ISS Automotive Expert Dialogue
As a continuation of the Automotive Security Summit in November 2020, a follow-up expert dialogue on the newly enforced UNECE cybersecurity regulations R.155 and R.156 was organized and hosted by the ISS on the 25th of March. Representatives from over a dozen German car manufacturers and suppliers participated in the event, as well as representatives from UNECE, ENX Association, the German Association of the Automotive Industry (VDA) and the German Federal Office for Information Security (BSI).
While 2020’s Automotive Security Summit provided participants with a general overview on the upcoming regulations and potential challenges, the expert roundtable aimed to identify the challenges and needs of all stakeholders in the context of the regulations more concretely. Among the discussed topics were questions about a possible differentiation in cybersecurity requirements, forms of best practices exchange for the implementation of the regulations, difficulties for suppliers in managing different cybersecurity requirements from different manufacturers and questions concerning the future challenges of vehicle lifecycle and liability issues.
The ISS will continue this dialogue format on the new UNECE cybersecurity regulations with relevant stakeholders in the future, as the need for an information exchange format on this topic was clearly visible.
ITU & UNECE Future Networked Car Symposium 2021
Organized by UNECE and ITU, the Future Networked Car Symposium 2021 took place from 22 to 25 March. Under the slogan ‘Moving towards automated driving’ the event focused on regulatory, security, communication and technical aspects of automated driving throughout four days. The second session: Vehicle cybersecurity framework is ready: It’s time for deployment, featured a key note speech by ISS Director Guido Gluschke, and ISS Acting Director Swantje Westpfahl as a panelist. In his key note, Mr Gluschke addressed the challenges that the new UNECE regulations on cybersecurity pose for the automotive industry in a bigger picture: He referred to the security requirements for both production and business networks, questions of cybersecurity in both development and post-production, and the integration of secure automated and connected driving into smart infrastructures.
The subsequent panel featured representatives of major car manufacturers as well as regulators and telecommunication providers to explore themes like general implementation challenges for the regulations, challenges with regulations on over-the-air updates for vehicles specifically, implications for user experience and the question on whether readiness for implementing the new regulations exists for all involved stakeholders.
The ISS’ participation in this discussion is in line with its current efforts to generate understanding and confidence of the automotive industry for the new UNECE regulations, through facilitating dialogue between the relevant stakeholders, such as manufacturers, suppliers and regulators.
UN OEWG Consensus Report adopted
On Friday 12 March 2021, the United Nation’s Open-ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security (OEWG) adopted its report by consensus. The adoption follows over one and a half years of work over three substantive sessions and several multistakeholder events, building upon previous reports of the UN’s Governmental Group of Experts (UN GGE) on ICT security. Touching on six topics such as international law in cyberspace, rules and norms for responsible state behavior in cyberspace and cyber capacity building, the report marks the first instance of a forum open for all UN member states, in which security-related ICT issues were discussed. Through its adoption of a multistakeholder approach it also managed to facilitate strong engagement from private-sector actors determined to actively participate in the discourse on ICT in international security.
The ISS, represented by Acting Director Dr. Swantje Westpfahl, participated in the group’s work in several multistakeholder events throughout the process, as well as with a written submission on its Zero Draft, focusing on capacity building aspects of the report. The report as well as the Chair’s Summary and all related documents can be found here.
UN OEWG Informal Multistakeholder Consultation
The latest Informal Multistakeholder Consultation of the UN’s Open-ended Working Group on Developments in the field of Information and Telecommunications in the Context of International Security (OEWG) took place online on Thursday 25 February 2021. The Consultation presented a forum where national delegations can inform themselves about the opinions of non-state organisations concerning the ongoing draft process of the OEWG’s final report and just ahead of the final substantive session of the OEWG on 8-12 March 2021.
Attended by almost 200 participants from all over the world, the meeting followed the present structure of the OEWG’s Zero Draft which contains topics such as the applicability of international law to cyberspace, rules and norms for responsible state behavior and international cyber capacity building. During the event, ISS Acting Director Dr. Swantje Westpfahl spoke on the importance of a needs-based, agile cyber capacity building agenda to most effectively approach the capacity building process. The ISS’ detailed commentary on the OEWG’s Zero Draft can also be found on the OEWG’s website.
ISS Automotive Security Summit. Ettlingen, Germany.
The ISS hosted its first online-based conference on 03 November 2020: the ISS Automotive Security Summit. Over 30 professionals from the German automotive sector participated in the event (representing OEMs and suppliers). Opening with a keynote speech of François Guichard, Secretary of UNECE‘s Working Party on Automated/Autonomous and Connected Vehicles, three impulse presentations along with an expert panel addressed theoretical and practical questions on the new UNECE Cybersecurity regulations for connected vehicles:
Julia Füller (VICCON GmbH) and Dr. Ing. Christian Geiss (Clockworx GmbH) addressed Cybersecurity in the Automotive Sector in general, while Mona Gierl of the Institut für Energieeffiziente Mobilität (IEEM) addressed the topic of Cybersecurity challenges in the diagnosis of vehicles. Moderated by ISS Director Guido Gluschke, the panel focused on questions on the role of security in the digitalization of the automotive sector. The panelists Francois Guichard (UNECE), Prof. Dr. -Ing. Reiner Kriesten (Karlsruhe University for Applied Sciences‘ IEEM), Dr. Wolfgang Fischer (e-mobil BW) and Christoph Gelzer (Wirtschaftsförderung Region Stuttgart GmbH), presented their views on how the automotive industry might change in the light of digitalization.
The event was a great opportunity for the ISS to demonstrate its capacity to foster know-how transfer and to monitor the development and implementation of international Cybersecurity regulations for the German automotive sector. With this, the ISS also aims to serve as a dialogue enabler between the international regulation bodies and industry members in matters of Cybersecurity for Automotive. We would like to thank all participants for making the event that interesting and fruitful.
4th NMIOTC Annual Cyber Security Conference in the Maritime Domain, Crete, Greece.
ISS Director Guido Gluschke, Acing Director Swantje Westpfahl and ISS Security Scientist Dmytro Cherkashyn participated in the 4th NMIOTC Annual Cyber Security Conference in the Maritime Domain from 30 September – 01 October 2020, hosted by NATO. The focus of this year’s conference was on new and emerging Cyber Security threats which threaten both civil and military operations in the maritime domain. The ISS members gave a presentation named ‘Developing an Exercise Platform for Educational Activities on Maritime IT/Cyber Security’ in which they highlighted the vulnerabilities of maritime vessels to code-borne attacks and how to mitigate the resulting threats by establishing an educational Cyber Security platform. For this, the ISS also presented its own upcoming ISS Capacity Building Center (ICBC) which aims to provide organizations and individuals with professional Cyber Security educational services, such as online courses, trainings and customized didactic concepts (CDCs). One of the specific instruments for Cyber Security exercises is an ISS Demonstrator also presented at the conference. The conference was attended by more than 100 experts and NATO personnel both on location and online.
UNIDIR Cyber Stability Conference 2020, Geneva Switzerland.
ISS member Tim Dalhöfer attended the 2020 Cyber Stability Conference by UNIDIR on 28 September 2020. The formation of universal Cyber Norms remains one of the great challenges faced by governments, international organizations and a vast variety of private actors in today’s digital landscape. Establishing rule-based behavior in cyberspace is seen as one the main prerequisites for reducing the number of state-sponsored cyberattacks and strengthening states abilities to curb the rising influx of criminal malware attacks. The foundation for such norms is usually best found in dialogue among stakeholders. UNIDIR’s 2020 Cyber Stability Conference focused on the lessons learned from past Dialogue experiences on cyber norms and attempted a look into the future of Dialogue in cyberspace. A wide range of professionals from governments, international organizations, civil society organizations and industry representatives discussed aspects like the importance of a multi-stakeholder approach to Dialogue, the adoption of lessons from similar dialogue topics such as climate change and how to build on existing dialogue formats in international relations.
The event was being attended both in person and by an online audience.
A good overview of the day is summarized in a video on UNIDIR’s official Youtube channel:
Automotive Security Summit, 3. November 2020. Stuttgart, Germany
Das “Institute for Security and Safety” teilt seine Expertise und lädt Sie ein beim Expertenkreis Automotive Security Management System teilzunehmen.
Die Transformation der Automobilbranche schreitet zügig voran. Die wesentlichen 4 Trends in Mobility sind: Electrified, Connected, Automated, Shared. Auf diese Herausforderungen muss die Branche Antworten finden.
Diese Antworten sind nur mit Hilfe der Digitalisierung zu erreichen. Digitalisierung setzt aber in jedem Fall ein ausreichendes Maß an Cybersecurity voraus, denn durch stärkere Vernetzung, zusätzliche Schnittstellen und Funktionali-täten wird die Attraktivität eines Angriffes auf Fahrzeuge und die angebundene Infrastruktur durch Hacker drastisch erhöht.
Im Automobilsektor werden aktuell neue Ansätze und Ideen diskutiert, wie Cybersecurity in die Unternehmens- und Produktsicherheit integriert werden kann und somit ein unternehmensübergreifendes Sicherheitsmanagement erreicht wird. Die Notwendigkeit ergibt sich aus dem notwendigen Zusammenwirken von unterschiedlichen Unternehmenseinheiten sowie der Verschmelzung der digitalen Systeme mit der Business-IT.
Somit wird ein Sicherheitsmanagementansatz gesucht, der die Bereiche Business, Production and Product miteinander verbindet. Gleichzeitig existieren zahlreiche Anforderungen an Unternehmen, die sich zum Beispiel aus Zertifizierungen entsprechend ISO 27001 und TISAX ergeben sowie UN ECE. Darüber droht dem Automobilsektor mit den KRITIS-Anforderungen des IT-Sicherheitsgesetzes in Kontakt zu kommen.
Mehr erfahren und anmelden: events.uniss.org