第1页 / 共29页
第2页 / 共29页
第3页 / 共29页
第4页 / 共29页
第5页 / 共29页
第6页 / 共29页
第7页 / 共29页
第8页 / 共29页
《WP29汽车信息安全与信息安全管理系统》.pdf
United Nations
Economic and Social Council
ECE/TRANS/WP.29/2020/79 REVISED
Distr.: General
23 June 2020
Original: English
Economic Commission for Europe
Inland Transport Committee
World Forum for Harmonization of Vehicle Regulations
Proposal for a new UN Regulation on uniform provisions
concerning the approval of vehicles with regards to cyber
security and cyber security management system
Submitted by the Working Party on Automated/autonomous and
Connected Vehicles *
The text reproduced below is consolidated version of the draft UN Regulation on
Cyber Security and Cyber Security Management Systems. This informal version is meant
purely as documentation tool. The authentic text submitted for adoption is contained in the
three documents ECE/TRANS/WP.29/2020/79, ECE/TRANS/WP.29/2020/94
and
ECE/TRANS/WP.29/2020/97.
* In accordance with the programme of work of the Inland Transport Committee for 2020 as outlined in
proposed programme budget for 2020 (A/74/6 (part V sect. 20) para 20.37), the World Forum will
develop, harmonize and update UN Regulations in order to enhance the performance of vehicles. The
present document is submitted in conformity with that mandate.
ECE/TRANS/WP.29/2020/79 Revised
UN Regulation on uniform provisions concerning the
approval of vehicles with regard to cyber security and of
their cybersecurity management systems
Contents
Scope
.........................................................................................................................................
1.
2. Definitions ........................................................................................................................................
3. Application for approval ..................................................................................................................
4. Markings .........................................................................................................................................
5. Approval .........................................................................................................................................
6. Certificate of Compliance for Cyber Security Management System ...............................................
7.
Specifications ...................................................................................................................................
8. Modification and extension of the vehicle type ...............................................................................
9. Conformity of production ................................................................................................................
10.
Penalties for non-conformity of production .....................................................................................
11.
Production definitively discontinued ................................................................................................
12. Names and addresses of Technical Services responsible for conducting approval test, and
of Type Approval Authorities ..........................................................................................................
Annexes
1
Information document ......................................................................................................................
2 Communication .............................................................................................................................
3 Arrangement of approval mark ........................................................................................................
4 Model of Certificate of Compliance for CSMS................................................................................
5 List of threats and corresponding mitigations ..................................................................................
Page
3
3
4
4
5
7
8
11
11
11
11
12
13
15
16
17
18
2
1.
1.1.
1.2.
1.3.
1.4.
2.
2.1.
2.2.
2.3.
2.4.
2.5.
2.6.
2.7.
2.8.
2.9.
2.10.
Scope
ECE/TRANS/WP.29/2020/79 Revised
This Regulation applies to vehicles, with regard to cyber security, of the
Categories M and N.
This Regulation also applies to vehicles of Category O if fitted with at least
one electronic control unit.
This Regulation also applies to vehicles of the Categories L6 and L7 if equipped
with automated driving functionalities from level 3 onwards, as defined in the
reference document with definitions of Automated Driving under WP.29 and
the General Principles for developing a UN Regulation on automated vehicles
(ECE/TRANS/WP.29/1140).
This Regulation is without prejudice to other UN Regulations, regional or
national legislations governing the access by authorized parties to the vehicle,
its data, functions and resources, and conditions of such access. It is also
without prejudice to the application of national and regional legislation on
privacy and the protection of natural persons with regard to the processing of
their personal data.
This Regulation is without prejudice to other UN Regulations, national or
regional legislation governing the development and installation/system
integration of replacement parts and components, physical and digital, with
regards to cybersecurity.
Definitions
For the purpose of this Regulation the following definitions shall apply:
"Vehicle type" means vehicles which do not differ in at least the following
essential respects:
(a)
(b)
The manufacturer’s designation of the vehicle type;
Essential aspects of the electric/electronic architecture and external
interfaces with respect to cyber security.
"Cyber security" means the condition in which road vehicles and their
functions are protected from cyber threats to electrical or electronic
components.
"Cyber Security Management System (CSMS)" means a systematic risk-based
approach defining organisational processes, responsibilities and governance to
treat risk associated with cyber threats to vehicles and protect them from cyber-
attacks.
"System" means a set of components and/or sub-systems that implements a
function or functions.
"Development phase" means the period before a vehicle type is type approved.
"Production phase" refers to the duration of production of a vehicle type.
"Post-production phase" refers to the period in which a vehicle type is no
longer produced until the end-of-life of all vehicles under the vehicle type.
Vehicles incorporating a specific vehicle type will be operational during this
phase but will no longer be produced. The phase ends when there are no longer
any operational vehicles of a specific vehicle type.
"Mitigation" means a measure that is reducing risk.
"Risk" means the potential that a given threat will exploit vulnerabilities of a
vehicle and thereby cause harm to the organization or to an individual.
"Risk Assessment" means the overall process of finding, recognizing and
describing risks (risk identification), to comprehend the nature of risk and to
3
ECE/TRANS/WP.29/2020/79 Revised
determine the level of risk (risk analysis), and of comparing the results of risk
analysis with risk criteria to determine whether the risk and/or its magnitude is
acceptable or tolerable (risk evaluation).
"Risk Management" means coordinated activities to direct and control an
organization with regard to risk.
"Threat" means a potential cause of an unwanted incident, which may result in
harm to a system, organization or individual.
"Vulnerability" means a weakness of an asset or mitigation that can be
exploited by one or more threats.
2.11.
2.12.
2.13.
3.
Application for approval
3.1.
3.2.
3.2.1.
3.2.2.
3.2.3.
3.3.
The application for approval of a vehicle type with regard to cyber security
shall be submitted by the vehicle manufacturer or by their duly accredited
representative.
It shall be accompanied by the undermentioned documents in triplicate, and by
the following particulars:
A description of the vehicle type with regard to the items specified in Annex 1
to this Regulation.
In cases where information is shown to be covered by intellectual property
rights or to constitute specific know-how of the manufacturer or of their
suppliers, the manufacturer or their suppliers shall make available sufficient
information to enable the checks referred to in this Regulation to be made
properly. Such information shall be treated on a confidential basis.
The Certificate of Compliance for CSMS according to paragraph 6 of this
Regulation.
Documentation shall be made available in two parts:
(a)
The formal documentation package for the approval, containing the
material specified in Annex 1 which shall be supplied to the Approval
Authority or its Technical Service at the time of submission of the type
approval application. This documentation package shall be used by the
Approval Authority or its Technical Service as the basic reference for
the approval process. The Approval Authority or its Technical Service
shall ensure that this documentation package remains available for at
least 10 years counted from the time when production of the vehicle
type is definitively discontinued.
(b) Additional material relevant to the requirements of this regulation may
be retained by the manufacturer, but made open for inspection at the
time of type approval. The manufacturer shall ensure that any material
made open for inspection at the time of type approval remains available
for at least a period of 10 years counted from the time when production
of the vehicle type is definitively discontinued.
4.
Marking
4.1.
4.1.1.
4.1.2.
There shall be affixed, conspicuously and in a readily accessible place
specified on the approval form, to every vehicle conforming to a vehicle type
approved under this Regulation an international approval mark consisting of:
A circle surrounding the Letter "E" followed by the distinguishing number of
the country which has granted approval.
The number of this Regulation, followed by the letter "R", a dash and the
approval number to the right of the circle described in paragraph 4.1.1. above.
4
ECE/TRANS/WP.29/2020/79 Revised
4.2.
4.3.
4.4.
4.5.
If the vehicle conforms to a vehicle type approved under one or more other
Regulations annexed to the Agreement in the country which has granted
approval under this Regulation, the symbol prescribed in paragraph 4.1.1.
above need not be repeated; in this case the Regulation and approval numbers
and the additional symbols of all the Regulations under which approval has
been granted in the country which has granted approval under this Regulation
shall be placed in vertical columns to the right of the symbol prescribed in
paragraph 4.1.1. above.
The approval mark shall be clearly legible and shall be indelible.
The approval mark shall be placed on or close to the vehicle data plate affixed
by the Manufacturer.
Annex 3 to this Regulation gives examples of the arrangements of the approval
mark.
5.
Approval
5.1.
5.1.1.
5.1.2.
5.1.3.
Approval Authorities shall grant, as appropriate, type approval with regard to
cyber security, only to such vehicle types that satisfy the requirements of this
Regulation.
The Approval Authority or the Technical Service shall verify by means of
document checks that the vehicle manufacturer has taken the necessary
measures relevant for the vehicle type to:
(a)
Collect and verify the information required under this Regulation
through the supply chain so as to demonstrate that supplier-related risks
are identified and are managed;
(b) Document risks assessment (conducted during development phase or
retrospectively), test results and mitigations applied to the vehicle type,
including design information supporting the risk assessment;
Implement appropriate cyber security measures in the design of the
vehicle type;
(c)
(d) Detect and respond to possible cyber security attacks;
(e)
Log data to support the detection of cyber-attacks and provide data
forensic capability to enable analysis of attempted or successful cyber-
attacks.
The Approval Authority or the Technical Service shall verify by testing of a
vehicle of the vehicle type that the vehicle manufacturer has implemented the
cyber security measures they have documented. Tests shall be performed by
the Approval Authority or the Technical Service itself or in collaboration with
the vehicle manufacturer by sampling. Sampling shall be focused but not
limited to risks that are assessed as high during the risk assessment.
The Approval Authority or Technical Service shall refuse to grant the type
approval with regard to cyber security where the vehicle manufacturer has not
fulfilled one or more of the requirements referred to in paragraph 7.3., notably:
(a)
The vehicle manufacturer did not perform the exhaustive risk
assessment referred to in paragraph 7.3.3.; including where the
manufacturer did not consider all the risks related to threats referred to
in Annex 5, Part A;
The vehicle manufacturer did not protect the vehicle type against risks
identified
risk assessment or
proportionate mitigations were not implemented as required by
paragraph 7.;
the vehicle manufacturer’s
(b)
in
5
ECE/TRANS/WP.29/2020/79 Revised
5.1.4
5.2.
5.3.
5.3.1.
5.3.2.
5.3.3.
(c)
(d)
The vehicle manufacturer did not put in place appropriate and
proportionate measures to secure dedicated environments on the vehicle
type (if provided) for the storage and execution of aftermarket software,
services, applications or data;
The vehicle manufacturer did not perform, prior to the approval,
appropriate and sufficient testing to verify the effectiveness of the
security measures implemented.
The assessing Approval Authority shall also refuse to grant the type approval
with regard to cyber security where the Approval Authority or Technical
Service has not received sufficient information from the vehicle manufacturer
to assess the cyber security of the vehicle type.
Notice of approval or of extension or refusal of approval of a vehicle type
pursuant to this Regulation shall be communicated to the Parties to the 1958
Agreement which apply this Regulation, by means of a form conforming to the
model in Annex 2 to this Regulation.
Approval Authorities shall not grant any type approval without verifying that
the manufacturer has put in place satisfactory arrangements and procedures to
manage properly the cyber security aspects as covered by this Regulation.
The Approval Authority and its Technical Services shall ensure, in addition to
the criteria laid down in Schedule 2 of the 1958 Agreement that they have:
(a)
Competent personnel with appropriate cyber security skills and specific
automotive risk assessments knowledge;1
Implemented procedures for the uniform evaluation according to this
Regulation.
(b)
Each Contracting Party applying this Regulation shall notify and inform by its
Approval Authority other Approval Authorities of the Contracting Parties
applying this UN Regulation about the method and criteria taken as a basis by
the notifying Authority to assess the appropriateness of the measures taken in
accordance with this regulation and in particular with paragraphs 5.1., 7.2. and
7.3.
This information shall be shared (a) only before granting an approval according
to this Regulation for the first time and (b) each time the method or criteria for
assessment is updated.
This information is intended to be shared for the purposes of collection and
analysis of the best practices and in view of ensuring the convergent
application of this Regulation by all Approval Authorities applying this
Regulation.
The information referred to in paragraph 5.3.2 shall be uploaded in English
language to the secure internet database "DETA",2 established by the United
Nations Economic Commission for Europe, in due time and no later than 14
days before an approval is granted for the first time under the methods and
criteria of assessment concerned. The information shall be sufficient to
understand what minimum performance levels the Approval Authority adopted
for each specific requirement referred to in paragraph 5.3.2 as well as the
processes and measures it applies to verify that these minimum performance
levels are met. 3
1 E.g. ISO 26262-2018, ISO/PAS 21448, ISO/SAE 21434
2 https://www.unece.org/trans/main/wp29/datasharing.html
3 Guidance for the detailed information (e.g. method, criteria, performance level) to be uploaded and
the format shall be given in the interpretation document which is under preparation by the Task Force
on Cyber Security and Over-the-Air issues for the seventh session of GRVA.
6
ECE/TRANS/WP.29/2020/79 Revised
5.3.4.
5.3.5.
5.3.6.
5.3.7.
5.4.
6.
6.1.
6.2.
6.3.
6.3.1.
6.3.2.
6.4.
Approval Authorities receiving the information referred to in paragraph 5.3.2
may submit comments to the notifying Approval Authority by uploading them
to DETA within 14 days after the day of notification.
If it is not possible for the granting Approval Authority to take into account the
comments received in accordance with paragraph 5.3.4., the Approval
Authorities having sent comments and the granting Approval Authority shall
seek further clarification in accordance with Schedule 6 to the 1958
Agreement. The relevant subsidiary Working Party4 of the World Forum for
Harmonization of Vehicle Regulations (WP.29) for this Regulation shall agree
on a common interpretation of methods and criteria of assessment.5 That
common interpretation shall be implemented and all Approval Authorities
shall issue type approvals under this Regulation accordingly.
Each Approval Authority granting a type approval pursuant to this Regulation
shall notify other Approval Authorities of the approval granted. The type
approval together with the supplementing documentation shall be uploaded in
English language by the Approval Authority within 14 days after the day of
granting the approval to DETA.6
The Contracting Parties may study the approvals granted based on the
information uploaded according to paragraph 5.3.6. In case of any diverging
views between Contracting Parties this shall be settled in accordance with
Article 10 and Schedule 6 of the 1958 Agreement. The Contracting Parties
shall also inform the relevant subsidiary Working Party of the World Forum
for Harmonization of Vehicle Regulations (WP.29) of the diverging
interpretations within the meaning of Schedule 6 to the 1958 Agreement. The
relevant Working Party shall support the settlement of the diverging views and
may consult with WP.29 on this if needed.
For the purpose of paragraph 7.2. of this Regulation, the manufacturer shall
ensure that the cyber security aspects covered by this Regulation are
implemented.
Certificate of Compliance for Cyber Security
Management System
Contracting Parties shall appoint an Approval Authority to carry out the
assessment of the manufacturer and to issue a Certificate of Compliance for
CSMS.
An application for a Certificate of Compliance for Cyber Security
Management System shall be submitted by the vehicle manufacturer or by their
duly accredited representative.
It shall be accompanied by the undermentioned documents in triplicate, and by
the following particular:
Documents describing the Cyber Security Management System.
A signed declaration using the model as defined in Appendix 1 to Annex 1.
In the context of the assessment, the manufacturer shall declare using the
model as defined in Appendix 1 to Annex 1 and demonstrate to the satisfaction
of the Approval Authority or its Technical Service that they have the necessary
processes to comply with all the requirements for cyber security according to
this Regulation.
4 The Working Party on Automated/Autonomous and Connected Vehicles (GRVA)
5 This interpretation shall be reflected in the interpretation document referred to in the footnote to
6 Further information on the minimum requirements for the documentation package will be developed
paragraph 5.3.3.
by GRVA during its seven session.
7
ECE/TRANS/WP.29/2020/79 Revised
6.5.
6.6.
6.7.
6.8.
6.9.
6.10.
6.11.
When this assessment has been satisfactorily completed and in receipt of a
signed declaration from the manufacturer according to the model as defined in
Appendix 1 to Annex 1, a certificate named Certificate of Compliance for
CSMS as described in Annex 4 to this Regulation (hereinafter the Certificate
of Compliance for CSMS) shall be granted to the manufacturer.
The Approval Authority or its Technical Service shall use the model set out in
Annex 4 to this Regulation for the Certificate of Compliance for CSMS.
The Certificate of Compliance for CSMS shall remain valid for a maximum of
three years from the date of deliverance of the certificate unless it is withdrawn.
The Approval Authority which has granted the Certificate of Compliance for
CSMS may at any time verify that the requirements for it continue to be met.
The Approval Authority shall withdraw the Certificate of Compliance for
CSMS if the requirements laid down in this Regulation are no longer met.
The manufacturer shall inform the Approval Authority or its Technical Service
of any change that will affect the relevance of the Certificate of Compliance
for CSMS. After consultation with the manufacturer, the Approval Authority
or its Technical Service shall decide whether new checks are necessary.
In due time, permitting the Approval Authority to complete its assessment
before the end of the period of validity of the Certificate of Compliance for
CSMS, the manufacturer shall apply for a new or for the extension of the
existing Certificate of Compliance for CSMS. The Approval Authority shall,
subject to a positive assessment, issue a new Certificate of Compliance for
CSMS or extend its validity for a further period of three years. The Approval
Authority shall verify that the CSMS continue to comply with the requirements
of this Regulation. The Approval Authority shall issue a new certificate in
cases where changes have been brought to the attention of the Approval
Authority or its Technical Service and the changes have been positively re-
assessed.
The expiry or withdrawal of the manufacturer’s Certificate of Compliance for
CSMS shall be considered, with regard to the vehicle types to which the CSMS
concerned was relevant, as modification of approval, as referred to in
paragraph 8, which may include the withdrawal of the approval if the
conditions for granting the approval are not met anymore.
7.
Specifications
7.1.
7.1.1.
7.2.
7.2.1.
7.2.2.
7.2.2.1.
General specifications
The requirements of this Regulation shall not restrict provisions or
requirements of other UN Regulations.
Requirements for the Cyber Security Management System
For the assessment the Approval Authority or its Technical Service shall verify
that the vehicle manufacturer has a Cyber Security Management System in
place and shall verify its compliance with this Regulation.
The Cyber Security Management System shall cover the following aspects:
The vehicle manufacturer shall demonstrate to an Approval Authority or
Technical Service that their Cyber Security Management System applies to the
following phases:
(a)
(b)
(c)
Development phase;
Production phase;
Post-production phase.
8
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
