UN OEWG Informal Multistakeholder Consultation

The latest Informal Multistakeholder Consultation of the UN’s Open-ended Working Group on Developments in the field of Information and Telecommunications in the Context of International Security (OEWG) took place online on Thursday 25 February 2021. The Consultation presented a forum where national delegations can inform themselves about the opinions of non-state organisations concerning the ongoing draft process of the OEWG’s final report and just ahead of the final substantive session of the OEWG on 8-12 March 2021.

Attended by almost 200 participants from all over the world, the meeting followed the present structure of the OEWG’s Zero Draft which contains topics such as the applicability of international law to cyberspace, rules and norms for responsible state behavior and international cyber capacity building. During the event, ISS Acting Director Dr. Swantje Westpfahl spoke on the importance of a needs-based, agile cyber capacity building agenda to most effectively approach the capacity building process. The ISS’ detailed commentary on the OEWG’s Zero Draft can also be found on the OEWG’s website.

ISS Automotive Security Summit. Ettlingen, Germany.

The ISS hosted its first online-based conference on 03 November 2020: the ISS Automotive Security Summit. Over 30 professionals from the German automotive sector participated in the event (representing OEMs and suppliers). Opening with a keynote speech of François Guichard, Secretary of UNECE‘s Working Party on Automated/Autonomous and Connected Vehicles, three impulse presentations along with an expert panel addressed theoretical and practical questions on the new UNECE Cybersecurity regulations for connected vehicles:

Julia Füller (VICCON GmbH) and Dr. Ing. Christian Geiss (Clockworx GmbH) addressed Cybersecurity in the Automotive Sector in general, while Mona Gierl of the Institut für Energieeffiziente Mobilität (IEEM) addressed the topic of Cybersecurity challenges in the diagnosis of vehicles. Moderated by ISS Director Guido Gluschke, the panel focused on questions on the role of security in the digitalization of the automotive sector. The panelists Francois Guichard (UNECE), Prof. Dr. -Ing. Reiner Kriesten (Karlsruhe University for Applied Sciences‘ IEEM), Dr. Wolfgang Fischer (e-mobil BW) and Christoph Gelzer (Wirtschaftsförderung Region Stuttgart GmbH), presented their views on how the automotive industry might change in the light of digitalization.

The event was a great opportunity for the ISS to demonstrate its capacity to foster know-how transfer and to monitor the development and implementation of international Cybersecurity regulations for the German automotive sector. With this, the ISS also aims to serve as a dialogue enabler between the international regulation bodies and industry members in matters of Cybersecurity for Automotive. We would like to thank all participants for making the event that interesting and fruitful.

4th NMIOTC Annual Cyber Security Conference in the Maritime Domain, Crete, Greece.

ISS Director Guido Gluschke, Acing Director Swantje Westpfahl and ISS Security Scientist Dmytro Cherkashyn participated in the 4th NMIOTC Annual Cyber Security Conference in the Maritime Domain from 30 September – 01 October 2020, hosted by NATO. The focus of this year’s conference was on new and emerging Cyber Security threats which threaten both civil and military operations in the maritime domain. The ISS members gave a presentation named ‘Developing an Exercise Platform for Educational Activities on Maritime IT/Cyber Security’ in which they highlighted the vulnerabilities of maritime vessels to code-borne attacks and how to mitigate the resulting threats by establishing an educational Cyber Security platform. For this, the ISS also presented its own upcoming ISS Capacity Building Center (ICBC) which aims to provide organizations and individuals with professional Cyber Security educational services, such as online courses, trainings and customized didactic concepts (CDCs). One of the specific instruments for Cyber Security exercises is an ISS Demonstrator also presented at the conference. The conference was attended by more than 100 experts and NATO personnel both on location and online.

UNIDIR Cyber Stability Conference 2020, Geneva Switzerland.

ISS member Tim Dalhöfer attended the 2020 Cyber Stability Conference by UNIDIR on 28 September 2020. The formation of universal Cyber Norms remains one of the great challenges faced by governments, international organizations and a vast variety of private actors in today’s digital landscape. Establishing rule-based behavior in cyberspace is seen as one the main prerequisites for reducing the number of state-sponsored cyberattacks and strengthening states abilities to curb the rising influx of criminal malware attacks. The foundation for such norms is usually best found in dialogue among stakeholders. UNIDIR’s 2020 Cyber Stability Conference focused on the lessons learned from past Dialogue experiences on cyber norms and attempted a look into the future of Dialogue in cyberspace. A wide range of professionals from governments, international organizations, civil society organizations and industry representatives discussed aspects like the importance of a multi-stakeholder approach to Dialogue, the adoption of lessons from similar dialogue topics such as climate change and how to build on existing dialogue formats in international relations.

The event was being attended both in person and by an online audience.

A good overview of the day is summarized in a video on UNIDIR’s official Youtube channel:

Automotive Security Summit, 3. November 2020. Stuttgart, Germany

in German–

Das “Institute for Security and Safety” teilt seine Expertise und lädt Sie ein beim Expertenkreis Automotive Security Management System teilzunehmen.

Die Transformation der Automobilbranche schreitet zügig voran. Die wesentlichen 4 Trends in Mobility sind: Electrified, Connected, Automated, Shared. Auf diese Herausforderungen muss die Branche Antworten finden.

Diese Antworten sind nur mit Hilfe der Digitalisierung zu erreichen. Digitalisierung setzt aber in jedem Fall ein ausreichendes Maß an Cybersecurity voraus, denn durch stärkere Vernetzung, zusätzliche Schnittstellen und Funktionali-täten wird die Attraktivität eines Angriffes auf Fahrzeuge und die angebundene Infrastruktur durch Hacker drastisch erhöht.

Im Automobilsektor werden aktuell neue Ansätze und Ideen diskutiert, wie Cybersecurity in die Unternehmens- und Produktsicherheit integriert werden kann und somit ein unternehmensübergreifendes Sicherheitsmanagement erreicht wird. Die Notwendigkeit ergibt sich aus dem notwendigen Zusammenwirken von unterschiedlichen Unternehmenseinheiten sowie der Verschmelzung der digitalen Systeme mit der Business-IT.

Somit wird ein Sicherheitsmanagementansatz gesucht, der die Bereiche Business, Production and Product miteinander verbindet. Gleichzeitig existieren zahlreiche Anforderungen an Unternehmen, die sich zum Beispiel aus Zertifizierungen entsprechend ISO 27001 und TISAX ergeben sowie UN ECE. Darüber droht dem Automobilsektor mit den KRITIS-Anforderungen des IT-Sicherheitsgesetzes in Kontakt zu kommen.

Mehr erfahren und anmelden: events.uniss.org

Roundtable on Intelligent Transport Systems and Cyber Security, Geneva, Switzerland

Several representatives of the ISS participated at this year’s ‘Roundtable for Intelligent Transport Systems and Cyber Security’ on 08 September, co-hosted by the UNECE’s Intelligent Transport Division and the Office of the Co-ordinator of OSCE Economic and Environmental Activities (OCEEA). The event attracted over 100 representatives from stakeholders in the fields of Transportation, Cyber Security, Politics, Information and Communication Technology to come together in Geneva to discuss new and emerging Cyber Security threats to intelligent transport systems such as autonomous vehicles.

The event showcased the importance of recognizing and addressing the security issues associated with autonomous and automated vehicles, a topic that has been prominently addressed by the two UNECE regulations on Cyber Security and Software Updates for connected vehicles adopted in June 2020. As participants in the draft process for these regulations, the ISS constitutes an expert on the topic determined to share its expertise with other important stakeholders to strengthen the Cyber Security of the future of transportation.

More information on and assessments of the event can be found at the UNECE website.

Adoption of two new regulations for Cybersecurity and Software Updates by UNECE’s World Forum for Harmonization of Vehicle Regulations, Geneva/Switzerland

Two new regulations on Cybersecurity for connected vehicles were adopted by the UNECE’s World Forum for Harmonization of Vehicle Regulations on 24 June 2020. Entering into force in January 2021, the new regulations address important security aspects of connected vehicles such as “Over-The-Air” (OTA) updates, managing of cyber risks for vehicles and mitigating cyber risks along the value chain.

The ISS has been involved in the process of forming these regulations through its participation in the UNECE GRVA Working Party on Automated/Autonomous and Connected Vehicles.

International Conference on Nuclear Security 2020, Vienna, Austria

From 10-14 February Dmytro Cherkashyn and Tim Dalhöfer attended the IAEA’s Nuclear Security Conference 2020 where experts and government representatives for nuclear security met under the slogan “Sustaining and Strengthening Efforts”. Central topics to both technical sessions and high-level plenaries were new and emerging technologies and their impact on the nuclear security field, as well as national experiences with the implementation of nuclear security regulations. This year, great importance was lend to computer security, which came up in the discussions of many technical sessions.