An ITU workshop has highlighted that greater alignment in standards bodies’ thinking and work programmes would assist in improving the effectiveness of what remain disjointed standards efforts to ensure the security of connected, automated vehicles.
The ITU Workshop on Security Aspects of Intelligent Transport Systems in Geneva, 28 August 2017, discussed the security requirements of all actors in the value chain underlying intelligent transport systems (ITS), encouraging an ecosystem view of the ITS security challenge.
The event analyzed a variety of high-profile ITS security breaches, using these case studies to demonstrate a ream of security vulnerabilities in the ITS environment. From drone GPS jamming and LiDAR misdirection to remote attacks on Tesla and Jeep vehicles, this analysis showed a vehicle industry struggling to grapple with the new security challenges introduced by the meeting of automotive and information and communication technologies (ICTs).
All presentations given at the workshop can be found on the workshop programme.
Held in conjunction with a meeting of ITU’s standardization expert group for security, ITU-T Study Group 17, the workshop aimed to offer guidance to ITU-T Study Group 17 as it increases its ITS security workload. A parallel objective was to determine where ITU-T Study Group 17 could contribute to further standards collaboration in support of ITS security.
“ITS security has emerged as a high-priority field of ITU standardization,” said Heung Youl Youm, Chairman of ITU-T Study Group 17. “A new ITU standard for secure over-the-air software updates for connected cars was approved in March 2017 [ITU-T X.1373], and this work continues with the development of a new ITU standard to provide security guidelines for ‘V2X’ communications such as vehicle-to-vehicle, vehicle-to-infrastructure and vehicle-to-nomadic device communications.”
The ongoing meeting of ITU-T Study Group 17 will consider proposals to establish three new work items targeting the development of ITU standards for secure vehicular edge computing, in-vehicle system intrusion detection, and the security of vehicle-accessible external devices.
ITU-T Study Group 17 meets from 29 August to 6 September 2017. Learn more…
A project working towards a ‘common architecture framework for ITS’, presented by Antonio Kung of Trialog, received considerable attention from the workshop’s participants and set the stage for the workshop’s deep dive into ITS security standardization.
The project aims to identify commonalities in the security requirements of the automotive, aviation and railway sectors, an exercise Kung believes could assist security stakeholders in overcoming the communication and coordination challenges that have resulted from the development sector-specific architectures or architectures specific to fields of technology.
“I’m not even sure I should use the term ‘architecture’ because many people understand different things by that,” said Kung. “Architecture is an overloaded term, but basically it is how do we understand each other first, and then have other standards.”
Helping different actors in the ecosystem to understand one another is one of the objectives of the Collaboration on ITS Communication Standards (CITS), which works to identify where different standards bodies are best placed to contribute to the achievement of common goals in ITS standardization.
One of the workshop’s key priorities was to consider where standards collaboration could be improved among SAE, ISO and ITU’s standardization arm (ITU-T), as well as where ITU could enhance its productive collaboration with UNECE WP.29, the body responsible for global vehicle regulations.
Koji Nakao, the representative of ITU-T Study Group 17 to CITS, expressed the view that, for ITU-T Study Group 17, “collaboration with other standards bodies such as ISO/TC 204 and UNECE WP.29 might be significantly important for us to move forward.”
ISO/TC 204, for example, is working on ITS security issues including secure vehicle interfaces but is also struggling to contend with the disconnected nature of ongoing ITS security standards efforts.
The UN Task Force on Cybersecurity and Over-the-Air Issues, which reports to UNECE WP.29, has assessed ITS security threats and started to develop 18 mitigations, an effort Nakao sees as a valuable reference point for the work of ITU-T Study Group 17.
ITU’s collaboration with UNECE WP.29 has flourished in other areas, most notably in the area of vehicle emergency calls. The new global regulation on vehicle emergency calls, ‘Automatic Emergency Call Systems’, will reference an ITU-T voice-quality performance standard (ITU-T P.1140).
CITS Chairman T. Russell Shields closed the workshop by reiterating the importance of ITU-UNECE collaboration, a point of view substantiated by a few words of caution on the conflict that can arise between market competition and technical standardization.
Shields warned that ITS is a battleground for competing companies favouring competing technologies and ideas, and that these companies’ interest in impacting standardization processes is often part of an effort to gain competitive advantage.
This risk of narrow commercial agendas impacting the impartiality of standardization, says Shields, explains the importance of the collaboration between ITU and UNECE WP.29: “one of the really critical roles that ITU really can play – and that’s why now there is a very good relationship with WP.29 – is to have the expertise here to help the UN get through the fog of all of these different ideas.”
“We need to have the approach that really looks at what’s really needed and how to do it right, and not get caught up with all these other things that are going on,” said Shields. “We certainly want to, from the ITU side, invite participation … but we have to be able to stay in the position as the UN agency for ICT that really looks at what is in the best interests of the world and not a specific people.”