Resources |
◎ COVESA Events |
Join/Sign Up |
◎ Join COVESA |
Cybersecurity Group
General Information
Welcome to the COVESA Security Group Meeting!
Weekly Meeting: 1st and 3rd Monday of Month at 9am PT / 12pm ET / 6pm CET Starting Jan 19, 2025 (Zoom Link)(Subscribe to Community Calendar to stay up to date)
Slack: https://covesacommunity.slack.com/archives/C06SRJN0DBN
https://groups.google.com/a/covesa.global/g/cybersecurity
Join the Group (To join the group you must be logged in/authenticated to Google)
Click the Cybersecurity Group link
Click Ask to Join
GitHub: TBD
Chairs:
@Chuck Brokish, Green Hills
@Rex Struble , VxLabs
Team Charter
Meeting Notes:
2025 Meeting Notes:
2025-10-22
Participants:
Rex Struble
Chuck Brokish
Paul Boyes
Mike Nunnery
Joby Jester
Tim Yerdon
Topic:
Presentation
Meeting
2026 Meeting Notes
2026-02-02
Participants:
Rex Struble
Chuck Brokish
Paul Boyes
John Heldreth
Richard Fernandes
Jennifer Hillsdale
Mike Nunnery
Johan Veenstra
Topics Discussed:
Summarized the Team Charter/Deliverables: (see the Team Charter above)
1) Build an Automotive Cybersecurity Ecosystem Map (ACE-Map)
2) Lead the cybersecurity aspects of the COVESA VSS/VDM project
Prelim alignment on ACE-Map
Opened the rough working doc’s in the team folder. 1 excel and 1 power-point.
Agreed to merge into the 1 Excel format
Agreed to add “Categories” to provide structure
Agreed to work on how to visualize the content, as a later step.
Agreed to leave individuals names off of the ACE-Map; however, we will have team Liaison's to sync with various Committees, WGs, Taskforces, and so forth
Action Items:
Chuck to combine and consolidate content of ACE-Map into 1 excel
Team members are asked to add/contribute content into the ACE-Map Excel sheet (see link above)
2026-03-02
Participants:
Mike Nunnery
Chuck Brokish
Rex Struble
Johan Veenstra
Amadou Kane
Joe Gallo
Richard Fernandez
Amadou Kane
Johan
Topics Discussed:
Reviewed the 2 primary topics of the Cybersecurity Group:
ACE Map: Automotive Cybersecurity Ecosystem Map (in excel format for now)
The standards list that was placed on the website from ASRG has been updated, and include more information. Also, since more data was added, and in the interest of keeping it non-company specific, company designation was removed. Updated document is here.
Need to show “Branching of the Map”: showing the different organizations, and the security documents create by each. Those would include:
· Information Reports
· Best practices
· Process Guidelines
· Standards
Cross matrix of documents above, but addressing areas of:
· Redundancy
· Conflict
Add a tab into the excel sheet that identifies and tracks Governmental Regulations, Policies, and the status and enforcement dates for each. See Action Items below for next steps.
Security and Privacy of VSS/VDM:
Creation of new signal definition details in the form of security metadata within COVESA, but adding details regarding security restrictions/requirements for these signals.
Beyond the signals and how they propagate across the vehicle and can be subscribed to….adding meta data…. augment with further the security parameters… (public, PII, tagged as such, encrypted, restricted)
Build upon the work done already by the VSS and VDM teams
Action Items:
ACTION: Rex to Reach-out to COVESA members to join our team that have expertise in security metadata: DDS, SOME/IP, Others such as IEEE-1609.2 (V2X). Send invitation through Paul Boyes. Done. Examples of companies would include (but certainly not limited to) RTA (DDS) and Excelfore (SOME-IP)
ACTION: Rex to send invitation through Mike Nunnery to VSS/VDM Team to provide an overview and to discuss collaboration with Cybersecurity Group. Done.
ACTION: Rex to send invitation through Mike Nunnery to invite Jen Dugalinski to attend a future meeting to address this topic. Done.
Further Notes:
It was noted on the call that there is a group within COVESA created for safety information on the connected vehicle. That team may want to leverage the work started within the document above, and either create their own tab within the document, or create their own document.
Chuck and Rex will not be at the AMM in Portugal.
o Mike has requested that they join virtually for part of the meeting, to given a review of recommended activities within the group
o Mike will check who will be physically present, and determine if it makes sense to have a technical meeting of the security team during the AMM
2026 Meeting Notes
2026-03-23
Participants:
Mike Nunnery
Chuck Brokish
Rex Struble
Jennifer Dukarski
Jennifer Tisdale
Joe Gallo
Chaitanya Podalakuru
Paul Boyes
Topics Discussed:
Reviewed the 2 primary topics of the Cybersecurity Group:
Discussion of using AI for recording meetings
Many companies and organizations are not using AI for meeting tracking for several reasons
o Proprietary gets fed back out of the meeting for AI training
o Conflation of standards and considerations can get logged as fact within training data, if it’s coming from a standards discussion
Initial thought that we should NOT be using it for COVESA meetings either.
o COVESA may want to consider creating a standard disclaimer on meetings
Legal topics discussion with Jennifer Dukarski:
The security committee would like to Inventory standards, specifications, regulations to help the automotive industry navigate overlapping, and perhaps conflicting documents.
o Jennifer stated that she can assist in collecting details of existing automotive security regulations around the world
Discussed options for visualizing such information
o Branching model such as the one used for VSS, to show separate organizations and the documentation from each – classifying it accordingly as to whitepaper, information report, best practices, normative standards, regulations, etc
o Concentric circles, with sectors showing the branches above, but the circles indicating what type of document each is to help visually quantify the content
Also discussed adjacent security documents that could eventually impact automotive
o Even if not automotive directly, some represent privacy and consent
o Others such as IoT, of which automotive is also a “Thing” connected to the internet
VDM topic discussion with Chaitanya from Ford:
Working VDM along with VW
Started with what was done on VSS, and extending that to the vehicle
Users should not have to worry about how the data is used, but understand what it is
If it’s security, or FuSa, it would have data included to support that capability
Have switched to new (open source) format going forward
o Using GraphQL as a schema to define the model
Model needs to be structural as well as behavioral
Background information for getting up to speed on VDM:
https://covesa.atlassian.net/wiki/spaces/WIK4/pages/39059865
https://github.com/COVESA/s2dm
May want to watch YouTube videos to understand GraphQL schema
2 data models to study that are both used
VDM
S2DM
“vspec” is existing detail for VSS that could be used as “decorator” for security metadata as well
VSS is treated as a sub-domain for VDM
Jennifer Tisdale noted that this was the 1st discussion around technical
Asks what the charter is
o Liasson across auto industry
o Create open standard definition for security within connected vehicles
Jennifer is interested in working with John on mapping
Joe Gullo
Interesting in defining overall holistic vehicle best practices for security across the vehicle and environment
2026-04-21
Participants:
COVESA AMM in Porto - Cybersecurity Group Skipped a Meeting
Team Update Slides - Presented by Rex remotely in Porto:
2026-05-04
Participants:
Mike Nunnery
Chuck Brokish
Rex Struble
Joe Gallo
Paul Boyes
Steven King
Sri Palacharia
Kevin Harnett
Ted Guild
Richard Fernandes
Johan
Topics Discussed:
New Event upcoming:
What: Collaboration with ASRG Detroit Cybersecurity Networking Meet-up Event
When: June 1st, 2026 → 5:30pm to 7:30pm
Location: SAE Offices in Troy: 2600 West Big Beaver; Suite 445 (Thanks - Tim Yerdin!)
Open Demo’s, plus 2 Presentations: 1 by VxLabs and 1 by RTI.
Pizza, Salad, and drinks to be provided.
Reviewed the 3 primary topics of the Cybersecurity Group:
1: Ecosystem Map:
Action: Need feedback from Jennifer on Regulatory List Inventory
2: VSS/VDM:
Action: Need to schedule next step with VSS/VDM team leads
3: Leveraging AI for Cybersecurity Defense:
Action: Need to schedule next step with AI team lead - Georg Doll
Identified New Topics for follow-up:
A: Team to create a diagram/picture of the elements of a layered whollistic cybersecurity approach that will serve as a discussion aid for this team.
Action: Joe Gallo to create a draft for review in a future meeting
B: Team to get involved Commercial Truck topic of FMS/Kuksa/Jaspar software upload topic which may be a short-term approach that leads into VISS. Kevin Harnett and Ted Guild suggested that this group may want to review cybersecurity aspects of this. https://yoriito.dev/ was mentioned in this discussion.
C: Richard Fernandes mentioned that this Cybersecurity Group may want to contribute to the In-Vehicle Payment Group and USB team activities. Sri Palacharia is also active on this topic.
D: It was mentioned that this Cybersecurity Group should consider being involved in the security aspects of the COVESA AAOS working group.
E: The group discussed the idea of creating COVESA Cybersecurity Group “Ambassadors” that would each be responsible for interfacing and synchronizing with each of the above topics: A-D in addition to the topics of AI, and VSS/VDM.