“not yap wa' Hol

1

“not yap wa' Hol”

2

Intro Interoperability Usability Security Wrap

3


INSERT A PNG

OF THE

QUOTES IN

BLACK

Resize picture

to fit inside

placeholder

DEFINITION OF

INTEROPERABILITY

Interoperability one device connects to the other devices and offer the

functionality they’re supposed to

4

Mac: Click on the photo box—Choose Picture—Picture From File

CONNECTIVITY

PROTOCOLS

UL and the UL logo are trademarks of UL LLC © 2017. Proprietary & Confidential. 5

6



HUMAN AT THE CENTRE


Usability

The consumer’s ability to take their new

product out of the box, follow setup

instructions, and the device is immediately

able to reliably communicate with other

devices as intended. This is delivering the on

the Consumer Promise and builds Consumer

Trust.

Why Bother Testing Usability

Automotive Infotainment System

A common automotive infotainment task is to handle an incoming call while listening to music. In

this example the driver is listening to the radio while driving.

An incoming call is received,

answered and ended by using

the steering controls.

When the call is ended the phone

incorrectly starts Bluetooth music,

not returning to the radio music.

14



WIRELESS DOOR LOCK

A WIRELESS DOOR LOCK HAS A NOVEL

FEATURE THAT ENABLES THE OWNER TO

ISSUE AND REVOKE E-KEYS. THIS ALLOWS

VISITORS TO ACCESS THE HOME USING

ONLY THEIR MOBILE PHONE.

HOWEVER, WHEN THE OWNER REVOKES

AN E-KEY THE VISITOR’S KEY IS NOT

DELETED UNTIL THEY TRY TO USE IT.

FINALLY WHEN THE VISITOR DOES TRY THE

REVOKED E-KEY, THE LOCK OPENS

JUST PRIOR TO DELETING THE KEY.

Cybersecurity NeedsContinuous Security Breaches

“Hack attacks cut

internet access in

Liberia” – BBC (4th November)European Commission

confirms 'large-scale'

cyberattack disrupted

internet for hours – IBT (25th Nov

DDoS attack that disrupted

internet was largest of its

kind in history – Guardian (26

October)

Automotive Cyber RiskBack-End

CAN-Bus

Call Centers

WiFI

Mobile

Network

OBD-II Port

(D)DOS

Input injection

Compromised Privacy

Web-Based Attacks

(Malware, Input

Injections)

Pairing AttackSocial Engineering

Command Infection

Malware Infection

False Data Injection

Fuzzing

Supply Chain Attack

Reply Attack

DOS Attack

Spoofing

MITM Attack

Command Infection

Malware Infection

Supply Chain Attack

Reply Attack

Relay Attack

Malware

Spoofing

DOS

Communication Jamming

Packet Sniffing

False Data Injection

Spoofing

MITM Attack

(D)DOS

ADAS

GPS

DSRC/V2X

Security Criteria• ISO/IEC TR 15443

• ITU-T CYBEX 1500 series

• CVE / NVD

• CWE (CWRAF/CWSS,

SANS CWE Top 25 /

OWASP Top 10) and

CAPEC

• CC / FIPS

• SO/IEC 27000

• ISO/IEC 15408

• ISO/IEC DIS 20243 /O-TTPS

• FISMA

• HIPAA

• IEC 62443

• IEC 80001

• PCI

• SANS 20 CSC

• Cyber Essentials (UK)

• Top 35 mitigation strategies (AU)

• NIST Cybersecurity Framework &

SP 800-53r4 security controls

• DHS C3 VP & CRR

• SAE AS5553 & 6174

• …

Product criteria

Better Validation

Today’s

Security

Programs

Cost

Rigid Requirements

Narrow Focus on Specific Industries

Lack of Product-Specific Testing

Slow Turnaround

What is needed?

Improved security assurance!

What is UL CAP?

20


21

IoT

Interoperable

UsableSecure


QATLHO'


COLIN FORRESTERBUSINESS DEVELOPMENT MANAGER [email protected]

“not yap wa' Hol

Documents

Transcript of “not yap wa' Hol