Auto-ISAC Community Call · TLP Green: May be shared within the Auto- ISAC Community. 5 September...
Transcript of Auto-ISAC Community Call · TLP Green: May be shared within the Auto- ISAC Community. 5 September...
15 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Hi All,
Please find attached the Weekly Automotive Industry Report covering April 3April 8.
This week’s report includes articles on:Toyota partnering with Microsoft on a new cloud-based division led by the CIO,that builds chips for self-driving cars,Hyundai unveiling its connected vehicle “roadmap,” and,Toyota planning to open a new autonomous vehicle research center in Michigan.
You can find past reports on site.
Please let me know if you have any questions. Have a great weekend.
Josh
Auto-ISACMonthly Community Call
5 September 2018
Audio: 1-877-885-1087 Code: 9972152385Adobe link: https://autoisac.adobeconnect.com/communitycall/
TLP Green: May be shared within Auto-ISAC Community.
25 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Agenda
Time (ET) Topic
11:00Welcome Why we’re here Expectations for this community
11:10
Auto-ISAC Update Auto-ISAC overview Heard around the community Intel Update
11:20 Featured Speakers Alan Tatourian, Security Architect, Intel Automotive
11:45 Around the Room Sharing around the virtual room
11:55 Closing Remarks
35 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Welcome to our Community!Welcome
Purpose: These monthly Auto-ISAC Community Meetings are an opportunity for you, our Members and connected vehicle ecosystem stakeholders, to:
Stay informed of Auto-ISAC activities Share information on key vehicle cybersecurity topics
Participants: Auto-ISAC Members, Potential Members, Partners, Academia, Industry Stakeholders, and Government Agencies
Classification Level: TLP Green, and “off the record”
Agenda: Each meeting will have three core segments: 1) Auto-ISAC Update: Our operations team will overview key activities, outcomes, and intel trends2) Featured Speaker: We will invite an industry leader to share relevant topics of interest. Content
featured on the Auto-ISAC Community Call is not considered an endorsement. Speakers are selected based on their relevant content and experience for the broader community.
3) Closing Remarks: An Auto-ISAC leader will open up for comments and sum up key takeaways
How to Connect: For further info, questions, or to add other POCs to the invite, please contact Auto-ISAC Membership Engagement Lead Kim Kalinyak ([email protected])
45 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Expectations for this Community
Share – “If you see something, say something!” Submit threat intelligence or other relevant information Send us information on potential vulnerabilities Contribute incident reports and lessons learned Provide best practices around mitigation techniques
Participate Participate in monthly virtual conference calls (1st Wednesday of month) If you have a topic of interest, connect our Membership Engagement Lead,
Kim Kalinyak – [email protected] Engage & ask questions!
Join If your organization is eligible, apply for Auto-ISAC membership If you aren’t eligible for membership, connect with us as a partner Get engaged – “Cybersecurity is everyone’s responsibility!”
Welcome
55 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Our 2018 Board of Directors Executive Committee (ExCom) Leadership
Jeff MassimillaAuto-ISAC Chairman
General Motors
Tom StrickerAuto-ISAC Vice
Chairman
Toyota
Mark Chernoby Auto-ISAC Treasurer
FCA
Steve CenterAuto-ISAC Secretary
Honda
Jeff StewartAffiliate Advisory Board Chairman
AT&T
Jeff StewartAffiliate Advisory
Board Chair
AT&T
Geoff WoodAffiliate Advisory Board Vice Chair
Harman
Bob KasterSupplier Affinity Group
Chair
Bosch
2018 Affiliate Advisory Board (AAB) Leadership
65 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC Program Operations Team
Faye Francy, Executive DirectorE: [email protected]
Josh Poster, Program Operations ManagerE: [email protected]
Jessica Etts, Senior Intel CoordinatorE: [email protected]
Kim Kalinyak, Membership Engagement LeadE: [email protected]
Candice Burke, Business and Executive Administrator E:[email protected]
Heather Rosenker, Communications (Auto-Alliance)E:[email protected]
Julie Kirk, FinanceE: [email protected]
Auto-ISAC StaffStaff Updates
75 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC Support Staff
Auto-ISAC Support Team
Denis Cosgrove, Senior Associate, BAH [email protected]
Meredith Shaw, Program Manager, BAH [email protected]
JJ Moss, Intel Lead, [email protected]
Sudharson Sundararajan, BestPractices Lead, BAH
Linda Rhodes, Legal Council, Mayer [email protected]
Rob Geist, Accountant, Tate and [email protected]
Support Updates
85 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC Overview
Mission ScopeServe as an unbiased information broker to
provide a central point of coordination and communication for the global automotive
industry through the analysis and sharing of trusted and timely cyber threat information.
Light- and heavy-duty vehicles, commercial vehicle fleets and carriers. Currently, we are
focused on vehicle cyber security, and anticipate expanding into manufacturing
and IT cyber related to the vehicle.
19+Navigator partners
Membership represents 99%of cars on the road in North America
450+Active
Member designees
Members from 7 countries on 3 continents
19 OEM members
Coordination with 23critical infrastructure ISACs
through the National ISAC Council
3 Best Practice Guides available to
the public
4+ Innovator partners
50+speaking
engagements
5 Best Practice Guides complete
2 more planned
28 supplier &commercial vehicle
members
Auto-ISAC Update
1450+Community List
95 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Recent ActivitiesAuto-ISAC Update
What we do
Highlights of Key Activities in August Auto-ISAC continued to execute the plan for Best Practice Guide #6 on Threat
Detection
Auto-ISAC and BPWG began working on the development of Best Practice Guide #7 on Security by Design
Members Only Vulnerability Disclosure Program Workshop sponsored by HackerOne
Auto-ISAC continued planning our Annual Summit happening in September 2018
105 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC Update
Heard Around the CommunityBlackhat 2018 and DEF CON 26
DEF CON (9-12 August)• One of the largest hacker conventions• Capture the Flag (CTF) contests - a competition
where teams of hackers attempt to attack and defend computers and networks using certain software and network structures
• Over 20 villages to include the Car Hacking Village which featured member and partner displays
• NXP, FCA, GRIMM, Karamba, Aptiv, and Red Balloon Security
• Many members in attendance, 1 staff member
Blackhat 4-9 August• Provide attendees with the latest research,
development, and trends in information security.
• Hosted at Mandalay Bay, Las Vegas, NV• Keynote and Featured speakers:
• Paris Tabriz, Director of Engineering at Google - Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes
• 20 different tracks with various briefings from embedded/hardware, IoT, Malware, to Human Factors
• Arsenal provided live tool demonstration from independent researchers
• 2 day training courses leading up to the conference in embedded software hacking, IoT exploit, pen testing, and more
• Many members in attendance, 1 staff member
115 September 2018TLP Green: May be shared within the Auto-ISAC Community.
• Unauthorized Access to connected car data on resold vehicles: The perils of previous owners retaining unfettered access to the data and controls of connected cars after resale is a problem across the industry.
• New Hack Controls Car with SMS: Researchers Daniel Regalado, Gerardo Iglesias and Ken Hsu were able to use reverse engineering to infect the smartphone a car was connected to with malware via its USB port. They were then able to remotely control the car via SMS messages. First revealed at DEF CON 26.
• Vulnerability Disclosure Programs: The U.S. FTC and DOJ are signaling that in the future organizations must have some form of Vulnerability Disclosure Program (VDP) that lets good faith security researchers report bugs. Most organizations, in all industries lack any kind of VDP.
• Threat Intelligence Sharing Frameworks: What platforms are available, what is the government and other ISACs using to share threat intelligence. Examples; STIX, TAXII, CybOX, etc.
Auto-ISAC IntelligenceWhat’s Trending?
Trending
125 September 2018TLP Green: May be shared within the Auto-ISAC Community.This document is Auto-ISAC Sensitive and Confidential.
First DRIVE sent on 8/21 Daily Product
Content focused on Cyber & Automotive
Information collected over a 24 hr. period
Distributed Monday-Friday around 2PM
Sent via Constant Contact TLP GREEN – available to
the community
New: Daily Research, Intelligence, and vulnerability email (DRIVE)
12
Intel Updates
135 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Connect with us at upcoming events:
Auto-ISAC Community Call *** Sept. 5, Virtual Telecon
2018 ATA Economic Summit Sept. 5, Washington, DC
SAE Connect2Car: Executive Leadership Sept. 5- 6, San Jose, CA
Billington Cybersecurity Summit*** Sept. 6, Washington, DC
GrrCon Sept. 6- 7, Grand Rapids, MI
SAE On-Board Diagnostics Symposium Sept. 11- 13, Indianapolis, IN
SecureWorld Detroit Sept. 12- 13, Detroit, MI
NCI September Quarterly Meeting*** Sept. 12, Washington, DC
ONDI Trade Association Partnership Group Meeting*** Sept. 13, Washington, DC
TMC’s 2018 Fall Meeting and National Skills Competitions Sept. 16-18, Orlando, FL
Data and Privacy for Autonomous Vehicles Sept. 24, Detroit MI
Auto-ISAC Board of Directors Meeting *** Sept. 24, Detroit, MI
Auto-ISAC Summit *** Sept. 25- 26, Detroit, MI
Auto- ISAC Member Analyst Workshop*** Sept. 27, Detroit, MI
Event OutlookAuto-ISAC Update
For full 2018 calendar, visit www.automotiveisac.com
145 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Speaker Series OverviewFeatured Speaker
Why do we feature speakers? These calls are an opportunity for information exchange & learning Goal is to educate & provide awareness around cybersecurity for the connected vehicle
What does it mean to be featured? Perspectives across our ecosystem are shared from members, government,
academia, researchers, industry, associations and others. Goal is to showcase a rich & balanced variety of topics and viewpoints Featured speakers are not endorsed by Auto-ISAC nor do the speakers speak
on behalf of Auto-ISAC
How can I be featured? If you have a topic of interest you would like to share with the
broader Auto-ISAC Community, then we encourage you to contact our Membership Engagement Lead, Kim Kalinyak ([email protected])
155 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Welcome to Today’s SpeakerFeatured Speaker
Abstract: Every 30 years there is a new wave of things that computers do. Around 1950 they began to model events in the world (simulation), and around 1980 to connect people (communication). Since 2010 they have begun to engage with the physical world in a non-trivial way (embodiment – giving them bodies). These new ‘cognitive systems’ are powered by sophisticated software and algorithms. I will discuss architecture considerations for making such software highly reliable and secure.
Alan Tatourian is a Security Architect at Intel Automotive and works on security solutions for reliable and trusted cognitive systems including future vehicles. Alan began his career in 1984 as an engineer in military aerospace program. After retiring from the military, he worked variously as a systems architect or a security architect on a number of platforms and technologies for, among others, Hewlett Packard, the Department of Justice in California, and Intel Security. He received his degree in electrical engineering from a military academy in Riga, Latvia. Alan is a member of SAE Vehicle Electrical System Cyber-Security committee, an editor for the SAE Automotive Cybersecurity magazine, and he is on the program committee for embedded security in cars (escar USA) conference. Alan is leading some of the cybersecurity research with Intel Labs and NSF autonomous vehicles and cybersecurity programs. He holds over 50 U.S. patents. On a personal side, Alan played rugby and American football and now enjoys outdoors, mountain biking and kayaking.
Alan TatourianIntel Automotive
Highly-Dependable Automotive Software
Auto-ISAC 2018
Auto-ISAC 2018
Progress in Technology has been AstonishingEvery generation of technology has enabled remarkable outcomes
Apollo 112048 words RAM (16-bit word) ~4KB36,864 words ROM
Average Smartphone256MB – 512MB Cache
2GB – 64GB RAM
Next 10 to 20 years???
45 years62M x RAM
Cognitive Systems??????
Auto-ISAC 2018
• Design Goals
• Security Goals
• Advanced Design
• Summary
Agenda
Auto-ISAC 2018
I always talk about this to folks at Microsoft, especially to developers. What’s the most important operating system you’ll write applications for? Ain’t Windows, or the Macintosh, or Linux. It’s Homo Sapiens Version 1.0. It shipped about a hundred thousand
years ago. There’s no upgrade in sight. But it’s the one that runs everything.
– Bill Buxton from Microsoft Research
Economic Utility
There is an axiom in economics called economic utility, it says that feature value with time tend to zero. As soon as you put a feature (product) on a shelf it starts to depreciate. The goal of any well-defined process including SDL is ‘continuous improvement’.
Auto-ISAC 2018
Architecture Goals
1. The most obvious approach might be to imagine the future you want and build it. Unfortunately, that doesn’t work that well because technology co-evolves with people. It’s a two step—technology pushes people to move forward and then people move past technology and it has to catch up. The way we see the future is constantly evolving and the path you take to get there matters. In technical terms we can call this ‘continuous improvement.’
2. Establish modular and composable design making it possible to (1) use your system in different (standardized) configurations and applications and (2) evolve it as the requirements and technologies change.
3. Control (or manage) and reduce complexity!
Civilization advances by extending the number of important operations we can perform without thinking about them.
– Alfred North Whitehead
Auto-ISAC 2018
Complexity, Safety, Security . . .
• 3.22 trillion miles (US, 2016)• 40,200 fatalities (US, 2016) – roughly 100 people each day
• 1 fatality per 80 million miles• 1 in 625 chance of dying in car crash (in your lifetime)• Human error is approximately 0.000,001% − this is what AI
needs to improve on!!!Source of the images: Stanford and Wikipedia
1993 Accident to Airbus A320-211 Aircraft in Warsaw
Question: How safe do autonomous vehicles need to be?
• As safe as human-driven cars (7 death every 109 miles)
• As safe as busses and trains (0.1-0.4 death every 109 miles)
• As safe as airplanes (0.07 death every 109 miles)I. Savage, “Comparing the fatality risks in United States transportation across modes and over time”, Research in Transportation Economics, 2013
Auto-ISAC 2018
As the complexity of a system increases, the accuracy of any single agent's own model of that system decreases rapidly.
Technical debt is a runaway complexity. For example, if it takes you enormous effort and money to upgrade your system you have accumulated huge technical debt. Remember that value of your system is inversely proportional to its maintainability.
Dark debt is a form of technical debt that is invisible until it causes failures.
Dark debt is found in complex systems and the anomalies it generates are complex system failures. Dark debt is not recognizable at the time of creation. … It arises from the unforeseen interactions of hardware or software with other parts of the framework. …
Unlike technical debt, which can be detected and, in principle at least, corrected by refactoring, dark debt surfaces through anomalies.
Technical & Dark DebtPerfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.
– Antoine de Saint-Exupery
Auto-ISAC 2018
New challenges brought by AI
A single bit-flip error leads to a misclassification of image by DNNFrom research by Karthik PattabiramanUniversity of British Columbia
Auto-ISAC 2018
• Design Goals
• Security Goals
• Vehicle architectures in the future: Software Defined
• Security, Functional Safety, Reliability
• Summary
Agenda
Auto-ISAC 2018
Information Security Goals1. Secure boot
2. Secure auditing and logging
3. Authentication and authorization
4. Session Management
5. Input validation and output encoding
6. Exception management
7. Key management, cryptography, integrity, and availability
8. Security of data at rest
9. Security of data in motion
10. Configuration management
11. Incidence response and patching
Together, these formulate the end-to-end security architecture for the product and thus should be considered alongside one another—not in isolation. Also, each of the categories has many sub-topics within it. For example, under authentication and authorization there are aspects of discretionary access controls and mandatory access controls to consider. Security policies for the product are an outcome of the implementation decisions made during development across these nine categories.
We already know that a “control” strategy fails worse than a “resilience” strategy.
Auto-ISAC 2018
Cyberattacks to CPS Control Layers
Control Layer
Regulatory Control Supervisory Control
Deception attacksSpoofing, replay Set-point change
Measurement substitution Controller substitution
DoS attacksPhysical jamming Network flooding
Increase in latency Operational disruption
Estimation of CPS risks by naively aggregating risks due to reliability and securityfailures does not capture the externalities,
and can lead to grossly suboptimal responses to CPS risks.
To thwart the outcomes that follow sentient opponent actions, diversity of mechanism is required.
Auto-ISAC 2018
The Honeymoon Affect
Design specifications miss important security details that appear only in code.
For most programmers it's hard enough to get the code into a state where the compiler reads it and correctly interprets it; worrying about making human-readable code is a luxury.
The software industry needs to change its outlook from trying to achieve code perfection to recognizing that code will always have security bugs.
Failu
re R
ate
Number of Months
0.090.080.070.060.050.040.030.020.010
1 2 43 5 6 7 8 109 1
1
Vuln
erab
ilitie
s pe
r Mon
th
Months since Release
Current Software Engineering literature supports the Brooks life-cycle model - image taken from “Post-release reliability growth in software products”, ACM Trans. Softw. Eng Methodol. 2008
Auto-ISAC 2018
Cryptography ≠ SecurityWhoever thinks his problem can be solved using cryptography, doesn’t understand his problem and doesn’t understand cryptography.
– Attributed by Roger Needham and Butler Lampson to each other
Cryptography rots, just like food. Every key and every algorithm has shelf time. Some have very short shelf time.• How long do you need your cryptographic keys or algorithms to be secure? – this is cryptography shelf life (x years)• How long will it take to extract secrets out of your system? – this is the end of honeymoon (z years)• What are your parameters to reduce attack surface and to update keys or algorithms? - ξ (pronounced Xi)
𝐼𝐼𝐼𝐼 𝑧𝑧 < 𝑥𝑥 + 𝜉𝜉, 𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖 𝑦𝑦𝑖𝑖𝑦𝑦𝑖𝑖 𝑎𝑎𝑖𝑖𝑎𝑎𝑎𝑖𝑖𝑎𝑎𝑖𝑖𝑎𝑎𝑎𝑎𝑦𝑦𝑖𝑖𝑖𝑖 𝑎𝑎𝑎𝑎𝑎𝑎 𝑖𝑖𝑎𝑎𝐼𝐼𝑖𝑖𝑎𝑎𝑖𝑖𝑎𝑎𝑖𝑖𝑦𝑦𝑎𝑎𝑎𝑎𝑦𝑦𝑖𝑖𝑖𝑖!
Cryptographic Agility
Auto-ISAC 2018
Anti-Virus and other security SW
On a recent software vulnerability watch list, about one-third of the reported software vulnerabilities were in the security software itself.
The average time it takes to identify a cybersecurity incident discovery is 197 days.
From DARPA High-Assurance Cyber Military Systems (HACMS) Proposer’s Day Brief.
Auto-ISAC 2018
1. Restrict all code to very simple control flow constructs, do not use goto statements, setjmp or longjmp constructs, direct or indirect recursion.
2. Give all loops a fixed upper bound. It must be trivially possible for a checking tool to prove statically that the loop cannot exceed a preset upper bound on the number of iterations. If a tool cannot prove the loop bound statically, the rule is considered violated.
3. Do not use dynamic memory allocation after initialization.
4. No function should be longer than what can be printed on a single sheet of paper in a standard format with one line per statement and one line per declaration. Typically, this means no more than about 60 lines of code per function.
5. The code’s assertion density should average to minimally two assertions per function. Assertions must be used to check for anomalous conditions that should never happen in real-life executions. Assertions must be side effect-free and should be defined as Boolean tests. When an assertion fails, an explicit recovery action must be taken, such as returning an error condition to the caller of the function that executes the failing assertion. Any assertion for which a static checking tool can prove that it can never fail or never hold violates this rule.
6. Declare all data objects at the smallest possible level of scope.
7. Each calling function must check the return value of non-void functions, and each called function must check the validity of all parameters provided by the caller.
8. The use of the preprocessor must be limited to the inclusion of header files and simple macro definitions. Token pasting, variable argument lists (ellipses), and recursive macro calls are not allowed. All macros must expand into complete syntactic units. The use of conditional compilation directives must be kept to a minimum.
9. The use of pointers must be restricted. Specifically, no more than one level of dereferencing should be used. Pointer dereference operations may not be hidden in macro definitions or inside typedef declarations. Function pointers are not permitted.
10. All code must be compiled, from the first day of development, with all compiler warnings enabled at the most pedantic setting available. All code must compile without warnings. All code must also be checked daily with at least one, but preferably more than one, strong static source code analyzer and should pass all analyses with zero warnings.
NASA’s Ten Principles of Safety-Critical Code
Gerard J Holzmann. The power of 10: rules for developing safety-critical code. Computer, 39(6):95–99, 2006.
Auto-ISAC 2018
No single point of failure—this means that no component should be exclusively dependent on the operation of another component. Service-oriented architectures and middleware architectures often do not have a single point of failure.
Diagnosing the problems—the diagnostics of the system should be able to detect malfunctioning of the components, so mechanisms like heartbeat synchronization should be implemented. The layered architectures support the diagnostics functionality as they allow us to build two separate hierarchies—one for handling functionality and one for monitoring it.
Timeouts instead of deadlocks—when waiting for data from another component, the component under operation should be able to abort its operation after a period of time (timeout) and signal to the diagnostics that there was a problem in the communication. Service-oriented architectures have built-in mechanisms for monitoring timeouts.
Reliability and Fault Tolerance
Auto-ISAC 2018
Example: Dynamic heap memory allocation shall not be used.
This rule in practice prohibits dynamic memory allocations for the variables. The rationale behind this rule is the fact that dynamic memory allocations can lead to memory leaks, overflow errors and failures which occur randomly.
Taking just the defects related to the memory leaks can be very difficult to trace and thus very costly. If left in the code, the memory leaks can cause undeterministic behavior and crashes of the software.
These crashes might require restart of the node, which is impossible during the runtime of a safety-critical system.
Following this rule, however, also means that there is a limit on the size of the data structures that can be used, and that the need for memory of the system is predetermined at design time, thus making the use of this software “safer”.
Programming of Safety-Critical Systems
Auto-ISAC 2018
• Design Goals
• Security Goals
• Advanced Design
• Summary
Agenda
Auto-ISAC 2018
Three Pillars of Autonomous systems
Autonomous vehicles are a key example where designers are challenged with the simultaneous integration of three critical areas:
1. supercomputing complexity,
2. hard real-time embedded performance
3. functional safety.
Auto-ISAC 2018
The Four Pillars of CPS
The four key pillars driving cyber-physical systems are:
1. Connectivity,
2. Monitoring,
3. Prediction, and
4. Self-Optimization.
While the first two have experienced recent technological enablement, prediction and optimization are expected to radically change every aspect of our society.
Components associated with physical control of the vehicle
Components associated with safety
Components associated with entertainment and convenience
Auto-ISAC 2018
Ultra-Reliable Systems
Air Force F-15 flying despite the absence of one of its wings. The image demonstrates why self-repairing flight control systems play vital role in aircraft
control.
From The Story of Self-repairing Flight Control Systems by James E. Tomayko
NASA photo (EC 88203-6) shows an Air Force F-15 flying despite the absence of one of the wings.
Auto-ISAC 2018
3-Dimensional Structure of Digital Security
Defense in Depth
Defense in Diversity
4 i‘s
IsolationInoperability
IncompatibilityIndependence
But eventually everything fails. You have to make it fail in a predictable way.
Temporal RedundancyInformation Redundancy
Majority voting
Software and ServicesHardware security services
Hardware security building blocksSecurity features in the silicon
Analog security monitoring under the CPU Har
dwar
e Ro
ot o
f Tru
st
Self-Healing
Two-tier architecture is required!
Auto-ISAC 2018
Self-* and High Dependability
Self-healing is the ability of the system to autonomously change its structure so that its behavior stays the same.
Trend of using self-adaptation is used increasingly in safety-critical systems as it allows us to change the operation of a component in the presence of errors and failures.
Self-Monitor Self-DiagnosisAnomalous Event
Deployment
Self-TestingCandidate Fix Generation
Self-Adaptation
Fault Identification
Auto-ISAC 2018
• Design Goals
• Security Goals
• Advanced Design
• Summary
Agenda
Auto-ISAC 2018
Summary
1. Absolutely secure systems are impossible, with enough money and commitment any system can be broken
2. Assume your system is compromised and build it so that it can recover
3. Strive for continuous incremental improvement, not perfection
4. We do not know how to build 100% reliable systems, we only know how to manage risk – your system will fail and your design has to ensure that it fails in a predictable way.
Thank you.
Legal DisclaimerThis presentation contains the general insights and opinions of Intel Corporation (“Intel”). The information in this presentation is provided for information only and is not to be relied upon for any other purpose than educational. Use at your own risk! Intel makes no representations or warranties regarding the accuracy or completeness of the information in this presentation. Intel accepts no duty to update this presentation based on more current information. Intel is not liable for any damages, direct or indirect, consequential or otherwise, that may arise, directly or indirectly, from the use or misuse of the information in this presentation.
Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
* Other names and brands may be claimed as the property of others.© 2018 Intel Corporation.
435 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Open DiscussionAround the Room
What questions or topics would you like to address?
445 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Closing Remarks
If you are an OEM, supplier or commercial vehicle company, now is a great time to join Auto-ISAC.
How to Get Involved: Membership
To learn more about Auto-ISAC Membership or Partnership, please contact Kim Kalinyak ([email protected]).
Key benefits include: Real-time Intelligence Sharing Intelligence Summaries Regular intelligence meetings Crisis Notifications Member Contact Directory Development of Best Practice Guides Exchanges and Workshops Tabletop exercises Webinars and Presentations Annual Auto-ISAC Summit Event
455 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Strategic Partnership Programs
NAVIGATORSupport Partnership
- Provides guidance and support
- Annual definition of activity commitments and expected outcomes
- Provides guidance on key topics / activities
INNOVATORPaid Partnership
- Annual investment and agreement
- Specific commitment to engage with ISAC
- In-kind contributions allowed
COLLABORATORCoordination Partnership
- “See something, say something”
- May not require a formal agreement
- Information exchanges-coordination activities
BENEFACTORSponsorshipPartnership
- Participate in monthly community calls
- Sponsor Summit- Network with Auto
Community- Webinar / Events
Solutions Providers
For-profit companies that sell connected vehicle
cybersecurity products & services.
Examples: Hacker ONE, SANS, IOActive
Affiliations
Government, academia, research, non-profit orgs
with complementary missions to Auto-ISAC.
Examples: NCI, DHS, NHTSA
CommunityCompanies interested in engaging the automotive
ecosystem and supporting - educating the community.
Examples: Summit sponsorship –
key events
AssociationsIndustry associations and
others who want to support and invest in the
Auto-ISAC activities.
Examples: Auto Alliance, Global Auto, ATA
Strategic Partners
This document is Auto-ISAC Sensitive and Confidential. 465 September 2018
Strategic Partnership Programs
ResearchSome partners share white papers and research
projects—on threats & vulnerabilities—with our members.
WebinarsWe are open to partners presenting at our Community
Town Halls, with audience including members & beyond.
Branding on the Auto-ISAC WebsitePartner names and/or logos will be featured on the Auto-
ISAC public-facing website.
Community Town HallsWe invite you to monthly calls featuring experts across the
connected vehicle ecosystem.Member DiscountsSome partners promote discounts or special offers for
services (e.g. conferences, software licenses).
OtherWe are open to other types of in-kind support (e.g.
training, infrastructure support) based on your expertise.
Intel SharingSome partners submit relevant data, insights and papers
addressing threats against the automotive industry.
Annual Executive CallOur executives will host a call once a year for all Members and partners to present our strategic goals and priorities.
Summit Booth PriorityPartners will receive priority booth selection at future
Auto-ISAC Summits.
Access to Auto-ISAC ReportsOur partners receive Auto-ISAC TLP Green/White reports
and special reports at Auto-ISAC’s discretion.
Act
ivit
ies
Benefits
Future Plans
475 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Our contact info
Faye FrancyExecutive Director
Booz Allen Hamilton Inc.20 M Street SE
Washington, DC 20003703-861-5417
[email protected] Kalinyak
Membership Engagement Lead
Booz Allen Hamilton Inc.20 M Street SE
Washington, DC 20003240-422-9008
Josh PosterProgram Operations
Manager
Booz Allen Hamilton Inc.20 M Street SE
Washington, DC [email protected]
485 September 2018TLP Green: May be shared within the Auto-ISAC Community.
Our contact info
Jessica EttsSenior Intel Coordinator
Booz Allen Hamilton Inc.20 M Street SE
Washington, DC [email protected]
Candice BurkeBusiness and Executive
Administrator
Booz Allen Hamilton Inc.20 M Street SE
Washington, DC [email protected]
m