managing potential conflicts between vehicle safety and
play

Managing Potential Conflicts Between Vehicle Safety and - PowerPoint PPT Presentation

Sep 02, 2023 •181 likes •356 views

Managing Potential Conflicts Between Vehicle Safety and Cybersecurity Andy Davis, Transport Cybersecurity Practice Director Agenda What do we mean by Safety - critical and Cybersecurity - critical? Potential conflict areas

  1. Managing Potential Conflicts Between Vehicle Safety and Cybersecurity Andy Davis, Transport Cybersecurity Practice Director

  2. Agenda • What do we mean by “Safety - critical” and “Cybersecurity - critical”? • Potential conflict areas • Reducing the risks • Q&A

  3. Some definitions Safety and Cybersecurity

  4. Vehicle safety (from SAE J3061) • System safety (beyond regulatory requirements) is the state of a system that does not cause harm to life, property, or the environment. • A safety-critical system is a system that may cause harm to life, property, or the environment if the system does not behave as intended or desired. • All safety-critical systems are Cybersecurity-critical since a cyber- attack either directly or indirectly on a safety-critical system could lead to potential safety losses

  5. Vehicle Cybersecurity (from SAE J3061) • System Cybersecurity is the state of a system that does not allow exploitation of vulnerabilities to lead to losses, such as financial, operational, privacy, or safety losses. • A Cybersecurity-critical system is a system that may lead to financial, operational, privacy, or safety losses if the system is compromised through a vulnerability that may exist in the system. • Not all Cybersecurity-critical systems are safety-critical since cyber- attacks on Cybersecurity-critical systems can result in losses other than safety losses; namely, privacy, operational, or financial

  6. Safety and Cybersecurity Potential conflicts

  7. Confidentiality: Remote map updates vs PII/PCI data access Remote map updates are Malicious map updates can provide important for safety: unauthorised access to PII and potentially payment card data: Images: motoringexposure.com, mazdahandsfree.com, engadget.com

  8. Integrity: Head Unit Integration vs System segregation Integrated dashboards can Infotainment is the most likely vehicle system to be attacked – if ADAS reduce driver distraction: features are integrated, attackers can directly control them: Images: youtube.com

  9. Availability: Laser Fog Lights vs Camera Systems Lasers can render front-facing Laser fog lights can improve vehicle visibility in poor weather camera systems useless: conditions: Images: youtube.com, naimark.net

  10. Increasingly complex safety systems = increased attack surface Image: deusm.com

  11. Reducing the risks Striking the right balance between Safety and Cybersecurity

  12. Reducing the risks: What can be done? • An awareness of the risks needs to be raised with the right stakeholders • Techniques such as threat modelling would likely identify many of these potential conflict areas • Vehicle manufacturers and their whole supply chain need to develop-in security from day one ( Secure Development Lifecycle ) – bolt-on solutions are never as effective and often very costly • Automotive technology must be independently security assessed to ensure that vulnerabilities haven’t been introduced during development or integration, or as a result of introducing well-intentioned safety features

  13. Automotive Secure Development Lifecycle The ASDL should be considered a framework, rather than as a solution that replaces any existing standards Training

  14. ASDL Standards mapping Auto Alliance Consumer Privacy ISO Protection 26262 Principles NIST FIPS SAE 140-2 (functional safety focused) (privacy focused) J3061 (Security requirements for cryptographic modules) (cyber-physical focused) ISO TVRA 27001 (information security management) (risk assessment – telecomms network focussed) CERT STRIDE C (security focused) (threat modelling) MISRA EVITA C (risk assessment – aligned with ISO 26262) (safety focused) HEAVENS ISO 12207 OCTAVE NIST (risk assessment - electrical systems focused) FIPS 199 (systems and software engineering) (risk assessment – designed (software architecture By US DoD for healthcare security) design threats)

  15. Q&A

  16. Contact us 0161 209 5200 Europe North America • Madrid • Manchester - Head Office • AutomotiveSecurity@nccgroup.trust Atlanta • Malmö • • Amsterdam Austin www.nccgroup.trust • • • Milton Keynes Chicago Basingstoke • Munich • New York • Cambridge • • Vilnius San Francisco • Cheltenham • • Seattle Wetherby • Copenhagen • • Sunnyvale • Zurich Edinburgh • Glasgow Canada Australia • Leatherhead • • Waterloo Sydney • Leeds • London • Luxembourg

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Safer Trucks The potential for improved crash compatibility Iain Knight Apollo Vehicle Safety

Safer Trucks The potential for improved crash compatibility Iain Knight Apollo Vehicle Safety

Safer Trucks The potential for improved crash compatibility Iain Knight Apollo Vehicle Safety Truck Safety in context In 2013 4,021 Fatalities from accidents involving HGV: Source CARE/Road Safety Observatory 50% car occupants, 21% VRU,

344 views • 12 slides
Conflicts of Interest Dr. Ehret has no actual or potential conflicts of interest and no

Conflicts of Interest Dr. Ehret has no actual or potential conflicts of interest and no

12/2/2020 Conflicts of Interest Dr. Ehret has no actual or potential conflicts of interest and no relevant financial interests When a Disaster Strikes: Access associated with this presentation. to Medications? Megan J. Ehret, PharmD, MS, BCPP

312 views • 7 slides
Virtual Tests to Support Functional Safety of a Torque Vectored E-Motor Vehicle Richard Hurdwell

Virtual Tests to Support Functional Safety of a Torque Vectored E-Motor Vehicle Richard Hurdwell

Virtual Tests to Support Functional Safety of a Torque Vectored E-Motor Vehicle Richard Hurdwell & James Waters Virtual Testing Group September 2012 1 Outline Project Background and Objective The Vehicle Potential

384 views • 25 slides
Speakers name: Thomas Cuisset, MD, PhD X I have the following potential conflicts of interest to

Speakers name: Thomas Cuisset, MD, PhD X I have the following potential conflicts of interest to

Speakers name: Thomas Cuisset, MD, PhD X I have the following potential conflicts of interest to report: Consulting and/or lecture fees: Abbott Vascular, Astra Zeneca, Boston Scientific, Crossroad Institute, Edwards, Europa Organisation,

475 views • 21 slides
Statement of Potential Conflicts of Interest Continuous performance test in ADHD and SUD patients

Statement of Potential Conflicts of Interest Continuous performance test in ADHD and SUD patients

Statement of Potential Conflicts of Interest Continuous performance test in ADHD and SUD patients (CASP) study Relating to this presentation, the following relationships could be perceived as potential conflict of interests: Nir Yacin and Adva

388 views • 28 slides
AGL aims for stress-less driving and vehicle safety Hisao Munakata Automotive Grade Linux,

AGL aims for stress-less driving and vehicle safety Hisao Munakata Automotive Grade Linux,

AGL aims for stress-less driving and vehicle safety Hisao Munakata Automotive Grade Linux, Advisory board member Renesas Electronics Corp. 3 major software territories for vehicle management Car Information System (IVI = In Vehicle

917 views • 25 slides
Complete Vehicle Testing of Car Occupant Muscle Responses for Integrated Safety Simulation Jonas

Complete Vehicle Testing of Car Occupant Muscle Responses for Integrated Safety Simulation Jonas

Complete Vehicle Testing of Car Occupant Muscle Responses for Integrated Safety Simulation Jonas sth, Jna Marn lafsdttir, Johan Davidsson, and Karin Brolin Division of Vehicle Safety, Applied Mechanics Chalmers University of Technology

776 views • 19 slides
Emergency Vehicle and Emergency Vehicle and Roadway Scene Safety Roadway Scene Safety The

Emergency Vehicle and Emergency Vehicle and Roadway Scene Safety Roadway Scene Safety The

Emergency Vehicle and Emergency Vehicle and Roadway Scene Safety Roadway Scene Safety The International Association of Fire Fighters The International Association of Fire Fighters Division of Occupational Health, Safety & Medicine

1.58k views • 141 slides
Perioperative Management of Warfarin Interruption There are no actual or potential conflicts of

Perioperative Management of Warfarin Interruption There are no actual or potential conflicts of

Faculty Disclosures Perioperative Management of Warfarin Interruption There are no actual or potential conflicts of interest associated with Victoria Lambert, PharmD, CACP this presentation. Medication Management Pharmacist William W.

518 views • 12 slides
49 EV Rim Safety David Bond GM Health, Safety & Security Thiess Global Mining Purpose

49 EV Rim Safety David Bond GM Health, Safety & Security Thiess Global Mining Purpose

49 EV Rim Safety David Bond GM Health, Safety & Security Thiess Global Mining Purpose The purpose of this session is to create a greater understanding of potential hazards associated with heavy vehicle tyres and rims, with particular

505 views • 19 slides
X I have the following potential conflicts of interest to report: x Consulting: Astra Zeneca ,

X I have the following potential conflicts of interest to report: x Consulting: Astra Zeneca ,

Speakers name: Thomas Cuisset, MD, PhD X I have the following potential conflicts of interest to report: x Consulting: Astra Zeneca , Daiichi Sankyo, Eli Lilly, Medicines Company Employment in industry Stockholder of a healthcare company

667 views • 33 slides
Disclosures I have no actual or potential conflicts of interest to report in relation to this

Disclosures I have no actual or potential conflicts of interest to report in relation to this

4/14/2016 Disclosures I have no actual or potential conflicts of interest to report in relation to this Sharpening Our Procedure: presentation. Fostering Expertise in Clinical Reasoning Denise M. Connor, MD Assistant Clinical Professor of

115 views • 9 slides
No Metal Left Behind: Improving POBA and Potential conflicts of interest to report:

No Metal Left Behind: Improving POBA and Potential conflicts of interest to report:

4/18/2013 Disclosure Peter A. Schneider No Metal Left Behind: Improving POBA and Potential conflicts of interest to report: Bioresorbable Stents Consultant to start-ups: Silk Road, Altura, Revascular, Intact Vascular, Pro-med Peter A.

432 views • 12 slides
MANAGING CONFLICTS OF INTEREST AT SARS Presentation at the Second Session of the Anti-

MANAGING CONFLICTS OF INTEREST AT SARS Presentation at the Second Session of the Anti-

MANAGING CONFLICTS OF INTEREST AT SARS Presentation at the Second Session of the Anti- Corruption Learning Network Port Elizabeth 30 31 July 2009 WHAT IS CONFLICT OF INTEREST A conflict between the public duty and private interests of a

429 views • 16 slides
Managing Sleep Disorders Disclosures and Depression in Patients No conflicts of interest to

Managing Sleep Disorders Disclosures and Depression in Patients No conflicts of interest to

6/25/2018 Managing Sleep Disorders Disclosures and Depression in Patients No conflicts of interest to report with Liver Disease ECHO Program Presentation, June 25, 2018 Richard Yanofsky, MD, FRCPC Lecturer, University of Toronto

2.3k views • 11 slides
Managing Conflicts of Interest AFOA BC Conference Dec 6, 2018 1 Learning Objectives What

Managing Conflicts of Interest AFOA BC Conference Dec 6, 2018 1 Learning Objectives What

Managing Conflicts of Interest AFOA BC Conference Dec 6, 2018 1 Learning Objectives What IS a conflict of interest? Who cares? Why do I and my Nation need to know? How can we manage conflicts of interest? 2 2 What IS a Conflict

335 views • 32 slides
SAFETY PRESENTATION Introduction Fatalities & Injuries Per Commodity: 2018 v/s 2019

SAFETY PRESENTATION Introduction Fatalities & Injuries Per Commodity: 2018 v/s 2019

SAFETY PRESENTATION Introduction Fatalities & Injuries Per Commodity: 2018 v/s 2019 Fatalities & Injuries Per Region: 2018 v/s 2019 Percentage of fatalities by classifications Conclusions MHSI Purpose To safeguard

379 views • 7 slides
Investor Presentation I N V E S T O R P R E S E N T A T I O N 2 SAFE HARBOR Some of the

Investor Presentation I N V E S T O R P R E S E N T A T I O N 2 SAFE HARBOR Some of the

M A R C H 2 0 1 9 Investor Presentation I N V E S T O R P R E S E N T A T I O N 2 SAFE HARBOR Some of the statements in this presentation are or may be forward-looking statements, including our statements about sales opportunities,

645 views • 20 slides
Safe Harbor Statement NOTE: This presentation contains statements about expected future

Safe Harbor Statement NOTE: This presentation contains statements about expected future

Safe Harbor Statement NOTE: This presentation contains statements about expected future events and financial results that are forward-looking and subject to risks and uncertainties. For those statements, we claim the protection of the safe

275 views • 4 slides
On November 8, Georgia voters will have the opportunity to

On November 8, Georgia voters will have the opportunity to

On November 8, Georgia voters will have the opportunity to create a new funding source to support the victims of child sex trafficking. 1 Child sex

573 views • 13 slides
SENSEMAKING AND RESILIENCE IN SAFETY-CRITICAL SITUATIONS: A LITERATURE REVIEW Stine Skaufel

SENSEMAKING AND RESILIENCE IN SAFETY-CRITICAL SITUATIONS: A LITERATURE REVIEW Stine Skaufel

SENSEMAKING AND RESILIENCE IN SAFETY-CRITICAL SITUATIONS: A LITERATURE REVIEW Stine Skaufel Kilskar, SINTEF Brit-Eli Danielsen, CIRiS/NTNU Stig Ole Johnsen, SINTEF/NTNU Foto: Shutterstock Contents Motivation and background Introducing

382 views • 21 slides
Engineering Safety-Related Requirements for Software-Intensive Systems Donald Firesmith,

Engineering Safety-Related Requirements for Software-Intensive Systems Donald Firesmith,

SEPG Strong Process Foundations, New Horizons 18th Annual Premier Conference March 6-9, 2006 2006 Gaylord Opryland Nashville, Tennessee Engineering Safety-Related Requirements for Software-Intensive Systems Donald Firesmith, Software

881 views • 85 slides
PERFORMANCE MEASURES TARGET SETTING: ROADWAY SAFETY AND TRANSIT ASSET MANAGEMENT Regional

PERFORMANCE MEASURES TARGET SETTING: ROADWAY SAFETY AND TRANSIT ASSET MANAGEMENT Regional

PERFORMANCE MEASURES TARGET SETTING: ROADWAY SAFETY AND TRANSIT ASSET MANAGEMENT Regional Transportation Council Sonya Landrum and Shannon Stevenson North Central Texas Council of Governments Action Item February 14, 2019 Background Federal

145 views • 11 slides
SAFETY AND SECURITY UPDATE Saf afety & Secur urity Updat pdate Our goal is to ensure a

SAFETY AND SECURITY UPDATE Saf afety & Secur urity Updat pdate Our goal is to ensure a

SAFETY AND SECURITY UPDATE Saf afety & Secur urity Updat pdate Our goal is to ensure a safe, secure and healthy environment for the University community The National Council for Home Safety and Security named UVA one of the top 100

91 views • 6 slides

More recommend