Framework Requirements for Product Security in the German Automotive Industry (Prototype Protection)

Transcription

1 Framework Requirements for Product Security in the German Automotive Industry (Prototype Protection) Version: 1.0 As at: 13 Dec Status: Released Authors: Audi: Mr. Jablonowski BMW: Mr. Ackermann, Mr. Driftmann, Mr. Himpsl DaimlerChrysler: Mr. Amend, Mr. Wittmann, Opel: Mr. Mannel VW: Mr. Maretzke TGA: Mr. Goertz 1/14

2 Table of Contents 1 General Information Requirements for handling prototypes The management process for product security General requirements Strategy Responsibility Process / organization Resources Camouflage General requirements Strategy Responsibility Process / organization Resources Notes: Testing grounds, test stations / simulations General requirements Strategy Responsibility Process / organization Resources Testing and experimental operations General requirements Strategy Responsibility Process / organization Resources Notes Photography / photographic equipment General requirements Strategy Responsibility Process / organization Resources Transport Strategy Responsibility Process / organization Resources Notes /14

3 1 General Information The framework requirements for product security were drawn up on behalf of the VDA Working Group Integral Information Protection with IT Security, Prototype Protection and Risk Management. These requirements are intended to act as a basis for product protection in the German automotive industry and to complement the requirements set down in ISO The developing and testing of prototypes and automotive components require special protection for the design and the innovations, as does the construction of design models. In the processes special attention should be paid to analyzing the risks, putting effective protection measures in place and monitoring the efficacy of the protection measures. Suitable procedures have to be applied to ensure that all this is carried out. These framework requirements do not apply to car clinics, photoshoots and media events (marketing / presentations). Such events are regulated by the OEMs individually. 3/14

4 2 Requirements for handling prototypes Prototypes are subject to confidentiality, but they have to be moved and tested in various environments (e.g. testing on test tracks and public roads, transportation by agencies, experiments at partner companies, etc.). These situations necessitate appropriate technical, organizational and awarenessbuilding measures. 2.1 The management process for product security General requirements To ensure that prototypes are protected, appropriate management processes must be in place at the OEMs and the development partners Strategy The departments involved in development and the users of prototypes must be made aware of how to deal with confidential prototypes and enabled to comply with the requirements. Technical and organizational protection measures must be defined and implemented Responsibility a) The company must have a central office or department that organizes and implements the security process for prototype protection. b) There must be a specific body at the OEMs (representatives from development, security office, sales) that decides on the technical and organizational protection measures (camouflage and handling regulations) for each project. c) The organization of the vehicle project must include a person responsible for prototype protection Process / organization a) A vehicle s development process must include a description of milestones used for defining and imposing protection measures, dependent upon the degree of maturity and the purpose of the prototypes. b) All persons involved in the project and all vehicle users must be familiar with the regulations on how to handle prototypes currently in force in their area of work. c) When prototypes are entrusted to external co-developers and / or other partners, the security process must be extended to include them (confidentiality, voluntary personal information, security certificate, on-site check by the security organization responsible). 4/14

5 2.1.5 Resources a) There must be sufficient personnel available (both centrally and in the project itself). b) There must be sufficient funding available (awareness-building and training, compiling and communicating the handling regulations, etc.). 5/14

6 2.2 Camouflage General requirements The scope of the camouflage and the amount of work/resources involved must be based on an assessment of the protection requirements for the object in question (vehicle). The camouflage must be determined. Typical design features must be either altered or hidden. The camouflage on the prototype must not be altered or removed without consultation with the person responsible for the project Strategy a) The company s camouflage philosophy and camouflage strategy must be described (orientation framework for specific project camouflage). b) The camouflage concept must be drawn up and implemented for each product on a case-by-case basis. It must be adapted to the development status of the vehicle Responsibility There must be a specific body (representatives of the departments involved in development, project managers, etc.) with responsibility for decisions concerning the camouflage concept specific to the project and its development status; if such a body does not exist already, one must be set up Process / organization a) The camouflage required for the prototypes at the various stages must be determined. b) A document for decision must be drawn up (virtual / graphic or hardwarerelated). c) Acquisition of the items used for camouflage must be organized. d) The camouflage must be accepted and passed by representatives of the body responsible (e.g. for the first vehicle to be built). e) The responsible technical departments must accept each case individually. f) If applicable, comparative wind tunnel measurements must be carried out (with and without camouflage) Resources a) The camouflage materials for the interior and the exterior (hard shell or plastic film camouflage) must be available. b) Lockable protective tarpaulin and interior covering must be available. c) The necessary costs must be planned. 6/14

7 2.2.6 Notes: The following additional requirements must also be met by the individual company: a) A non-local registration must be used as camouflage if required. b) If required, a coding / indicator must be applied to allow prototypes appearing in publications to be identified. c) During the period of confidentiality, recycling / disposal must be secure. 7/14

8 2.3 Testing grounds, test stations / simulations General requirements The experimental requirements for new products make it essential to drive the vehicles on testing grounds. When protection is being considered, a distinction must be made between the company s own testing grounds and those that are hired Strategy a) Testing grounds must offer special protection (e.g. from unauthorized photography) against both internal and external attacks (unauthorized persons / spy photographers), and allow screened off / undisturbed testing. b) In the case of mixed operations with other vehicle projects (the company s own products together with the competition) or at hired testing grounds, special protection measures must be put into effect Responsibility a) For each location, the security organization responsible must draw up a security concept in consultation with the operator. b) The relevant operator must ensure compliance on site with the measures in the protection concept. c) The project manager / test manager is responsible for compliance on site with the protection measures for each vehicle Process / organization a) Testing by the operator on the testing grounds must be centrally recorded, documented and coordinated. b) Protection measures must be defined in writing and communicated to the relevant persons. c) Additional measures may be required for individual products: 1. Use of camouflaged or uncamouflaged prototypes according to the need for protection. 2. Night drives according to the need for protection. 3. Security patrols if required. d) Access checks (general) and control and documentation are essential each time a prototype is used. e) Alarm and emergency planning measures (radio link, protective tarpaulins, bunker-type garages concealing the prototype, etc.) must be in place. 8/14

9 2.3.5 Resources a) Fenced-off grounds / buildings must have physical perimeter protection (protection against visibility and climbing, secure parking spaces for prototypes, etc.). b) Surveillance measures must be in operation (CCTV, infrared cameras or patrols, etc.). c) Signs indicating that photography is prohibited must be attached to the perimeter fence if required. d) All persons involved must agree to abide by the security regulations (e.g. prohibition of photography); the regulations must be posted at the entrance. 9/14

10 2.4 Testing and experimental operations General requirements It may also be necessary to move and test prototypes on public roads, close to customers Strategy The proving grounds / tracks must be analyzed and assessed for risk. The scope of the protection measures (camouflage, screening personnel, night-time drives, etc.) depends on this assessment Responsibility The following responsibilities must be allocated: a) The test manager is responsible for prototype protection on site. b) The driver of a prototype is personally responsible for compliance with the defined protection measures during experimental operations. c) Risk analyses of the proving grounds / tracks must be carried out by the departments responsible (security, test manager, etc.) Process / organization a) Experimental drives must comply with the current protection measures / handling regulations (see 2.1 above). b) Test runs on public roads must be approved by the departments responsible (project management, security, etc.). c) The testing team must be sensitized to the following aspects: 1. Current security situation and risks associated with travel. 2. Confidentiality concerning the destination and scope of testing, when dealing with unauthorized persons. 3. Regulations concerning the handling of new developments (interior covers, etc.). 4. Appropriate behavior in specific situations (e.g. photographers, accidents, breakdowns) and at neuralgic points / weaknesses in the routes. 5. Information to be given to people who are curious must be coordinated (story, e.g. driver training by automobile clubs, etc.). d) Changes to the camouflage must be coordinated with the persons responsible (security, project manager) on a case-by-case basis. e) Individual corporate regulations for prohibiting photography of prototypes must be observed. f) For PCs / laptops, etc. the relevant IT security guidelines (virus check, data security, encryption, theft protection, etc.) must be observed Resources 10/14

11 Testing grounds and workshops at the proving grounds must be made secure in relation to visibility and unauthorized access, using construction, technical and / or personnel measures Notes a) Any emblems / signs indicating company facilities must be avoided. The same also applies to personnel (e.g. clothing, hotel registration, etc.). b) Transfer of confidential data must conform to the requirements of ISO /14

12 2.5 Photography / photographic equipment General requirements Unauthorized persons must be prevented from photographing confidential objects Strategy If any devices for recording or transmitting images (camera phones, PDAs, compact cameras, video cameras, etc.) are brought on site, this must be regulated appropriately, especially in zones requiring a special level of protection. When picture documentation is essential, the owner of the property / client (OEM) is required to have a photography permit and to produce evidence of this if required Responsibility a) The management is responsible for regulation. Every member of staff (of the company and of partners) and every visitor must be familiarized with the procedure. b) The series development partner must comply with the requirements of the client OEM. c) Every member of staff is responsible for compliance with the regulations on photography / photographic equipment Process / organization a) The procedure for issuing permits for photography (applications for the purposes of documentation during development, testing, events, etc.) must be defined and regulated. b) Any authorized picture documentation must be kept securely and protected from viewing by unauthorized persons. c) Secure disposal of the picture / data material must be arranged. d) To protect against unauthorized copying, if required the client must demand from the development partner technical / optical source protection measures as needed. e) Zones requiring a special level of protection must be marked as such (signs, posters, etc.). f) Compliance with the procedure must be monitored Resources The following relevant resources (including costs) must appear in the planning: a) Deposit box / safe, b) Secure access-protected data storage devices and systems, c) Shredder, secure deletion tool. 12/14

13 2.6 Transport Strategy During transport (by air, water, overland) prototypes must be protected from unauthorized viewing, unauthorized photography and access Responsibility a) The coordination office / logistics department of the relevant company is responsible for engaging suitable transport companies that have been approved by the OEM s security organization. b) The department of the OEM awarding the contract must define the need for protection. c) If the contract for transport is not awarded by the coordination office / logistics department but instead directly by the technical department, the OEM s responsible security office must approve the transport company. d) The department awarding the contract must ensure that the management of the transport company obliges its staff and subcontractors to maintain confidentiality, and that it informs them regularly (at least once a year), or when changes are made to the protection measures, of the correct way to handle prototypes. Upon request from the security department of the OEM, evidence of this must be provided Process / organization a) The transport company must be aware of the confidentiality status and comply with the defined protection goals. b) Confidential transports must be carried out in accordance with the OEM s requirements. c) The transport company must report all risk situations and incidents to the appropriate office or person Resources The following resources (including costs) must appear in the planning: a) Suitable means of transport that is secure in traffic (e.g. enclosed / locked, under seal, air-conditioned, alarmed). b) Suitable means of communication (e.g. cell phone without photo function, radio). 13/14

14 2.6.5 Notes a) When the contract is awarded by the coordination office / logistics department, attention must be paid to restrictions on approval imposed by the security organization. b) Image-recording devices brought onto the premises (e.g. to document damage involving the transport company) must be declared spontaneously upon entry to the plant / proving ground / testing ground. 14/14