exists for all involved stakeholders. The full stream of the whole session can be watched here.

The ISS’ participation in this discussion is in line with its current efforts to generate understanding and confidence of the automotive industry for the new UNECE regulations, through facilitating dialogue between the relevant stakeholders, such as manufacturers, suppliers and regulators.

UN OEWG Consensus Report adopted

On Friday 12 March 2021, the United Nation’s Open-ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security (OEWG) adopted its report by consensus. The adoption follows over one and a half years of work over three substantive sessions and several multistakeholder events, building upon previous reports of the UN’s Governmental Group of Experts (UN GGE) on ICT security. Touching on six topics such as international law in cyberspace, rules and norms for responsible state behavior in cyberspace and cyber capacity building, the report marks the first instance of a forum open for all UN member states, in which security-related ICT issues were discussed. Through its adoption of a multistakeholder approach it also managed to facilitate strong engagement from private-sector actors determined to actively participate in the discourse on ICT in international security.

The ISS, represented by Acting Director Dr. Swantje Westpfahl, participated in the group’s work in several multistakeholder events throughout the process, as well as with a written submission on its Zero Draft, focusing on capacity building aspects of the report. The report as well as the Chair’s Summary and all related documents can be found here.

UN OEWG Informal Multistakeholder Consultation

The latest Informal Multistakeholder Consultation of the UN’s Open-ended Working Group on Developments in the field of Information and Telecommunications in the Context of International Security (OEWG) took place online on Thursday 25 February 2021. The Consultation presented a forum where national delegations can inform themselves about the opinions of non-state organisations concerning the ongoing draft process of the OEWG’s final report and just ahead of the final substantive session of the OEWG on 8-12 March 2021.

Attended by almost 200 participants from all over the world, the meeting followed the present structure of the OEWG’s Zero Draft which contains topics such as the applicability of international law to cyberspace, rules and norms for responsible state behavior and international cyber capacity building. During the event, ISS Acting Director Dr. Swantje Westpfahl spoke on the importance of a needs-based, agile cyber capacity building agenda to most effectively approach the capacity building process. The ISS’ detailed commentary on the OEWG’s Zero Draft can also be found on the OEWG’s website.

ISS Automotive Security Summit. Ettlingen, Germany.

The ISS hosted its first online-based conference on 03 November 2020: the ISS Automotive Security Summit. Over 30 professionals from the German automotive sector participated in the event (representing OEMs and suppliers). Opening with a keynote speech of François Guichard, Secretary of UNECE‘s Working Party on Automated/Autonomous and Connected Vehicles, three impulse presentations along with an expert panel addressed theoretical and practical questions on the new UNECE Cybersecurity regulations for connected vehicles:

Julia Füller (VICCON GmbH) and Dr. Ing. Christian Geiss (Clockworx GmbH) addressed Cybersecurity in the Automotive Sector in general, while Mona Gierl of the Institut für Energieeffiziente Mobilität (IEEM) addressed the topic of Cybersecurity challenges in the diagnosis of vehicles. Moderated by ISS Director Guido Gluschke, the panel focused on questions on the role of security in the digitalization of the automotive sector. The panelists Francois Guichard (UNECE), Prof. Dr. -Ing. Reiner Kriesten (Karlsruhe University for Applied Sciences‘ IEEM), Dr. Wolfgang Fischer (e-mobil BW) and Christoph Gelzer (Wirtschaftsförderung Region Stuttgart GmbH), presented their views on how the automotive industry might change in the light of digitalization.

The event was a great opportunity for the ISS to demonstrate its capacity to foster know-how transfer and to monitor the development and implementation of international Cybersecurity regulations for the German automotive sector. With this, the ISS also aims to serve as a dialogue enabler between the international regulation bodies and industry members in matters of Cybersecurity for Automotive. We would like to thank all participants for making the event that interesting and fruitful.

4th NMIOTC Annual Cyber Security Conference in the Maritime Domain, Crete, Greece.

ISS Director Guido Gluschke, Acing Director Swantje Westpfahl and ISS Security Scientist Dmytro Cherkashyn participated in the 4th NMIOTC Annual Cyber Security Conference in the Maritime Domain from 30 September – 01 October 2020, hosted by NATO. The focus of this year’s conference was on new and emerging Cyber Security threats which threaten both civil and military operations in the maritime domain. The ISS members gave a presentation named ‘Developing an Exercise Platform for Educational Activities on Maritime IT/Cyber Security’ in which they highlighted the vulnerabilities of maritime vessels to code-borne attacks and how to mitigate the resulting threats by establishing an educational Cyber Security platform. For this, the ISS also presented its own upcoming ISS Capacity Building Center (ICBC) which aims to provide organizations and individuals with professional Cyber Security educational services, such as online courses, trainings and customized didactic concepts (CDCs). One of the specific instruments for Cyber Security exercises is an ISS Demonstrator also presented at the conference. The conference was attended by more than 100 experts and NATO personnel both on location and online.

UNIDIR Cyber Stability Conference 2020, Geneva Switzerland.

ISS member Tim Dalhöfer attended the 2020 Cyber Stability Conference by UNIDIR on 28 September 2020. The formation of universal Cyber Norms remains one of the great challenges faced by governments, international organizations and a vast variety of private actors in today’s digital landscape. Establishing rule-based behavior in cyberspace is seen as one the main prerequisites for reducing the number of state-sponsored cyberattacks and strengthening states abilities to curb the rising influx of criminal malware attacks. The foundation for such norms is usually best found in dialogue among stakeholders. UNIDIR’s 2020 Cyber Stability Conference focused on the lessons learned from past Dialogue experiences on cyber norms and attempted a look into the future of Dialogue in cyberspace. A wide range of professionals from governments, international organizations, civil society organizations and industry representatives discussed aspects like the importance of a multi-stakeholder approach to Dialogue, the adoption of lessons from similar dialogue topics such as climate change and how to build on existing dialogue formats in international relations.

The event was being attended both in person and by an online audience.

A good overview of the day is summarized in a video on UNIDIR’s official Youtube channel: