United Nations



Download 1,05 Mb.
bet2/33
Sana03.03.2022
Hajmi1,05 Mb.
#480069
1   2   3   4   5   6   7   8   9   ...   33
Bog'liq
Document

Approach

  • The approach adopted for defining the principles/objectives was to use risk management principles. The assessment identified key risks and threats to the vehicle ecosystem, and then identified the key mitigations that are required to reduce or minimise those risks. It is by intent the outcome does not prescribe specific technical solutions (although they may be cited as examples), as these will likely become dated very quickly, and would also stifle innovation and competition. The key mitigations were then presented as principles/objectives.

  • A threat analysis was undertaken. A list of threats was identified from multiple sources (refer to Annex 4). The resulting list is not to be considered exhaustive but is highly illustrative of possible cyber threats posed to the vehicle ecosystem. It considers how these threats may be manifested and specific examples of how they might affect a vehicle.

  • The threats were clustered based on sharing similar characteristics, and for the clusters a list of mitigations were identified. These provide one or more ways that the threat examples identified could be mitigated. A number of reference documents were used to identify these mitigations (refer to Annex 4). The mitigations were defined as principles/objectives that need to be achieved; in some cases specific solutions are provided as examples of how the principles/objectives might be achieved but there is no intention these should be incorporated into regulation.




    1. Definitions (and abbreviations)




    Data privacy




    CAV

    Connected and Autonomous Vehicle [no longer required if we adopt the term ‘vehicle’ throughout]

    Cyber Security

    The use of technologies, processes and practices designed to protect networks, devices, services and programs – and the information and data on them – from theft, damage, attack or unauthorized access

    The automotive industry

    Manufacturers, suppliers, maintenance providers and providers of systems and services that interact with the vehicles (e.g. back end systems and 3rd party systems

    Data protection

    Implementation of appropriate administrative, technical or physical means to guard against unauthorized intentional or accidental disclosure, modification, or destruction of data (ISO/IEC 2382:2015)

    Over-The-Air updates

    TBD should be taken from the OTA sister paper if mature enough

    Lifetime

    The average duration of a vehicle in operation is 10 years after first registration. This period is defined as lifetime of the vehicle.
    If, at the end of lifetime, the vehicle manufacturer ceases to update the vehicle software and hardware, all relevant documentation for the production of software and hardware must be handed over to interested third parties. This is required to enable retrofit solutions after the lifetime.



    1st party

    The vehicle manufacturer

    2nd party

    Suppliers contracted by the vehicle manufacturer to provide products or services which will form part of the vehicle ecosystem

    3rd party

    Providers not associated with the vehicle manufacturer who provide products or services that may be provisioned by others (e.g. the vehicle owner)

    Threat




    Vulnerability







    1. Download 1,05 Mb.

      Do'stlaringiz bilan baham:
  • 1   2   3   4   5   6   7   8   9   ...   33




    Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
    ma'muriyatiga murojaat qiling

    kiriting | ro'yxatdan o'tish
        Bosh sahifa
    юртда тантана
    Боғда битган
    Бугун юртда
    Эшитганлар жилманглар
    Эшитмадим деманглар
    битган бодомлар
    Yangiariq tumani
    qitish marakazi
    Raqamli texnologiyalar
    ilishida muhokamadan
    tasdiqqa tavsiya
    tavsiya etilgan
    iqtisodiyot kafedrasi
    steiermarkischen landesregierung
    asarlaringizni yuboring
    o'zingizning asarlaringizni
    Iltimos faqat
    faqat o'zingizning
    steierm rkischen
    landesregierung fachabteilung
    rkischen landesregierung
    hamshira loyihasi
    loyihasi mavsum
    faolyatining oqibatlari
    asosiy adabiyotlar
    fakulteti ahborot
    ahborot havfsizligi
    havfsizligi kafedrasi
    fanidan bo’yicha
    fakulteti iqtisodiyot
    boshqaruv fakulteti
    chiqarishda boshqaruv
    ishlab chiqarishda
    iqtisodiyot fakultet
    multiservis tarmoqlari
    fanidan asosiy
    Uzbek fanidan
    mavzulari potok
    asosidagi multiservis
    'aliyyil a'ziym
    billahil 'aliyyil
    illaa billahil
    quvvata illaa
    falah' deganida
    Kompyuter savodxonligi
    bo’yicha mustaqil
    'alal falah'
    Hayya 'alal
    'alas soloh
    Hayya 'alas
    mavsum boyicha


    yuklab olish