European Framework forC-ITS Security6th of March 2018Gerhard MenzelEuropean Commission

Key EU Policy Milestones to deliver C-ITS in Europe by 2019

Cooperative Intelligent Transport Systems

Connected Vehicles

Automated Vehicles

A European Strategy on Cooperative Intelligent Transport Systems, November 2016

Commission Delegated Act on Cooperative Intelligent Transport Systems, foreseen 2018

European Certificate & Security Policy for Deployment and Operation of European C-ITS, June

& December 2017

• Setting the scene for the Pan-European Deployment of Cooperative, Connected and Automated Vehicles

• Common vision and identification of open issues

C-ITS platform final report & Annexes available at:http://ec.europa.eu/transport/themes/its/c-its_en.htm

C-ITS Platform Phase I

C-ITS Platform Phase II

• Implement recommendations of first phase• Analyse how cooperation, connectivity and

automation converge

C-ITS Strategy

• COM (2016) 766 - A European strategy on Cooperative Intelligent Transport Systems, a milestone towards cooperative, connected and automated mobility

• Clear path on C-ITS Security in the EU from the Commission

https://ec.europa.eu/transport/themes/its/c-its_en

EU C-ITS StrategyCOM (2016) 766

https://ec.europa.eu/transport/themes/its/c-its_en

June / December 2017:C-ITS Certificate & Security Policy published!

C-ITS SecurityEU Trust Model

EU Coordination Role"TLM/CPOC"

… e.g. run by

Member State 1

… run by the EC for all who don’t run their

own

. . . Root CA NRoot CA 1 Root CA 2

Policy Authority

… e.g. privately run by a manu-

facturer

Root CA 2

… e.g. run by

Member State 2

… in theory many Root

CAs are possible run by public or

private

Legend:TLM … Trust List ManagerCPOC … C-ITS Point of Contact CA … Certificate Authority

EU Root CA

Scope of EU CCMS pilotphase

European Union C-ITS Security Credential Management System – Pilot Phase (EU CCMS)

• 4 year fully financed pilot operation of an European C-ITS Credential Management System ("PKI") implemented and operated by the European Commission

• Funds of CEF Public Support Action (Work Programme2016)

• Provision of common European elements: Full setup of CPOC, TLM and EU Root CA to support initial C-ITS deployment in Europe as defined in Release 1 of the certificate & security policy documents

• Time Horizon Pilot Phase: 2018-2021

European Union C-ITS Security Credential Management System – Pilot Phase (EU CCMS)

• First Tenders expected to be launched 2018, currently in preparation – mainly for CPOC protocol definitions and TLM setup

• Goal is to provide a first prototype version of the TLM / CPOC functionalities already in 2018 for early deployment initativesfor testing purposes (e.g. C-Roads Member States or single OEMs) – to be confirmed

• Open to all stakeholders and C-ITS Day 1 deployment initiatives

C-ITS Security: Current topics (1/4)• Timely Update of Certificate Policy Release 1 is needed

• Alignment with Security Policy Release 1

• Update of “yellow” items & inconsistencies, some commitments for the update of the Certificate Policy were already taken in December C-ITS Security Workshop in Brussels, e.g.:

• Protection Profiles SOG-IS process

• AT Validity period 1 week, max. 100 ATs valid in parallel

• TS 103 097 v1.3.1 applies migration needs! (e.g. EU CCMS TLM/CPOC will not support old versions of this standard)

• Workshop planned spring 2018 – details & invitations will follow

C-ITS Security: Current topics (2/4)• Update of ETSI Standards

• Urgent Call for ETSI to release new version of ETSI TS 102 941 in alignment with TS 103 097 v1.3.1

• Updated ETSI 102 941 is needed for all deployment initiatives as well as the EU CCMS activities!

C-ITS Security: Current topics (3/4)• Applicability of EU Certificate & Security Policy (CP/SP)

• Reminder: C-ITS services and hence C-ITS security needs to be fully interoperable. There is only 1 single trust domain in Europe.

• The CP/SP are fully communication technology layer agnostic. They equally and fully apply to short range (e.g. ITS-G5) or long range cellular based technologies (Hybrid!).

• Secure communication is NOT enough! (e.g. through proprietary solutions)

• ITS stations sign messages with certificates to ensure Authenticity (from a trusted source) & Integrity (not modified). ALL ITS stations need to comply to CP/SP and EU CCMS for EU wide interoperability, no matter the communication technology.

C-ITS Security: Current topics (4/4)• Protection Profiles for C-ITS Stations

• CP/SP demands protection profiles certified through SOG-IS process

• At this moment no publicly available protection profile exists for mobile or fixed C-ITS stations

• Any updates on that by the C-ITS community?

• EC happy to assist wherever possible and needed.

More InformationCooperative, connected and automated mobility (C-ITS):

https://ec.europa.eu/transport/themes/its/c-its_en

Thank you for your attention!Gerhard Menzel

gerhard.menzel@ec.europa.euEuropean Commission - DG JRC

E.3: Cyber & Digital Citizens‘ Security