Post on 28-May-2020
© 2015 IBM Corporation
Design, build, drive Ensure safety and security throughout the entire lifecycle process of a connected vehicle
Dr. Sebastian Wedeniwski IBM Distinguished Engineer, CTO Automotive Industry
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
IT Security for Vehicles Conference – Why IBM? What do you think about IBM?
2
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
The traditional IBM business might be known…
3
Geographies
North America
Europe
Japan
Growth Markets
Sales & Distribution
Global Business Services
Business Units
Software Group
Global Technology Services
Systems & Technology Group
Public
Communications
Sectors
Distribution
Financial Services
Industrial
General Business
IBM is known for: ! IT products across industries
! Hardware for data centers
! Software like Middleware, Analytics, Information Management, Development tools, Systems Management, …
! Building IT solutions based on enterprise systems
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
The IBM era of now is defined by three shifts
4
SHIFT 1Data is becoming the world’s new natural resource, transforming industries and professions.
SHIFT 2The emergence of cloud is transforming IT and business processes into digital services.
SHIFT 3Mobile and social are transforming individual engagement – creating expectations of security, trust and value in return for personal information.
OUR POINT OF VIEWData is the new basisof competitive advantage.
OUR POINT OF VIEWCloud is the path to new business models.
OUR POINT OF VIEWA systematic approach to engagement isnow required.
What IBM is making of this moment:
! Transforming industries and professions with data.
! Remaking enterprise IT for the era of cloud.
! Reimagining work through mobile and social technologies.
! Rethinking the challenge of security.
! Creating new infrastructure for a new era.
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
Enterprise innovation in the new era of Automotive & Mobility
5
IBM CAMSS (Cloud, Analytics, Mobile, Social, and Security) is the invisible Internet of Things foundation to transform and differentiate Connected Vehicle business of IBM’s clients.
✓ New Business Models ✓ Scalable Operation ✓ Integration
IBM Connected Vehicle Services Platform
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
Enterprise innovation in the new era of Automotive & Mobility
6
IBM CAMSS (Cloud, Analytics, Mobile, Social, and Security) is the invisible Internet of Things foundation to transform and differentiate Connected Vehicle business of IBM’s clients.
✓ New Business Models ✓ Scalable Operation ✓ Integration
IBM Connected Vehicle Services Platform
Focus of today
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
IBM Security Strategy
7
Buyers
CISO, CIO, and Line-of-Business Deliver a broad portfolio of solutions differentiated
through their integration and innovation to address the latest trends
HELP!
Key Security Trends
Advanced Threats
Skills Shortage
Cloud Mobile and Internet of Things
Compliance Mandates
IBM Security Portfolio
Strategy, Risk and Compliance Cybersecurity Assessment and Response
Security Intelligence and Operations
Advanced Fraud
Protection
Identity and Access
Management
Data Security
Application Security
Network, Mobile and Endpoint
Protection
Advanced Threat and Security Research
Support the CISO agenda 1
Innovate around megatrends 2
Lead in selected segments 3
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
What is secure by design in IT? What would be secure by design in the automotive industry?
8
Secure by Design is about designing the right level of safety and security into a solution, and address safety and security throughout the solution lifecycle.
Secure Engineering is at the core of Secure by Design. Its goal is producing predictably secure software.
http://www.redbooks.ibm.com/abstracts/redp4641.html
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
Set of essential IT development practices exist
9
Risk Assess & Threat
Modeling
Security Reqmts
Secure Coding
Security Document
Security Tes<ng
Incident response
Project Planning
Development Supply Chain
Source: IBM Secure Engineering Framework
Development Process and Lifecycle
Deployment Lifecycle
External Standards / Compliance Frameworks Links
ISO 27001 Informa(on Security Mgmt System h5p://www.iso.org/iso/home/standards/management-‐standards/iso27001.htm
ISO 27002 Code of Prac(ce-‐Security h5p://www.iso.org/iso/catalogue_detail?csnumber=54533
ISO 27018 Code of Prac(ce-‐Handling PII / SPI (Privacy) h5p://www.iso.org/iso/catalogue_detail?csnumber=61498
ISO 29101 Privacy architecture framework h5p://www.iso.org/iso/catalogue_detail?csnumber=45124
IEC 62443 Industrial Network and System Security
ISO/IEC 9797-‐1 Security techniques – Message Authen(ca(on Codes
CC Common Criteria for Informa(on Technology Security Evalua(on h5p://www.commoncriteriaportal.org/
CJIS US Criminal Jus(ce Info Security h5p://www.[i.gov/about-‐us/cjis/cjis-‐security-‐policy-‐resource-‐center
FedRAMP US Federal Risk and Authoriza(on Program h5p://www.fedramp.gov/
FISMA US Federal Informa(on Security Management Act h5p://www.dhs.gov/federal-‐informa(on-‐security-‐management-‐act-‐fisma
FIPS Federal Informa(on Processing Standards h5p://www.nist.gov/itl/fips.cfm
FFIEC US Federal Financial Ins(tu(ons Examina(on Council h5p://www.ffiec.gov/
HIPAA US Healthcare Informa(on Portability and Accountability Act h5p://www.hhs.gov/ocr/privacy/
O-‐TTPS Open Group Trusted Technology Provider h5p://www.opengroup.org/accredita(on/o-‐5ps
PCI-‐DSS Payment Card Industry h5ps://www.pcisecuritystandards.org/
SSAE16 Statement on Standards for A5esta(on Engagements h5p://ssae16.org/
SOC2 Service Organiza(on Control Reports h5p://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/AICPASOC2Report.aspx
Safe Harbor US-‐EU Safe Harbor Framework US-‐Switzerland Harbor Framework
h5ps://safeharbor.export.gov/list.aspx
Examples of diverse standards
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
For example The concept of security risk assessments can be adapted for vehicles
10
Components: ・Communica<on ・Connec<on I/F
Use Case Descrip<ons
Major Vulnerabili<es
Examples of Malicious Actors & Assumed Threats AZack
Scenarios (black & white box)
Affected Resources
Importance of protected resources = Probability of attacks Severity of impact x Risk
Security Requirements
Inventory of systems a. On board b. Infrastructure c. Support and service
Characterization of systems a. Functionality b. Data access and privileges c. Provenance
x
Characterization of threats a. Attack types b. Logical attackers c. Likelihood
Characterization of impact a. Safety b. Functionality c. Privacy d. Financial
Mi<ga<on Plan
Mitigation Actions " Modified design " Modified coding practices " Modified configuration " Use of alternate technologies " Improved documentation " Additional tests
BUT threat analysis is like focus on sickness and not focus on “wellness” (ongoing integrity of the whole system)
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
What is the entire lifecycle process of a connected vehicle? It is NOT the traditional product creation process in automotive industry
11
http://www.ipa.go.jp/files/000033402.pdf
Internet is a feature of the connected cars
Source:
Pre- development
Series development
Module fabrication
Module assembly
Vehicle assembly
Source: Mercer Value Creation Model 2015
64%
36%
68%
32%
90%
10%
87%
13%
4%
96%
S2 S3 M C1 S1
Multi-organization Supply Chain and Fulfillment Systems from multiple suppliers (Sn) to manufacture (M) delivered to consumers (Cn)
s21 s31 c11 • Asset Control ? • Accountability?
Supplier
OEM
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
Assuming the in-vehicle architecture will be solved to create a platform to secure application and communication…
12
Source: OVERSEE – An open and secure application and communication platform
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
…assuming product design and build can be secured in the wide range of threats from local, remote and supply chain…
13
Software Development
Infotainment SW Supply Chain
Vehicle Support
Enterprise Suppliers Consumer
Manufacturing Systems
Internet Internet
Vehicle Maintenance
ECU SW Supply Chain
Asset Actor
Technology Policy/ Process
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
…a designed secure infrastructure for vehicles as we know today…
14
LTE Network
Infrastructure (V2I) & Vehicle (V2V)
Connected Home Maintenance Services
Automaker’s Network
Connected Car
Music, video, weather news, apps, traffic/nav
App Stores 1
Remote Services 2
Telematics 3
Policy Monitoring 4
Adv Diagnostics 5
Vehicle Updates 6
Connected Home 7
Smartphone / Tablet
5
5 2
6 1
4 7
3 2
Engineering (R&D)
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
…then still other security models are needed in the broader scope of connectedness which is not equal to security in the sense of V2V, V2X, built into, bring into devices
15
Internet is a feature of the connected cars
Vehicle as an integral part of the customer’s personalized network
Different Security Models
Source: http://blogs.hbr.org/2014/10/the-sectors-where-the-internet-of-things-really-matters
Source: IBM Institute for Business Value “Driving security: Cyber assurance for next-generation vehicles”
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
The IBM model for the Internet of Things
16
At IBM, we’ve created a model of the IoT that’s useful for understanding the security threats at various data flow and control transition points.
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
The Internet of Things brings a range of threats and attack vectors.
17
A. Password attacks B. Web application vulnerabilities C. Rogue clients / malicious firmware D. Man in the middle attacks E. Information gathering / data leakage /
eavesdropping F. Command injection and data corruption
Things
Local network
Global network
Cloud service
Controlling device
A
A
B
A
A
B
B
D
D
D
C
C
F
E
E
E
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
Will one unified security model work for anomaly detection?
18
! Unified security operation for prompt response and continuous improvement – Building on top of security policy – Scalable security monitoring – Multiple mode of operation (normal, cyber-attack, disaster etc) – Consideration of privacy
Unified Security
Operations
Operations Manufacturing
Development
Services
Secure provisioning
Secure by design (from requirements to test)
Security monitoring
Security monitoring
External threats
Internal threats
Robots, servers and data centers
Mobile devices, laptops and PCs
Internet, Web pages and Apps
Connected Vehicles
Infrastructure and Networks
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
Integrated Security Operation Center as a Unified Security Operations Overlaps of R&D and IT responsibilities
19
Threat Response Level 2 Event Analysis Escalations Incident Management on premise
Structured (IT Transactional Logs) Probe Data (Vehicle) Unstructured (Big Data)
IT Operations
Service Mgmt Health checking Monitoring
Threat Monitoring
L1 Threat Analysis L1 Triage Dedicated Team 24x7
SOC Service Delivery Management Governance, Service Level Management, Service Reporting, Security Policy Recommendations, Escalation
SOC / SIEM Platform Components Security Device Data, Event Data (Int./Ext.) Event Patterns Correlation Aggregate Security Events Log Data (Transactional) Unstructured Data (Big Data) Custom Rules
Emergency Response Team
Cyber-Security Command Center (CSCC) Executive Security Intelligence Briefings Correlation Rule Design Local Reg. Security Oversight Consolidated Monitoring/Security Metrics Governance Local/Reg. Intel. Briefings
SOC Platform
May be combined depending on requirements
Security Intelligence Internal Anomaly / External news / New Use Cases
SOC/SIEM Admin. Support Services
Tool / Log Integration Operational Reporting Dashboards Rule Administration Device Administration
CSIRT Management
Maintain Playbook Manage Incident Resp.
Data Sources
SIEM Tool (IT & Vehicle)
Ticket Tool (e.g. Remedy)
Portal / Help Desk Integration Tools Reporting /
Dashboard Big Data (e.g. Hadoop)
SOC Operations
User Support
Incident Mgmt Acceptance Q&A Mgmt
Vehicle Operations
Health checking Monitoring
Legend
SOC/SIEM
IT
Vehicle
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
IBM X-Force® delivers expert analysis and threat intelligence
20
Client Side Attacks
Botnets
Buffer Overflow Attacks
Distributed Denial of Service (DDoS)
SQL Injection
Backdoors
Cross-site Scripting (XSS)
Malicious Content
Protocol Tunneling
Reconnaissance
Trojans
Worms
Exploit Toolkits
Peer-to-Peer Networks
IBM Security Operations Centers and Security Products
Sharing real-time and anonymized threat intelligence
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
IBM Security has global reach
21
monitored countries
service delivery experts
devices under contract +
endpoints protected +
events managed per day +
IBM Security by the Numbers
+
+
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
An integrated, unified architecture delivered in a single console
22
Log Management
Security Intelligence
Network Activity
Monitoring
Risk Management
Vulnerability Management
Network Forensics
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
Answering questions to help prevent and remediate attacks
23
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
Anomaly detection inside the vehicles is a special case
24
Cellular/ WiFi
MQTT client
Compres. engine
Minimized anomaly detector
In cloud: Context-‐based anomaly detec(on. Correlates loca(on, speed and other proper(es of neighboring vehicles to determine reports reliability.
In-‐vehicle agent
RAE2
Context based anomaly detector
Regional Analysis Engine
Decomp. engine
MQTT client
In-‐Vehicle: minimal rule-‐based anomaly detector that accommodates the limita(ons (resources, perspec(ve) -‐ Filtering needed but research challenge -‐ Source of data/event is difficult to iden(fy on CAN -‐ End-‐to-‐end from sensor raw data to back end can’t be implemented without partnerships
Extensive Data Sources
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
In Summary: The Emergence of Connected Ecosystems
25
Traditional industry verticals limit opportunity. Companies must reconstitute their value propositions based upon their customer value chain and plan a broader more integrated approach across multiple verticals
Hos
pita
l
Hot
el /
Lodg
ing
Res
taur
ants
/ N
ight
club
s
Even
t Pla
nnin
g
Them
e Pa
rks
Cru
ise
Line
Tour
ism
Hos
pita
l Sys
tem
s
Phys
icia
n G
roup
s
Aca
dem
ic M
edic
ine
/
Ret
ail
Ener
gy/U
tiliti
es
Hot
el /
Lodg
ing
Medi
a/En
tert
ainm
ent
Tran
spor
tatio
n
Cons
umer
Elec
troni
cs
Hea
lthca
re
Publ
ic S
ecto
r
Phar
mac
eutic
al
Aer
ospa
ce &
Def
ense
Oil
& G
as
Cons
umer
Pac
kage
d Go
ods
Fina
ncia
l Ser
vice
s
Traditional Industry Verticals
Products
Services
Solutions
Evolving Solutions Based Ecosystems
IBM Bluemix
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry
Stay connected with IBM Security
26
Visit the IBM Security Intelligence Website
Watch the videos on the IBM Security Intelligence YouTube Channel
Read new blog posts SecurityIntelligence.com
Follow us on Twitter @ibmsecurity
© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry © 2014 IBM Corporation
IBM Security Systems
27
www.ibm.com/security
© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
www.ibm.com/security
© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.