15 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Hi All,

Please find attached the Weekly Automotive Industry Report covering April 3April 8.

This week’s report includes articles on:Toyota partnering with Microsoft on a new cloud-based division led by the CIO,that builds chips for self-driving cars,Hyundai unveiling its connected vehicle “roadmap,” and,Toyota planning to open a new autonomous vehicle research center in Michigan.

You can find past reports on site.

Please let me know if you have any questions. Have a great weekend.

Josh

Auto-ISACMonthly Community Call

5 September 2018

Audio: 1-877-885-1087 Code: 9972152385Adobe link: https://autoisac.adobeconnect.com/communitycall/

TLP Green: May be shared within Auto-ISAC Community.

25 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Agenda

Time (ET) Topic

11:00Welcome Why we’re here Expectations for this community

11:10

Auto-ISAC Update Auto-ISAC overview Heard around the community Intel Update

11:20 Featured Speakers Alan Tatourian, Security Architect, Intel Automotive

11:45 Around the Room Sharing around the virtual room

11:55 Closing Remarks

35 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Welcome to our Community!Welcome

Purpose: These monthly Auto-ISAC Community Meetings are an opportunity for you, our Members and connected vehicle ecosystem stakeholders, to:

Stay informed of Auto-ISAC activities Share information on key vehicle cybersecurity topics

Participants: Auto-ISAC Members, Potential Members, Partners, Academia, Industry Stakeholders, and Government Agencies

Classification Level: TLP Green, and “off the record”

Agenda: Each meeting will have three core segments: 1) Auto-ISAC Update: Our operations team will overview key activities, outcomes, and intel trends2) Featured Speaker: We will invite an industry leader to share relevant topics of interest. Content

featured on the Auto-ISAC Community Call is not considered an endorsement. Speakers are selected based on their relevant content and experience for the broader community.

3) Closing Remarks: An Auto-ISAC leader will open up for comments and sum up key takeaways

How to Connect: For further info, questions, or to add other POCs to the invite, please contact Auto-ISAC Membership Engagement Lead Kim Kalinyak (kimkalinyak@automotiveisac.com)

45 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Expectations for this Community

Share – “If you see something, say something!” Submit threat intelligence or other relevant information Send us information on potential vulnerabilities Contribute incident reports and lessons learned Provide best practices around mitigation techniques

Participate Participate in monthly virtual conference calls (1st Wednesday of month) If you have a topic of interest, connect our Membership Engagement Lead,

Kim Kalinyak – kimkalinyak@automotiveisac.com Engage & ask questions!

Join If your organization is eligible, apply for Auto-ISAC membership If you aren’t eligible for membership, connect with us as a partner Get engaged – “Cybersecurity is everyone’s responsibility!”

Welcome

55 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Our 2018 Board of Directors Executive Committee (ExCom) Leadership

Jeff MassimillaAuto-ISAC Chairman

General Motors

Tom StrickerAuto-ISAC Vice

Chairman

Toyota

Mark Chernoby Auto-ISAC Treasurer

FCA

Steve CenterAuto-ISAC Secretary

Honda

Jeff StewartAffiliate Advisory Board Chairman

AT&T

Jeff StewartAffiliate Advisory

Board Chair

AT&T

Geoff WoodAffiliate Advisory Board Vice Chair

Harman

Bob KasterSupplier Affinity Group

Chair

Bosch

2018 Affiliate Advisory Board (AAB) Leadership

65 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Auto-ISAC Program Operations Team

Faye Francy, Executive DirectorE: fayefrancy@automotiveisac.com

Josh Poster, Program Operations ManagerE: joshposter@automotiveisac.com

Jessica Etts, Senior Intel CoordinatorE: jessicaetts@automotiveisac.com

Kim Kalinyak, Membership Engagement LeadE: kimkalinyak@automotiveisac.com

Candice Burke, Business and Executive Administrator E:candiceburke@automotiveisac.com

Heather Rosenker, Communications (Auto-Alliance)E:heatherrosenker@automotiveisac.com

Julie Kirk, FinanceE: juliekirk@automotiveisac.com

Auto-ISAC StaffStaff Updates

75 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Auto-ISAC Support Staff

Auto-ISAC Support Team

Denis Cosgrove, Senior Associate, BAH Cosgrove_Denis@bah.com

Meredith Shaw, Program Manager, BAH Shaw_Meredith@bah.com

JJ Moss, Intel Lead, BAHanalyst@automotiveisac.com

Sudharson Sundararajan, BestPractices Lead, BAH

analyst@automotiveisac.com

Linda Rhodes, Legal Council, Mayer Brownlrhodes@mayerbown.com

Rob Geist, Accountant, Tate and TryonRGeist@tatetryon.com

Support Updates

85 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Auto-ISAC Overview

Mission ScopeServe as an unbiased information broker to

provide a central point of coordination and communication for the global automotive

industry through the analysis and sharing of trusted and timely cyber threat information.

Light- and heavy-duty vehicles, commercial vehicle fleets and carriers. Currently, we are

focused on vehicle cyber security, and anticipate expanding into manufacturing

and IT cyber related to the vehicle.

19+Navigator partners

Membership represents 99%of cars on the road in North America

450+Active

Member designees

Members from 7 countries on 3 continents

19 OEM members

Coordination with 23critical infrastructure ISACs

through the National ISAC Council

3 Best Practice Guides available to

the public

4+ Innovator partners

50+speaking

engagements

5 Best Practice Guides complete

2 more planned

28 supplier &commercial vehicle

members

Auto-ISAC Update

1450+Community List

95 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Recent ActivitiesAuto-ISAC Update

What we do

Highlights of Key Activities in August Auto-ISAC continued to execute the plan for Best Practice Guide #6 on Threat

Detection

Auto-ISAC and BPWG began working on the development of Best Practice Guide #7 on Security by Design

Members Only Vulnerability Disclosure Program Workshop sponsored by HackerOne

Auto-ISAC continued planning our Annual Summit happening in September 2018

105 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Auto-ISAC Update

Heard Around the CommunityBlackhat 2018 and DEF CON 26

DEF CON (9-12 August)• One of the largest hacker conventions• Capture the Flag (CTF) contests - a competition

where teams of hackers attempt to attack and defend computers and networks using certain software and network structures

• Over 20 villages to include the Car Hacking Village which featured member and partner displays

• NXP, FCA, GRIMM, Karamba, Aptiv, and Red Balloon Security

• Many members in attendance, 1 staff member

Blackhat 4-9 August• Provide attendees with the latest research,

development, and trends in information security.

• Hosted at Mandalay Bay, Las Vegas, NV• Keynote and Featured speakers:

• Paris Tabriz, Director of Engineering at Google - Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes

• 20 different tracks with various briefings from embedded/hardware, IoT, Malware, to Human Factors

• Arsenal provided live tool demonstration from independent researchers

• 2 day training courses leading up to the conference in embedded software hacking, IoT exploit, pen testing, and more

• Many members in attendance, 1 staff member

115 September 2018TLP Green: May be shared within the Auto-ISAC Community.

• Unauthorized Access to connected car data on resold vehicles: The perils of previous owners retaining unfettered access to the data and controls of connected cars after resale is a problem across the industry.

• New Hack Controls Car with SMS: Researchers Daniel Regalado, Gerardo Iglesias and Ken Hsu were able to use reverse engineering to infect the smartphone a car was connected to with malware via its USB port. They were then able to remotely control the car via SMS messages. First revealed at DEF CON 26.

• Vulnerability Disclosure Programs: The U.S. FTC and DOJ are signaling that in the future organizations must have some form of Vulnerability Disclosure Program (VDP) that lets good faith security researchers report bugs. Most organizations, in all industries lack any kind of VDP.

• Threat Intelligence Sharing Frameworks: What platforms are available, what is the government and other ISACs using to share threat intelligence. Examples; STIX, TAXII, CybOX, etc.

Auto-ISAC IntelligenceWhat’s Trending?

Trending

125 September 2018TLP Green: May be shared within the Auto-ISAC Community.This document is Auto-ISAC Sensitive and Confidential.

First DRIVE sent on 8/21 Daily Product

Content focused on Cyber & Automotive

Information collected over a 24 hr. period

Distributed Monday-Friday around 2PM

Sent via Constant Contact TLP GREEN – available to

the community

New: Daily Research, Intelligence, and vulnerability email (DRIVE)

12

Intel Updates

135 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Connect with us at upcoming events:

Auto-ISAC Community Call *** Sept. 5, Virtual Telecon

2018 ATA Economic Summit Sept. 5, Washington, DC

SAE Connect2Car: Executive Leadership Sept. 5- 6, San Jose, CA

Billington Cybersecurity Summit*** Sept. 6, Washington, DC

GrrCon Sept. 6- 7, Grand Rapids, MI

SAE On-Board Diagnostics Symposium Sept. 11- 13, Indianapolis, IN

SecureWorld Detroit Sept. 12- 13, Detroit, MI

NCI September Quarterly Meeting*** Sept. 12, Washington, DC

ONDI Trade Association Partnership Group Meeting*** Sept. 13, Washington, DC

TMC’s 2018 Fall Meeting and National Skills Competitions Sept. 16-18, Orlando, FL

Data and Privacy for Autonomous Vehicles Sept. 24, Detroit MI

Auto-ISAC Board of Directors Meeting *** Sept. 24, Detroit, MI

Auto-ISAC Summit *** Sept. 25- 26, Detroit, MI

Auto- ISAC Member Analyst Workshop*** Sept. 27, Detroit, MI

Event OutlookAuto-ISAC Update

For full 2018 calendar, visit www.automotiveisac.com

145 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Speaker Series OverviewFeatured Speaker

Why do we feature speakers? These calls are an opportunity for information exchange & learning Goal is to educate & provide awareness around cybersecurity for the connected vehicle

What does it mean to be featured? Perspectives across our ecosystem are shared from members, government,

academia, researchers, industry, associations and others. Goal is to showcase a rich & balanced variety of topics and viewpoints Featured speakers are not endorsed by Auto-ISAC nor do the speakers speak

on behalf of Auto-ISAC

How can I be featured? If you have a topic of interest you would like to share with the

broader Auto-ISAC Community, then we encourage you to contact our Membership Engagement Lead, Kim Kalinyak (kimkalinyak@automotiveisac.com)

155 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Welcome to Today’s SpeakerFeatured Speaker

Abstract: Every 30 years there is a new wave of things that computers do. Around 1950 they began to model events in the world (simulation), and around 1980 to connect people (communication). Since 2010 they have begun to engage with the physical world in a non-trivial way (embodiment – giving them bodies). These new ‘cognitive systems’ are powered by sophisticated software and algorithms. I will discuss architecture considerations for making such software highly reliable and secure.

Alan Tatourian is a Security Architect at Intel Automotive and works on security solutions for reliable and trusted cognitive systems including future vehicles. Alan began his career in 1984 as an engineer in military aerospace program. After retiring from the military, he worked variously as a systems architect or a security architect on a number of platforms and technologies for, among others, Hewlett Packard, the Department of Justice in California, and Intel Security. He received his degree in electrical engineering from a military academy in Riga, Latvia. Alan is a member of SAE Vehicle Electrical System Cyber-Security committee, an editor for the SAE Automotive Cybersecurity magazine, and he is on the program committee for embedded security in cars (escar USA) conference. Alan is leading some of the cybersecurity research with Intel Labs and NSF autonomous vehicles and cybersecurity programs. He holds over 50 U.S. patents. On a personal side, Alan played rugby and American football and now enjoys outdoors, mountain biking and kayaking.

Alan TatourianIntel Automotive

Highly-Dependable Automotive Software

Auto-ISAC 2018

Auto-ISAC 2018

Progress in Technology has been AstonishingEvery generation of technology has enabled remarkable outcomes

Apollo 112048 words RAM (16-bit word) ~4KB36,864 words ROM

Average Smartphone256MB – 512MB Cache

2GB – 64GB RAM

Next 10 to 20 years???

45 years62M x RAM

Cognitive Systems??????

Auto-ISAC 2018

• Design Goals

• Security Goals

• Advanced Design

• Summary

Agenda

Auto-ISAC 2018

I always talk about this to folks at Microsoft, especially to developers. What’s the most important operating system you’ll write applications for? Ain’t Windows, or the Macintosh, or Linux. It’s Homo Sapiens Version 1.0. It shipped about a hundred thousand

years ago. There’s no upgrade in sight. But it’s the one that runs everything.

– Bill Buxton from Microsoft Research

Economic Utility

There is an axiom in economics called economic utility, it says that feature value with time tend to zero. As soon as you put a feature (product) on a shelf it starts to depreciate. The goal of any well-defined process including SDL is ‘continuous improvement’.

Auto-ISAC 2018

Architecture Goals

1. The most obvious approach might be to imagine the future you want and build it. Unfortunately, that doesn’t work that well because technology co-evolves with people. It’s a two step—technology pushes people to move forward and then people move past technology and it has to catch up. The way we see the future is constantly evolving and the path you take to get there matters. In technical terms we can call this ‘continuous improvement.’

2. Establish modular and composable design making it possible to (1) use your system in different (standardized) configurations and applications and (2) evolve it as the requirements and technologies change.

3. Control (or manage) and reduce complexity!

Civilization advances by extending the number of important operations we can perform without thinking about them.

– Alfred North Whitehead

Auto-ISAC 2018

Complexity, Safety, Security . . .

• 3.22 trillion miles (US, 2016)• 40,200 fatalities (US, 2016) – roughly 100 people each day

• 1 fatality per 80 million miles• 1 in 625 chance of dying in car crash (in your lifetime)• Human error is approximately 0.000,001% − this is what AI

needs to improve on!!!Source of the images: Stanford and Wikipedia

1993 Accident to Airbus A320-211 Aircraft in Warsaw

Question: How safe do autonomous vehicles need to be?

• As safe as human-driven cars (7 death every 109 miles)

• As safe as busses and trains (0.1-0.4 death every 109 miles)

• As safe as airplanes (0.07 death every 109 miles)I. Savage, “Comparing the fatality risks in United States transportation across modes and over time”, Research in Transportation Economics, 2013

Auto-ISAC 2018

As the complexity of a system increases, the accuracy of any single agent's own model of that system decreases rapidly.

Technical debt is a runaway complexity. For example, if it takes you enormous effort and money to upgrade your system you have accumulated huge technical debt. Remember that value of your system is inversely proportional to its maintainability.

Dark debt is a form of technical debt that is invisible until it causes failures.

Dark debt is found in complex systems and the anomalies it generates are complex system failures. Dark debt is not recognizable at the time of creation. … It arises from the unforeseen interactions of hardware or software with other parts of the framework. …

Unlike technical debt, which can be detected and, in principle at least, corrected by refactoring, dark debt surfaces through anomalies.

Technical & Dark DebtPerfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.

– Antoine de Saint-Exupery

Auto-ISAC 2018

New challenges brought by AI

A single bit-flip error leads to a misclassification of image by DNNFrom research by Karthik PattabiramanUniversity of British Columbia

Auto-ISAC 2018

• Design Goals

• Security Goals

• Vehicle architectures in the future: Software Defined

• Security, Functional Safety, Reliability

• Summary

Agenda

Auto-ISAC 2018

Information Security Goals1. Secure boot

2. Secure auditing and logging

3. Authentication and authorization

4. Session Management

5. Input validation and output encoding

6. Exception management

7. Key management, cryptography, integrity, and availability

8. Security of data at rest

9. Security of data in motion

10. Configuration management

11. Incidence response and patching

Together, these formulate the end-to-end security architecture for the product and thus should be considered alongside one another—not in isolation. Also, each of the categories has many sub-topics within it. For example, under authentication and authorization there are aspects of discretionary access controls and mandatory access controls to consider. Security policies for the product are an outcome of the implementation decisions made during development across these nine categories.

We already know that a “control” strategy fails worse than a “resilience” strategy.

Auto-ISAC 2018

Cyberattacks to CPS Control Layers

Control Layer

Regulatory Control Supervisory Control

Deception attacksSpoofing, replay Set-point change

Measurement substitution Controller substitution

DoS attacksPhysical jamming Network flooding

Increase in latency Operational disruption

Estimation of CPS risks by naively aggregating risks due to reliability and securityfailures does not capture the externalities,

and can lead to grossly suboptimal responses to CPS risks.

To thwart the outcomes that follow sentient opponent actions, diversity of mechanism is required.

Auto-ISAC 2018

The Honeymoon Affect

Design specifications miss important security details that appear only in code.

For most programmers it's hard enough to get the code into a state where the compiler reads it and correctly interprets it; worrying about making human-readable code is a luxury.

The software industry needs to change its outlook from trying to achieve code perfection to recognizing that code will always have security bugs.

Failu

re R

ate

Number of Months

0.090.080.070.060.050.040.030.020.010

1 2 43 5 6 7 8 109 1

1

Vuln

erab

ilitie

s pe

r Mon

th

Months since Release

Current Software Engineering literature supports the Brooks life-cycle model - image taken from “Post-release reliability growth in software products”, ACM Trans. Softw. Eng Methodol. 2008

Auto-ISAC 2018

Cryptography ≠ SecurityWhoever thinks his problem can be solved using cryptography, doesn’t understand his problem and doesn’t understand cryptography.

– Attributed by Roger Needham and Butler Lampson to each other

Cryptography rots, just like food. Every key and every algorithm has shelf time. Some have very short shelf time.• How long do you need your cryptographic keys or algorithms to be secure? – this is cryptography shelf life (x years)• How long will it take to extract secrets out of your system? – this is the end of honeymoon (z years)• What are your parameters to reduce attack surface and to update keys or algorithms? - ξ (pronounced Xi)

𝐼𝐼𝐼𝐼 𝑧𝑧 < 𝑥𝑥 + 𝜉𝜉, 𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖 𝑦𝑦𝑖𝑖𝑦𝑦𝑖𝑖 𝑎𝑎𝑖𝑖𝑎𝑎𝑎𝑖𝑖𝑎𝑎𝑖𝑖𝑎𝑎𝑎𝑎𝑦𝑦𝑖𝑖𝑖𝑖 𝑎𝑎𝑎𝑎𝑎𝑎 𝑖𝑖𝑎𝑎𝐼𝐼𝑖𝑖𝑎𝑎𝑖𝑖𝑎𝑎𝑖𝑖𝑦𝑦𝑎𝑎𝑎𝑎𝑦𝑦𝑖𝑖𝑖𝑖!

Cryptographic Agility

Auto-ISAC 2018

Anti-Virus and other security SW

On a recent software vulnerability watch list, about one-third of the reported software vulnerabilities were in the security software itself.

The average time it takes to identify a cybersecurity incident discovery is 197 days.

From DARPA High-Assurance Cyber Military Systems (HACMS) Proposer’s Day Brief.

Auto-ISAC 2018

1. Restrict all code to very simple control flow constructs, do not use goto statements, setjmp or longjmp constructs, direct or indirect recursion.

2. Give all loops a fixed upper bound. It must be trivially possible for a checking tool to prove statically that the loop cannot exceed a preset upper bound on the number of iterations. If a tool cannot prove the loop bound statically, the rule is considered violated.

3. Do not use dynamic memory allocation after initialization.

4. No function should be longer than what can be printed on a single sheet of paper in a standard format with one line per statement and one line per declaration. Typically, this means no more than about 60 lines of code per function.

5. The code’s assertion density should average to minimally two assertions per function. Assertions must be used to check for anomalous conditions that should never happen in real-life executions. Assertions must be side effect-free and should be defined as Boolean tests. When an assertion fails, an explicit recovery action must be taken, such as returning an error condition to the caller of the function that executes the failing assertion. Any assertion for which a static checking tool can prove that it can never fail or never hold violates this rule.

6. Declare all data objects at the smallest possible level of scope.

7. Each calling function must check the return value of non-void functions, and each called function must check the validity of all parameters provided by the caller.

8. The use of the preprocessor must be limited to the inclusion of header files and simple macro definitions. Token pasting, variable argument lists (ellipses), and recursive macro calls are not allowed. All macros must expand into complete syntactic units. The use of conditional compilation directives must be kept to a minimum.

9. The use of pointers must be restricted. Specifically, no more than one level of dereferencing should be used. Pointer dereference operations may not be hidden in macro definitions or inside typedef declarations. Function pointers are not permitted.

10. All code must be compiled, from the first day of development, with all compiler warnings enabled at the most pedantic setting available. All code must compile without warnings. All code must also be checked daily with at least one, but preferably more than one, strong static source code analyzer and should pass all analyses with zero warnings.

NASA’s Ten Principles of Safety-Critical Code

Gerard J Holzmann. The power of 10: rules for developing safety-critical code. Computer, 39(6):95–99, 2006.

Auto-ISAC 2018

No single point of failure—this means that no component should be exclusively dependent on the operation of another component. Service-oriented architectures and middleware architectures often do not have a single point of failure.

Diagnosing the problems—the diagnostics of the system should be able to detect malfunctioning of the components, so mechanisms like heartbeat synchronization should be implemented. The layered architectures support the diagnostics functionality as they allow us to build two separate hierarchies—one for handling functionality and one for monitoring it.

Timeouts instead of deadlocks—when waiting for data from another component, the component under operation should be able to abort its operation after a period of time (timeout) and signal to the diagnostics that there was a problem in the communication. Service-oriented architectures have built-in mechanisms for monitoring timeouts.

Reliability and Fault Tolerance

Auto-ISAC 2018

Example: Dynamic heap memory allocation shall not be used.

This rule in practice prohibits dynamic memory allocations for the variables. The rationale behind this rule is the fact that dynamic memory allocations can lead to memory leaks, overflow errors and failures which occur randomly.

Taking just the defects related to the memory leaks can be very difficult to trace and thus very costly. If left in the code, the memory leaks can cause undeterministic behavior and crashes of the software.

These crashes might require restart of the node, which is impossible during the runtime of a safety-critical system.

Following this rule, however, also means that there is a limit on the size of the data structures that can be used, and that the need for memory of the system is predetermined at design time, thus making the use of this software “safer”.

Programming of Safety-Critical Systems

Auto-ISAC 2018

• Design Goals

• Security Goals

• Advanced Design

• Summary

Agenda

Auto-ISAC 2018

Three Pillars of Autonomous systems

Autonomous vehicles are a key example where designers are challenged with the simultaneous integration of three critical areas:

1. supercomputing complexity,

2. hard real-time embedded performance

3. functional safety.

Auto-ISAC 2018

The Four Pillars of CPS

The four key pillars driving cyber-physical systems are:

1. Connectivity,

2. Monitoring,

3. Prediction, and

4. Self-Optimization.

While the first two have experienced recent technological enablement, prediction and optimization are expected to radically change every aspect of our society.

Components associated with physical control of the vehicle

Components associated with safety

Components associated with entertainment and convenience

Auto-ISAC 2018

Ultra-Reliable Systems

Air Force F-15 flying despite the absence of one of its wings. The image demonstrates why self-repairing flight control systems play vital role in aircraft

control.

From The Story of Self-repairing Flight Control Systems by James E. Tomayko

NASA photo (EC 88203-6) shows an Air Force F-15 flying despite the absence of one of the wings.

Auto-ISAC 2018

3-Dimensional Structure of Digital Security

Defense in Depth

Defense in Diversity

4 i‘s

IsolationInoperability

IncompatibilityIndependence

But eventually everything fails. You have to make it fail in a predictable way.

Temporal RedundancyInformation Redundancy

Majority voting

Software and ServicesHardware security services

Hardware security building blocksSecurity features in the silicon

Analog security monitoring under the CPU Har

dwar

e Ro

ot o

f Tru

st

Self-Healing

Two-tier architecture is required!

Auto-ISAC 2018

Self-* and High Dependability

Self-healing is the ability of the system to autonomously change its structure so that its behavior stays the same.

Trend of using self-adaptation is used increasingly in safety-critical systems as it allows us to change the operation of a component in the presence of errors and failures.

Self-Monitor Self-DiagnosisAnomalous Event

Deployment

Self-TestingCandidate Fix Generation

Self-Adaptation

Fault Identification

Auto-ISAC 2018

• Design Goals

• Security Goals

• Advanced Design

• Summary

Agenda

Auto-ISAC 2018

Summary

1. Absolutely secure systems are impossible, with enough money and commitment any system can be broken

2. Assume your system is compromised and build it so that it can recover

3. Strive for continuous incremental improvement, not perfection

4. We do not know how to build 100% reliable systems, we only know how to manage risk – your system will fail and your design has to ensure that it fails in a predictable way.

Thank you.

Legal DisclaimerThis presentation contains the general insights and opinions of Intel Corporation (“Intel”). The information in this presentation is provided for information only and is not to be relied upon for any other purpose than educational. Use at your own risk! Intel makes no representations or warranties regarding the accuracy or completeness of the information in this presentation. Intel accepts no duty to update this presentation based on more current information. Intel is not liable for any damages, direct or indirect, consequential or otherwise, that may arise, directly or indirectly, from the use or misuse of the information in this presentation.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.

* Other names and brands may be claimed as the property of others.© 2018 Intel Corporation.

435 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Open DiscussionAround the Room

What questions or topics would you like to address?

445 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Closing Remarks

If you are an OEM, supplier or commercial vehicle company, now is a great time to join Auto-ISAC.

How to Get Involved: Membership

To learn more about Auto-ISAC Membership or Partnership, please contact Kim Kalinyak (kimkalinyak@automotiveisac.com).

Key benefits include: Real-time Intelligence Sharing Intelligence Summaries Regular intelligence meetings Crisis Notifications Member Contact Directory Development of Best Practice Guides Exchanges and Workshops Tabletop exercises Webinars and Presentations Annual Auto-ISAC Summit Event

455 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Strategic Partnership Programs

NAVIGATORSupport Partnership

- Provides guidance and support

- Annual definition of activity commitments and expected outcomes

- Provides guidance on key topics / activities

INNOVATORPaid Partnership

- Annual investment and agreement

- Specific commitment to engage with ISAC

- In-kind contributions allowed

COLLABORATORCoordination Partnership

- “See something, say something”

- May not require a formal agreement

- Information exchanges-coordination activities

BENEFACTORSponsorshipPartnership

- Participate in monthly community calls

- Sponsor Summit- Network with Auto

Community- Webinar / Events

Solutions Providers

For-profit companies that sell connected vehicle

cybersecurity products & services.

Examples: Hacker ONE, SANS, IOActive

Affiliations

Government, academia, research, non-profit orgs

with complementary missions to Auto-ISAC.

Examples: NCI, DHS, NHTSA

CommunityCompanies interested in engaging the automotive

ecosystem and supporting - educating the community.

Examples: Summit sponsorship –

key events

AssociationsIndustry associations and

others who want to support and invest in the

Auto-ISAC activities.

Examples: Auto Alliance, Global Auto, ATA

Strategic Partners

This document is Auto-ISAC Sensitive and Confidential. 465 September 2018

Strategic Partnership Programs

ResearchSome partners share white papers and research

projects—on threats & vulnerabilities—with our members.

WebinarsWe are open to partners presenting at our Community

Town Halls, with audience including members & beyond.

Branding on the Auto-ISAC WebsitePartner names and/or logos will be featured on the Auto-

ISAC public-facing website.

Community Town HallsWe invite you to monthly calls featuring experts across the

connected vehicle ecosystem.Member DiscountsSome partners promote discounts or special offers for

services (e.g. conferences, software licenses).

OtherWe are open to other types of in-kind support (e.g.

training, infrastructure support) based on your expertise.

Intel SharingSome partners submit relevant data, insights and papers

addressing threats against the automotive industry.

Annual Executive CallOur executives will host a call once a year for all Members and partners to present our strategic goals and priorities.

Summit Booth PriorityPartners will receive priority booth selection at future

Auto-ISAC Summits.

Access to Auto-ISAC ReportsOur partners receive Auto-ISAC TLP Green/White reports

and special reports at Auto-ISAC’s discretion.

Act

ivit

ies

Benefits

Future Plans

475 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Our contact info

Faye FrancyExecutive Director

Booz Allen Hamilton Inc.20 M Street SE

Washington, DC 20003703-861-5417

fayefrancy@automotiveisac.comKim Kalinyak

Membership Engagement Lead

Booz Allen Hamilton Inc.20 M Street SE

Washington, DC 20003240-422-9008

kimkalinyak@automotiveisac.com

Josh PosterProgram Operations

Manager

Booz Allen Hamilton Inc.20 M Street SE

Washington, DC 20003joshposter@automotiveisac.com

485 September 2018TLP Green: May be shared within the Auto-ISAC Community.

Our contact info

Jessica EttsSenior Intel Coordinator

Booz Allen Hamilton Inc.20 M Street SE

Washington, DC 20003jessicaetts@automotiveisac.com

Candice BurkeBusiness and Executive

Administrator

Booz Allen Hamilton Inc.20 M Street SE

Washington, DC 20003candiceburke@automotiveisac.co

m