European Commission calls for experts on Intelligent Transport Systems
Posted: 28 April 2020 | Sam Mehmet (Intelligent Transport)
The Commission has set up a sub-group to develop common cybersecurity processes needed for communication between vehicles and infrastructures.
The sub-group is designed to support the implementation of a pilot on common EU-wide cybersecurity infrastructures and processes needed for secure and trustful communication between vehicles and infrastructure for road safety and traffic management related messages and to foster exchange of experience and good practice in the field of C-ITS.
The sub-group shall consist of up to 70 members. The members shall be member states’ authorities (at national, regional or local level e.g. cities) and organisations with a demonstrable professional interest and experience in the deployment of cooperative intelligent transport systems using the EU CCMS.
Organisations will be established in an EU member state and belong to one of the following groups:
- Vehicle manufacturers who operate C-ITS stations for C-ITS services according to the European Strategy on Cooperative and Intelligent Transport Systems
- Road infrastructure operators that deploy C-ITS stations for C-ITS services according to the European Strategy on Cooperative and Intelligent Transport Systems
- Other equipment manufacturers and operators who provide communication and relevant ICT-systems for C-ITS station deployment and enrolment in the EU CCMS, such as Public Key Infrastructure participants defined in the C-ITS Certificate Policy.
Member states’ authorities and organisations have been called on to nominate their representatives and will be responsible for ensuring that their representatives provide a high level of expertise.
In particular, the sub-group shall assist the Commission in the following areas related to C-ITS:
- Identifying new requirements (functional, technical, security and legal), which can be used to ensure that C-ITS services are continuously provided and EU C-ITS Security Credential Management System (EU CCMS) is continuously operated
- Supporting the implementation of changes in requirements (in the certificate and/or security policy) defining the design and operation of the EU CCMS and the C-ITS system
- Monitoring of incidents of large scale and high severity which impact the entire C-ITS trust system (e.g., disaster recovery situation where the cryptographic algorithm is compromised)
- Drafting, publishing and maintaining the European C-ITS Security Policy (SP) and C-ITS Certificate Policy (CP) published on the website of the C-ITS Point of Contact (CPOC)
- CP management, including approval of the present CP and future CP change requests; deciding on the review of CP change requests and recommendations submitted by Public Key Infrastructure (PKI) participants or entities; deciding on the release of new CP versions
- Public key infrastructure authorisation management, including defining, deciding and publishing the Certificate Practice Statement (CPS) approval and certification authority (CA) audit procedures (collectively referred to as ‘CA approval procedures’); authorising the C-ITS Point of Contact (CPOC) to operate and report regularly; authorising the Trust List Manager (TLM) to operate and report regularly; approving the root CA’s CPS, if it is in line with the common and valid CP; scrutinising of the audit reports from the accredited PKI auditor for all root CAs; notifying the TLM about the list of approved or non-approved root CAs and their certificates on the basis of received approval reports of the root CAs and regular operations reports.