“not yap wa' Hol
Transcript of “not yap wa' Hol
1
“not yap wa' Hol”
2
Intro Interoperability Usability Security Wrap
3
Intro Interoperability Usability Security Wrap
INSERT A PNG
OF THE
QUOTES IN
BLACK
Resize picture
to fit inside
placeholder
DEFINITION OF
INTEROPERABILITY
Interoperability one device connects to the other devices and offer the
functionality they’re supposed to
4
Mac: Click on the photo box—Choose Picture—Picture From File
CONNECTIVITY
PROTOCOLS
UL and the UL logo are trademarks of UL LLC © 2017. Proprietary & Confidential. 5
6
Intro Interoperability Usability Security Wrap
Mac: Click on the photo box—Choose Picture—Picture From File
HUMAN AT THE CENTRE
UL and the UL logo are trademarks of UL LLC © 2017. Proprietary & Confidential. 7
Usability
The consumer’s ability to take their new
product out of the box, follow setup
instructions, and the device is immediately
able to reliably communicate with other
devices as intended. This is delivering the on
the Consumer Promise and builds Consumer
Trust.
Why Bother Testing Usability
Automotive Infotainment System
A common automotive infotainment task is to handle an incoming call while listening to music. In
this example the driver is listening to the radio while driving.
An incoming call is received,
answered and ended by using
the steering controls.
When the call is ended the phone
incorrectly starts Bluetooth music,
not returning to the radio music.
14
Intro Interoperability Usability Security Wrap
Mac: Click on the photo box—Choose Picture—Picture From File
WIRELESS DOOR LOCK
A WIRELESS DOOR LOCK HAS A NOVEL
FEATURE THAT ENABLES THE OWNER TO
ISSUE AND REVOKE E-KEYS. THIS ALLOWS
VISITORS TO ACCESS THE HOME USING
ONLY THEIR MOBILE PHONE.
HOWEVER, WHEN THE OWNER REVOKES
AN E-KEY THE VISITOR’S KEY IS NOT
DELETED UNTIL THEY TRY TO USE IT.
FINALLY WHEN THE VISITOR DOES TRY THE
REVOKED E-KEY, THE LOCK OPENS
JUST PRIOR TO DELETING THE KEY.
Cybersecurity NeedsContinuous Security Breaches
“Hack attacks cut
internet access in
Liberia” – BBC (4th November)European Commission
confirms 'large-scale'
cyberattack disrupted
internet for hours – IBT (25th Nov
DDoS attack that disrupted
internet was largest of its
kind in history – Guardian (26
October)
Automotive Cyber RiskBack-End
CAN-Bus
Call Centers
WiFI
Mobile
Network
OBD-II Port
(D)DOS
Input injection
Compromised Privacy
Web-Based Attacks
(Malware, Input
Injections)
Pairing AttackSocial Engineering
Command Infection
Malware Infection
False Data Injection
Fuzzing
Supply Chain Attack
Reply Attack
DOS Attack
Spoofing
MITM Attack
Command Infection
Malware Infection
Supply Chain Attack
Reply Attack
Relay Attack
Malware
Spoofing
DOS
Communication Jamming
Packet Sniffing
False Data Injection
Spoofing
MITM Attack
(D)DOS
ADAS
GPS
DSRC/V2X
Security Criteria• ISO/IEC TR 15443
• ITU-T CYBEX 1500 series
• CVE / NVD
• CWE (CWRAF/CWSS,
SANS CWE Top 25 /
OWASP Top 10) and
CAPEC
• CC / FIPS
• SO/IEC 27000
• ISO/IEC 15408
• ISO/IEC DIS 20243 /O-TTPS
• FISMA
• HIPAA
• IEC 62443
• IEC 80001
• PCI
• SANS 20 CSC
• Cyber Essentials (UK)
• Top 35 mitigation strategies (AU)
• NIST Cybersecurity Framework &
SP 800-53r4 security controls
• DHS C3 VP & CRR
• SAE AS5553 & 6174
• …
Product criteria
Better Validation
Today’s
Security
Programs
Cost
Rigid Requirements
Narrow Focus on Specific Industries
Lack of Product-Specific Testing
Slow Turnaround
What is needed?
Improved security assurance!
What is UL CAP?
20
Intro Interoperability Usability Security Wrap
21
IoT
Interoperable
UsableSecure
Mac: Click on the photo box—Choose Picture—Picture From File
QATLHO'
UL and the UL logo are trademarks of UL LLC © 2017. Proprietary & Confidential. 22
COLIN FORRESTERBUSINESS DEVELOPMENT MANAGER [email protected]