Report of Japanese Test Phase <Cyber Security>

Slides:



Advertisements
Similar presentations
Software Quality Assurance Plan
Advertisements

Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Computer Security: Principles and Practice
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
FPSC Safety, LLC ISO AUDIT.
ASPEC Internal Auditor Training Version
Quality Representative Training Version
Introduction to Software Quality Assurance (SQA)
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Visit us at E mail: Tele:
Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
NAPHSIS REAL ID Overview June 6, 2007 In support of this key requirement,
BSBPMG406A Apply Communications Management Techniques Apply Communications Management Techniques Unit Guide C ertificate IV in Project Management
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.1 Steps in the Licensing Process Geoff Vaughan University.
Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,
Release Management Configuration management. Release Management Goal Coordinate the processes through the project development life cycle Ensure the.
Workshop Overview What is a report? Sections of a report Report-Writing Tips.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI D4.4 and the EGI review Dr Linda Cornwall 19 th Sept 2011 D4.41.
TF#4 – Mechanical Integrity Approved Japanese proposal for addition of vehicle mechanical protection structure into mechanical integrity requirement. EVS-11-17e.
Status report on the activities of TF-CS/OTA
Medical Device Software Development
BSB Biomanufacturing CHAPTER 4 GMP – Documentation Part I (SOP)
Suggestion for Summarizing Process of the Principles
Final Draft International Standard IS0/FDIS 9001
Outcome TFCS-05 // May OICA, Paris
OICA input on software updates to UN TF CS/OTA
Prepared by Rand E Winters, Jr. ASR Senior Auditor October 2014
TechStambha PMP Certification Training
Concept of ACSF TAN (Type Approval Number)
ISO 9001:2015 Auditor / Registration Decision Lessons Learned
Outcome TFCS-11// February Washington DC
Status report on the activities of TF-CS/OTA
Training Appendix for Adult Protective Services and Employment Supports June 2018.
Outcome TFCS-11// February Washington DC
Final Report of TF-CS/OTA September The Amba Hotel, London
Outcome of TFCS-12 - summary slides - (detailed meeting minutes will be provided separately) April The Shilla Seoul, ROK.
IS4550 Security Policies and Implementation
Japan’s proposal for security regulation
Status report on the activities of TF-CS/OTA
Informal document GRVA nd GRVA, 28 Jan Feb. 2019
Pilot phase - Learnings
Conformity of Production (COP)
Status report from UNECE Task Force on Cyber Security &
Larry Bugh ECAR Standard Drafting Team Chair June 1, 2005
New Assessment & Test Methods
Lifecycle of vehicle type vs Lifetime of one vehicle
Informal document GRVA st GRVA, September 2018
Replies by the Task Force to the comments provided by GRVA members
Input for Interpretation Document on Software Update
Task Force – Cyber Security, Data Protection and Over-the-Air issues
Status report of TF-CS/OTA
Discussion points for Interpretation Document on Cybersecurity
Why a „test phase“? Overview
PSS verification and validation
Software Update - Type approval related issues -
Overview of the recommendations on software updates
Issues identified in connection with the work of TF-CS/OTA
DRAFT ISO 10007:2017 Revision Overview Quality management – Guidelines for configuration management ISO/TC176 TG 01.
Computer System Validation
Report of Japanese Test Phase <Software Update>
A proposal for approach to proceed work in Cybersecurity TF
Radiopharmaceutical Production
Summary on initial findings
Japan CS/OTA 15th session, Geneva 27-28, August 2019
Access to data requirementS
Draft UN Regulation on Cyber Security
FIA position on Lifecycle of a vehicle type* vs. Lifetime of a vehicle
Presentation transcript:

Report of Japanese Test Phase <Cyber Security> Test Phase Coordination Meeting 2 17-18, July, 2019 Leiden, Netherlands

Outline 4 Manufacturers, 1 TS, 1 AA and the Government are actively involved in the Japanese Test Phase. Evidencing documents which have been developed with a format in the same manner with existing regulations were reviewed. Summary of results in the first round of the test phase will be shared in the later pages.

Cyber Security Evidences which are described in the current draft of “Interpretation Document” are sufficient in general in comparison with the results of Japanese test phase.

Cyber Security (Continued) “Interpretation Document” “ID” will not define the criteria on quality of evidencing. “ID” will not define assets to be protected. Such assets shall be defined by OEM in their process for e.g. threats analysis. “ID” will not define boundary conditions on OEM’s process for risk assessment.

Cyber Security (Continued) Interpretation of “Interpretation Document” 7.2.2.1 (Post production phase) “-Additionally, the different phases ~” This interpretation means that CSMS could cover the lifetime considering reducing the risk of attacks through connection channels with disconnecting such channels? In addition, “lifecycle” and “lifetime” should be used carefully in the interpretation document. (“Lifecycle” => design, production, use, disposal…)

Cyber Security (Continued) Interpretation of “Interpretation Document” 7.2.2.2 (f) (The processes used for ensuring that the risk assessment is kept current.) “-Sources: Auto ISAC” It should be clarified here that “Auto ISAC” is just one of examples.

Cyber Security (Continued) Interpretation of “Interpretation Document” 7.2.2.2 (i) (The processes used to appropriately react to new and evolving cyber threats and vulnerabilities.) “-For vehicles not yet registered ” Does this mean the vehicles which are stored in e.g. motor pool? No difference between such vehicles and registered vehicles on cyber threats is seen. This should be deleted. If this context implies the concern for vehicles owned by nobody, this issue could be covered by the requirement of 7.2.2.1. (post-production phase). This is also related to the software update management system. Relevant part: (SU regulation 7.1.2.4.) Documentation listing target vehicles for the update and verification of the compatibility of the registered configuration or last known configuration of those vehicles with the up date.

Cyber Security (Continued) Interpretation of “Interpretation Document” 7.3.6 (The vehicle manufacturer shall describe what testing has been performed to verify the effectiveness of the security measures implemented and the outcome of those tests.) “-Methodology used and why” Japan understands that the purpose of such tests to confirm whether the security measures which CSMS had planned were implemented.

Cyber Security (Continued) “Demonstration” The demonstration specified in paragraph 7.2, which will be conducted for the certification of OEM’s processes shall include audits on the sites, such as vehicle design department. Such auditing includes e.g. interviews. The demonstration for type approval specified in paragraph 7.3 shall be done from the viewpoint of investigation whether vehicle was actually designed in accordance with content of application form. This demonstration includes investigation of actual vehicle.

Cyber Security (Continued) Referring ISO ISO xxxxx which are written in the current draft of “Interpretation Document” are examples as reference. Evidences to ISO requirements are not identical to evidences to TS and AA. “ISO21434” should be listed in e.g. reference part, should not be written at each requirement in chapter 7.

Summary of Test Results TSs can accumulate sufficient evidences for each requirement in the standardized manner by the identified evidences in the current interpretation document. (More detailed evidences could be accumulated if necessary) TSs need to confirm processes implemented in the Management System by submitted documents evidencing each regal requirement. Detailed documents which may not be submitted to TS need to be stored in the Management System so that they are able to be traceable whenever TS demanded them.(Requirements 7.3.2(a)and(b) for SC / 7.1.1.1 for SU could cover it.)

Proposal for amendments of draft regulations 7.2.2.2. (e) The processes used for testing verifying the security of the system throughout its development and production phases;

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.