(China) Proposal for Vehicle Cyber Security
Proposal for Vehicle
Cyber Security
1
Informal document GRVA-13-31 13th GRVA, 23 - 27 May 2022 Provisional agenda item 5(a)
Submitted by the expert from China
UNECE R155 regulation 5.3.1 requires certification authorities and technical service units to follow a uniform
assessment procedure when conducting certification and testing, but does not specify the rules in the
regulation. Harmonization among the parties of the 1958 Agreement countries is achieved by uploading
specific implementation methods and guidelines in the "DETA" database.
However, this does not apply to the case of China, and other non-1958 Agreement countries will face the
same problem when developing their own standards with reference to UNECE R155.
Some issues raised at the 12th GRVA Meeting
The process of solving problems after the GRVA's 12th meeting
After GRVA's 12th meetings, as recommended by the chairman, we went to the DETA working group to seek a
solution, but no conclusion was reached.
After understanding the progress of DETA working group, we found it difficult to support our actual demands
after analysis.
1. Background introduction——Progress after GRVA's 12th meeting
"DETA" database has its specific role, we believe that it is not appropriate to open the evaluation method of
cybersecurtiy to China, China's main demand is to ensure that the implementation of cybersecurtiy,
evaluation in accordance with the international unified evaluation procedures,not participating in or changing
the scope of DETA.
So it is not recommended to solve this problem by opening up the DETA database.
2. Background introduction——Progress after GRVA's 12th meeting
Conclusion
3. Brief introduction of China's vehicle cybersecurity assessment methods
Brief introduction
At present, China is formulating the mandatory national standard "Technical Requirements for Vehicle
cybersecurity". During the development process, vehicle manufacturers are recruited to carry out vehicle network
security assessment, test and verification work, and the verification models cover M and N categories.
Evaluation of CSMS
Evaluation of vehicle
Vehicle r&d process review
Vehicle product test and verification (79 items)
Implementation plan
• China has formed a vehicle security audit evaluation and evaluation program, which has been generally
recognized by enterprises participating in the verification activities, but there are differences in the
implementation of different testing institutions, the follow-up needs to continue to improve and unify.
Conclusion
The program includes Evaluation of CSMS and VTA:
Evaluation of CSMS scheme mainly refers to ISO 21434 and ISO 5112 ; then, based on the review of the r&d
process, validation tests are carried out from technical requirements listed in the standard.
4. Concerns about the consistency of vehicle cybersecurity assessment methods
CSMS audit
Evaluation of vehicle product development
process
Vehicle product security testing and validation
Test evaluation implementation rules
• China has carried out vehicle cyber security assessments
based on the method described above, and has
formulated the corresponding implementation rules of
tests and assessments. However, this scheme has not
been compared with the current internal
implementation plans of contracting countries of 1958
Agreement.
• Therefore, products developed by OEM under the
programs implemented by the contract countries of
1958 Agreement may differ from the requirements of
China.
5. Suggestions on coordination of the implementation of R 155
Plan 1: China, and other countries that are not part of the contracting
countries of 1958 Agreement, should formulate their own plans and not
participate in coordination of the implementation.
Problems: The independently formulated scheme may differ from the
scheme adopted by 1958 Agreement, OEM need to formulate multiple
sets of schemes to meet the requirements of standards and regulations
in different regions.
6. Suggestions on coordination of the implementation of R 155
Plan 2 (Recommended): Set up a small working group under CS/OTA working group to be
responsible for coordination of methods. The working group does not
involve specific data sharing, but only carries out exchange of methods
and typical cases .
Thank you for your attention!
- Proposal for Vehicle �Cyber Security
- Slide Number 2
- Slide Number 3
- Slide Number 4
- Slide Number 5
- Slide Number 6
- Slide Number 7