ITU works through its security questionnaire; reaches Question 13

• New study concerns security standards for connected cars
• Will also cover intelligent transport systems (ITS)
• Seeks to develop privacy protection and management schemes
• Within the framework of ITU’s “personally identifiable information” work

The ITU has a rather curious system of coordinating its study activities. Each of its Study Groups (there are currently 11 in force) has a list of questions that they need to study, for which they assign rapporteurs. Each Question is a multi-part description of the study items that should be considered, and often comprises an open-ended list. From this, various Tasks are identified, although again, these can change and expand over the course of the study, and various other groups and bodies are consulted. The results of these deliberations then work their way through to becoming Recommendations (the ITU’s politically correct term for Standards).

Honestly, with the amount of groups, associations, technical committees, working parties and task forces out there, it’s a wonder there’s anyone left in this industry who does “regular” work for their companies.

The ITU’s latest work stream concerns security standards for connected cars and intelligent transport systems (ITS). This new work stream will be led by ITU-T Study Group 17, the ITU’s standardisation expert group responsible for security aspects in information and communication technologies. Known formally as “Question 13/17” (i.e. Question 13 for Study Group 17 – there are a lot of questions being debated), the work stream will be chaired by Sang-Woo Lee of Korea’s Electronics and Telecommunications Research Institute (ETRI) and co-chaired by Seungwook Park of Hyundai Motors.

“In the ITS environment, the security vulnerabilities of one connected vehicle can come to affect the larger ecosystem of connected vehicles,” said Heung Youl Youm, Chairman of ITU-T Study Group 17. “Common technical standards will help industry to ensure that required levels of security are common to all cars on the road.”

The ITU says that experts contributing to the work of Question 13/17 will identify threats to ITS security and user privacy, developing a comprehensive set of ITS security standards in response. This work will analyse security mechanisms, protocols and technologies to identify solutions with potential to form part of international ITS security standards. The resulting standards will range from overarching ITS security architectures to more targeted standards tailored to the requirements and use cases of specific ITS services and applications.

“Standardisation will be essential in building a trusted ecosystem of intelligent vehicles,” said Chaesub Lee, Director of the ITU Telecommunication Standardization Bureau. “ITU standardisation work is supporting the increasing integration of ICTs in vehicles with road safety and data security as our top priorities.”

Autonomous vehicles will need to both communicate their own positions and receive information from other vehicles and their surrounding environment, which will require efficient encryption and decryption algorithms capable of accommodating fast-moving network nodes and dynamic network topologies.

Question 13/17 will also seek to standardise identification and authentication schemes for ITS services and applications, building on the Study Group’s expertise in Identity Management. It will develop privacy protection and management schemes within the framework of ITU’s standardisation work on the protection of “personally identifiable information”.

The ITU already provides common technical platforms to assist the automotive industry with ICT. The World Radiocommunication Conference 2015 allocated radio-frequency spectrum in the 79GHz frequency band to the operation of short-range, high-resolution automotive radar, and the ITU provide specifications for communications between cars and infrastructure.

An ITU standard for secure over-the-air software updates for connected cars was approved in March 2017, and a new standard is under development to provide security guidelines for V2X communications (i.e. vehicle-to-vehicle and vehicle-to-infrastructure).

The organisation is also collaborating with the UNECE Transport Division, the body responsible for global vehicle regulations, and held a joint symposium on the Future Networked Car within the Geneva International Motor Show in March this year.

Incidentally, ​​​Hyundai only become a member of the ITU's standardisation arm (ITU-T) in November last year, marking something of a welcomed détente in the often rocky relationship between the ICT and automotive sectors. The Korean manufacturer is committed to building a “hyper-connected intelligent cars” platform, which includes smart remote-maintenance services, autonomous driving, smart traffic flow, and a connected mobility hub to provide security and data management for connected cars.

"Hyundai Motors is looking forward to participating in ITU and will bring important momentum from the automotive industry to advance the future of connected car technology," said Eon Youl Shin, Director, Hyundai, back in November.