Cyber Security and the Connected Vehicle How to adapt to the new - - PowerPoint PPT Presentation
STEER Cyber Security and the Connected Vehicle How to adapt to the new age challenge S STEER Founded in 2016 by Automotive Cybersecurity Leaders with previous successful commercialization and acquisitions Proudly encouraging Focused on
How to adapt to the new age challenge
STEER Founded in 2016 by Automotive Cybersecurity Leaders with previous successful commercialization and acquisitions
Proudly encouraging STEM activities and Women in the Workforce Focused on massively enabling secure self driving cars Headquartered in Columbia, Maryland
3
4
5
S The art of protecting ones assets electronically, or
electromechanically
S Hacker vs Defender S Hacker Mentality
S Look for easiest path in
S
Unsecured entryways, unsecured interfaces, openings! S Always trying to game the system S Reward driven
S Defender mentality?
6
7
8
S Vehicle
S Using peripheral devices (smart phones, Can/JBus devices, USB
devices)
S Sensors (tpms, radar, lidar, camera) S On-board telemaGcs
S Fleet
S From a compromised vehicle into the fleet management
infrastructure
S Service Network
S From a secure, valid entry point by inserGng malware into the vehicle
being serviced
Firewall Server
NOC
Corporate IT network
into Fleet Cloud
undetected
into unsuspecting fleets
S 2011: First physical hack on a car
by university researchers
S 2012: First OBD-II hack on car S 2013: TPMS hack S 2014: Radio hack S 2015: Remote hack!
2 4 6 8 10
Physical Attack Remote Attack
11
S First public demonstration of a
remote hack on a vehicle
S “No-physical-contact” attack S First cyber security associated
recall in automotive history!
S First NHTSA cyber security
related fine!
S First NHTSA action on Tier1! S First time OEM $ value
associated with lack of cyber security:
S $1.4B in recall cost S $105MM in fines S First class action lawsuits S First PR firms engaged to
counter cyber security messages
S First $$ spent for cyber damage!
12
13
systems through vehicle
networks through vehicle
motivated attacker
14
15
16
Image source: Black Duck
17
S Cyber security must become an integral part of all offerings S It is a qualifier S Training programs that capture cross disciplinary domains S Incident Response
18
S Build cyber secure and robust electronics and systems
inside out
S Ready to face next gen of connected vehicles S Ready to face cyber adversaries, and cyber criminals S Ready to face connected automated and electrified vehicles S Ready to service and maintain all of the above in top shape
with minimum vulnerabilities
19
S
Corporate Training
S
Corporate Structure changes S
Processes
S
Development, testing and Operations side S
Data & Benchmark Testing
S
Service side training
S
Service –a real backdoor. S
Technology Side
S
Best practices, Secure design, verification and validation to include security requirements
20
S Correct posture on cyber security S Risk assessments and threat analysis S Hiring key talent for cyber security operations S Staff Certifications & Training
21
S Cyber Security Framework: SAE J3061 S NHTSA Guidelines S ISAC bulletins S Secure Coding Practices S Incident Notification, Response and Handling
22
S Cyber security benchmark / T&E Framework S Vulnerability assessment cataloging S Gray/Black box testing data mining S Continuous Penetration Testing
23
S Cyber security is a necessity and not an add-on
differentiator any more
S Comprehensive cyber security needs comprehensive
attention and 4-pronged approach
S Several methodologies that can be applied internally,
incrementally, and conclusively
S Positive impact on cyber liability and cyber insurance
24
anuja@steer-tech.com