Criteria for ensuring the cyber-security of vehicles in international agreements under the auspices of the UN and their prospects in Russia

Introduction (problem statement and relevance). The current Eurasian Economic Union regulatory documents do not provide cyber-security assessment for “connected”, highly automated and unmanned vehicles.

The purpose of the study was to analyze the current assessment, provided for by international standards and the UN Regulations.

Methodology and research methods. The proposed method of assessment was to establish and analyze risk and threat requirements, to be taken into consideration regarding “connected”, highly automated and unmanned vehicles before their release onto public roads.

Results. The cyber-security requirements for highly automated and unmanned vehicles at the International Standardization Organization (ISO) level, the World Forum for Harmonization of Vehicles Requirements of the United Nations Economic Commission for Europe in the form of ISO standards and UN Regulations were considered, as well as the ways of including these requirements at the regional level of the Eurasian Economic Union as part of the technical regulation “On the safety of wheeled vehicles” (TR TS 018/2011), the national level of Russia in the form of a change in the Government Decree of the Russian Federation dated November 26, 2018 No. 1415 “On conducting a trial operation experiment of highly automated transport on public roads”.

The scientific novelty lies in the proposed cyber-security requirements that must be applied to highly automated and unmanned vehicles before they are released on public roads both in Russia and the Eurasian Economic Union.

Practical significance. The results of the study can be used to improve the technical regulations of the Eurasian Economic Union in the field of car manufacturing and the development of national legislative acts of the Russian Federation in this area.

1. Kisulenko B.V. [Safety of automated/unmanned vehicles and its assessment upon admission to operation]. Avtomobil'naya promyshlennost', 2022, no. 2, pp. 7-13. (In Russian)

2. SAE J3016. Standard: Taxonomy and Definitions for Terms Related to On-Road Motor Vehicle Automated Driving Systems. Issued: 2014-01-16. SAE International Inc., 2014.

3. Kisulenko B.V. [Regulation of car cybersecurity based on risk analysis]. Standarty i kachestvo, 2022, no. 3 (1017), pp. 104-108. (In Russian)

4. Cybersecurity Best practices for the Safety of Modern Vehicles, Draft 2020 Update. US Department for transportation, NHTSA.

5. Directive (EU) 2016/1148 of the European Parlament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information system across the Union.

6. [Agreement concerning the adoption of harmonized United Nations Technical Regulations for wheeled vehicles, equipment and parts which can be fitted and/or used on wheeled vehicles, and on conditions for the mutual recognition of approvals granted based on these United Nations Regulations]. (In Russian)

7. [Technical Regulations of the Customs Union “On the safety of wheeled vehicles” (TR CU 018/2011)]. (In Russian)

8. ISO 26262:2018. Road vehicle - Functional safety.

9. ISO/SAE 21434:2021. Road vehicles - Cybersecurity engineering.

10. ISO/IEC-27001:2018. Information security management.

11. UN Regulation No. 155. Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system. ECE/TRANS/WP.29/2020/79.

12. UN Regulation No. 156. Uniform provisions concerning the approval of vehicles with regards to software update and software updates management system. ECE/TRANS/WP.29/2020/80.

13. [IATF 16949:2016. Fundamental requirements for a quality management system for automotive industries and organizations producing related service parts]. (In Russian)

14. [Methodical document. Methodology for assessing threats to information security. Federal Service for Technical and Export Control]. Moscow, 2021. 83 p. (In Russian)