cyber security and the connected vehicle
play

Cyber Security and the Connected Vehicle How to adapt to the new - PowerPoint PPT Presentation

STEER Cyber Security and the Connected Vehicle How to adapt to the new age challenge S STEER Founded in 2016 by Automotive Cybersecurity Leaders with previous successful commercialization and acquisitions Proudly encouraging Focused on


  1. STEER Cyber Security and the Connected Vehicle How to adapt to the new age challenge S

  2. STEER Founded in 2016 by Automotive Cybersecurity Leaders with previous successful commercialization and acquisitions Proudly encouraging Focused on massively Headquartered in STEM activities and enabling secure self Columbia, Women in the driving cars Maryland Workforce

  3. The modern car ….a journey S 3

  4. What Automotive is Today 4

  5. Connected to Everything 5

  6. Cybersecurity S The art of protecting ones assets electronically, or electromechanically S Hacker vs Defender S Hacker Mentality S Look for easiest path in Unsecured entryways, unsecured interfaces, openings! S S Always trying to game the system S Reward driven S Defender mentality? 6

  7. Open exploitable surfaces • Bluetooth • WiFi DSRC (V2V) Short Range Comm • Near Field Communication • Sensors • LIDAR • RADAR • Camera • • OBD-II Tire Pressure Monitoring System • • USB Remote Keyless Entry • • Data Line for EVs 7

  8. 8

  9. How else can a Hacker Penetrate a System to Cause an Inadvertent Outcome? S Vehicle S Using peripheral devices (smart phones, Can/JBus devices, USB devices) S Sensors (tpms, radar, lidar, camera) S On-board telemaGcs S Fleet S From a compromised vehicle into the fleet management infrastructure S Service Network S From a secure, valid entry point by inserGng malware into the vehicle being serviced

  10. No Truck LeN Behind 2. Malware into Fleet Cloud undetected NOC Corporate IT network 3. Malware from Cloud into unsuspecting fleets Firewall Server 1. Malware from Vehicle into Fleet Cloud

  11. 2011-2016 Physical Attack Remote Attack S 2011: First physical hack on a car 10 by university researchers 8 S 2012: First OBD-II hack on car 6 S 2013: TPMS hack 4 S 2014: Radio hack 2 0 S 2015: Remote hack! 11

  12. 2015 – The Breakout year S First public demonstration of a S First time OEM $ value remote hack on a vehicle associated with lack of cyber security: S “No-physical-contact” attack S $1.4B in recall cost S $105MM in fines S First cyber security associated recall in automotive history! S First class action lawsuits S First NHTSA cyber security S First PR firms engaged to related fine! counter cyber security messages S First NHTSA action on Tier1! S First $$ spent for cyber damage! 12

  13. Need for Cyber Security • Brand reputation damage • Lawsuits • NHTSA fines • Recall costs • Board and top executives on-hook • Congressional hearings 13

  14. Need for Cyber Security (cont.) • Fear of loss of life • Penetration of back-end systems through vehicle • Penetration of other networks through vehicle • Trojanization of car! • Just waiting for the motivated attacker 14

  15. Hacker conquest list o Ford o Tesla o GM o Hyundai o BMW o Nissan o Toyota o Audi o Mercedes o Mitsubishi o FCA o VW o Honda 15

  16. How to solve the cyber security problem? S 16

  17. Automotive Development Cycle 17 Image source: Black Duck

  18. What the industry needs and, how to provide it S Cyber security must become an integral part of all offerings S It is a qualifier S Training programs that capture cross disciplinary domains S Incident Response 18

  19. Goal of Automotive Cybersecurity Training S Build cyber secure and robust electronics and systems inside out S Ready to face next gen of connected vehicles S Ready to face cyber adversaries, and cyber criminals S Ready to face connected automated and electrified vehicles S Ready to service and maintain all of the above in top shape with minimum vulnerabilities 19

  20. Cyber Security Training Strategy Corporate Training S Corporate Structure changes S S Processes Development, testing and Operations side S Data & Benchmark Testing S Service side training S Service –a real backdoor. S Technology Side S Best practices, Secure design, verification and validation to include security requirements S 20

  21. Corporate Structure S Correct posture on cyber security S Risk assessments and threat analysis S Hiring key talent for cyber security operations S Staff Certifications & Training 21

  22. Process S Cyber Security Framework: SAE J3061 S NHTSA Guidelines S ISAC bulletins S Secure Coding Practices S Incident Notification, Response and Handling 22

  23. Data & Benchmarking S Cyber security benchmark / T&E Framework S Vulnerability assessment cataloging S Gray/Black box testing data mining S Continuous Penetration Testing 23

  24. Summary S Cyber security is a necessity and not an add-on differentiator any more S Comprehensive cyber security needs comprehensive attention and 4-pronged approach S Several methodologies that can be applied internally, incrementally, and conclusively S Positive impact on cyber liability and cyber insurance 24

  25. Thank you! Anuja Sonalker, Ph.D anuja@steer-tech.com www.steer-tech.com S

Recommend


More recommend