Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
14 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Auto-ISAC
Monthly Community Call
6 March 2019
24 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Agenda
Time (ET) Topic
11:00
Welcome
➢ Why we’re here
➢ Expectations for this community
11:10
Auto-ISAC Update
➢ Auto-ISAC overview
➢ Heard around the community
➢ What’s Trending
11:20
Featured Speakers
➢ Scott Belcher, President and Chief Executive Officer,
SFB Consulting
11:45Around the Room
➢ Sharing around the virtual room
11:55 Closing Remarks
Welcome
34 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Welcome - Auto-ISAC Community Call!
Welcome
Purpose: These monthly Auto-ISAC Community Meetings are an
opportunity for you, our Members & connected vehicle ecosystem
partners, to:
✓ Stay informed of Auto-ISAC activities
✓ Share information on key vehicle cybersecurity topics
✓ Learn about exciting initiatives within the automotive
community from our featured speakers
Participants: Auto-ISAC Members, Potential Members, Partners,
Academia, Industry Stakeholders, and Government Agencies
Classification Level: TLP GREEN: may be shared within the Auto-
ISAC Community, and “off the record”
How to Connect: For further info, questions, or to add other POCs to
the invite, please contact Auto-ISAC Membership Engagement Lead Kim
Kalinyak ([email protected])
44 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Engaging in the Auto-ISAC Community
❖ Join❖ If your organization is eligible, apply for Auto-ISAC membership
❖ If you aren’t eligible for membership, connect with us as a partner
❖ Get engaged – “Cybersecurity is everyone’s responsibility!”
❖ Participate❖ Participate in monthly virtual conference calls (1st Wednesday of month)
❖ If you have a topic of interest, connect our Membership Engagement
Lead, Kim Kalinyak – [email protected]
❖ Engage & ask questions!
❖ Share – “If you see something, say something!”❖ Submit threat intelligence or other relevant information
❖ Send us information on potential vulnerabilities
❖ Contribute incident reports and lessons learned
❖ Provide best practices around mitigation techniques
Welcome
4Innovator Partners
19Navigator Partners
Coordination with 23critical infrastructure ISACs through the National ISAC
Council
Membership represents 99%of cars on the road in North
America
19OEM Members
27 Supplier &Commercial
Vehicle Members
54 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Community Speaker Series
Featured Speaker
Why Do We Feature Speakers?❖ These calls are an opportunity for information exchange & learning
❖ Goal is to educate & provide awareness around cybersecurity for the connected
vehicle
What Does it Mean to Be Featured?❖ Perspectives across our ecosystem are shared from members,
government, academia, researchers, industry, associations and
others.
❖ Goal is to showcase a rich & balanced variety of topics and viewpoints
❖ Featured speakers are not endorsed by Auto-ISAC nor do the speakers
speak on behalf of Auto-ISAC
How Can I Be Featured?❖ If you have a topic of interest you would like to share with
the broader Auto-ISAC Community, then we encourage you
to contact our Membership Engagement Lead, Kim Kalinyak
1650+Community Participants
15Featured Speakers to date
Membership represents 99%of cars on the road in North
America
Coordination with 23critical infrastructure ISACs
through the National ISAC Council
64 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
OverviewAuto-ISAC Mission
Mission ScopeServe as an unbiased information
broker to provide a central point of
coordination and communication for
the global automotive industry through
the analysis and sharing of trusted and
timely cyber threat information..
Light- and heavy-duty vehicles,
suppliers, commercial vehicle fleets and
carriers. Currently, we are focused on
vehicle cyber security, and anticipate
expanding into manufacturing and IT
security related to the vehicle.
What We Do
Community Development
Workshops, exercises, all hands, summits and town halls
Intel Sharing
Data curation across
intel feeds, submissions
and research
Analysis
Validation,
context and
recommendations
Best Practices
Development,
dissemination and
maintenance
Partnerships
Industry, academia,
vendors, researchers
and government
Community Development
Workshops, exercises, all hands, summits and town halls
74 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Our 2019 Board of Directors
Executive Committee (ExCom) Leadership
Jeff Massimilla
Auto-ISAC
Chairman
General Motors
Tom Stricker
Auto-ISAC Vice
Chairman
Toyota
Mark Chernoby
Auto-ISAC
Treasurer
FCA
Steve Center
Auto-ISAC
Secretary
Honda
Geoff Wood
Affiliate Advisory
Board Chair
Harman
Geoff Wood
Affiliate Advisory
Board Chair
Harman
Todd Lawless
Affiliate Advisory
Board Vice Chair
Continental
Bob Kaster
Supplier Affinity
Group Chair
Bosch
Larry Hilkene
Commercial Vehicle
Affinity Group Chair
Cummins
2019 Affiliate
Advisory
Board (AAB)
Leadership
Leadership Updates
84 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Auto-ISAC Team and Support Staff
Faye Francy, Executive Director
Josh Poster, Program Operations
Manager
Jessica Etts, Senior Intel Coordinator
Kim Kalinyak, Membership
Engagement Lead
Steve Elliott, Business Administrator
Heather Rosenker, Communications
(Auto-Alliance)
Julie Kirk, Finance
JJ Moss, Intel Lead, BAH
Linda Rhodes, Legal Council, Mayer
Brown
Rob Geist, Accountant,
Tate and Tryon
Auto-ISAC Staff
Staff Updates
94 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Recent Activities
Auto-ISAC Update
Highlights of Key Activities in February
✓ Auto-ISAC and BPWG continued working on the development of Best
Practice Guide #7 on Security by Design
✓ Auto-ISAC will be hosting our Members Only Analyst Workshop in Irvine,
CA
✓ Auto-ISAC will be hosting our Quarterly Face to Face Board of Directors
and Affiliate Advisory Board meetings in Irvine, CA
Looking Ahead to March
➢ Auto-ISAC will be attending
➢ SWSX 2019 in Austin, TX
➢ Quarterly Face-to-Face NCI Meeting in Washington, DC
➢ American Trucking Association Annual Meeting in Atlanta, GA
➢ 2019 IQPC Automotive Cybersecurity Summit in Detroit, MI
104 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Auto-ISAC Update:
Spotlight on Operations
RED Platform ▪ Reporting, Exchange, Discussion
Platform – Member sharing portal
▪ Hosted on NC4 Mission Center
platform
▪ Enhanced, secure sharing and
collaboration tools
Office space – Now on
Capitol Hill! 20 M Street, NW/Suite 700
Washington, D.C. 20001
Send us your promotional artwork, we will hang in our offices and conference room!
Staffing
➢ Two positions open -
1. Intelligence Analyst
2. Executive Organizational
Secretary
Please provide references to
Best Practices
➢ Members working on Best Practice
Guide #7 Security-by-Design
➢ Will update our Best Practice
Executive Summary and perform a
Consistency check across BPGs
Business Updates
114 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
• Various reports regarding cybersecurity and automotive over the course of February
‒ Six Automotive Trends That Will Impact Cybersecurity in 2019: 1) Autonomous Vehicles, 2) ECU Consolidation, 3) Data, 4) Monetization of Cyber Attacks, 5) Standards and Regulation, 6) Market Penetration of Cybersecurity Systems, (Link)
‒ Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices: Synopsys and SAE International partnered to commission this independent survey of the current cybersecurity practices in the automotive industry to fill this information gap. Some key findings include: software security is not keeping pace with technology in the auto industry; software in the automotive supply chain presents a major risk; and connected vehicles have unique security issues. This report outlines the main organizational, technical, testing, and supply chain challenges the automotive industry faces and introduces solutions for addressing them. (Link)
‒ Supplier Cyber Risk Concerns Auto Industry: The automotive supply chain is long and complex. A break in the chain at a small, tier 3, single-part producer can be disastrous. (Link)
Auto-ISAC Intelligence
What’s Trending?
Trending
For more information or questions please contact [email protected]
124 March 2019TLP Green: May be shared within the Auto-ISAC Community.
Community Speakers
➢ Karl Heimer – CyberAuto/Truck Challenge
➢ Urban Johnson, NMFTA – Heavy Vehicle Cybersecurity Working Group
➢ Ross Froat, American Trucking Association on the ATA Cyberwatch Program
➢ Dirk Schimm and Mike Branch, Geotab on Neutral Vehicle and Big Data
➢ Michael Vermilye, John Hopkins Applied Physics Lab, Integrated Adaptive Cyber Defense
Example of Previous Community Speakers
Past Community Call Slides are located at: www.automotiveisac.com/communitycalls/
Featured Speakers
134 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Welcome to Today’s Speaker
Featured Speaker
Abstract: Manufacturers, technology providers, and national and regional governments have invested
billions of dollars in connected and autonomous vehicle research, pilots and demonstrations. Underlying
the potential success for these important life-saving technologies is the need for communications
infrastructure and interoperability. The questions invariably remain: what communications technology best
serves the most? Who will build the infrastructure on which it will operate? Who will pay for it? Building that
infrastructure will, in large measure, be the responsibility of the private sector pursuing communications
business opportunities. The building of the necessary communications infrastructure is reminiscent of the
“chicken and egg” metaphor, which in our opinion requires that the specifications for Connected Vehicles
(CVs) and Autonomous Vehicles (AVs) come first. As a result, the recommendations in this report focus on
how to establish a clear path forward for CVs and AVs. Based on these findings, we believe that the
necessary infrastructure will fall into place.
Scott Belcher- is focused on the intersection of technology,
communications and transportation. He is currently working with clients on smart
mobility, smart cities, edge computing, data processing and transfer, connected
and autonomous vehicles, vehicle testing, and vehicle emission reductions.
Before founding SFB Consulting, Scott was the Chief Executive Officer (CEO) of
the Telecommunications Industry Association (TIA) from 2014 through 2016 where
he focused on advancing the telecommunication industry’s positions on issues
such as net neutrality, smart cities, smart transportation, and 5G standards. Prior
to TIA, Scott spent seven years at the helm of the Intelligent Transportation
Society of America (ITS America) where he focused on bridging the gaps between
the legacy transportation industry and the communications and technology
industries. Among other things, ITS America focused on bringing technology to
bear in managing fleets, transportation infrastructure, and connected and
autonomous vehicles.
Roadmap to Connectivity
Scott Belcher
SFB Consulting, LLC
Who is Crown Castle and Why Did They Sponsor This Study• Largest independent provider of wireless
infrastructure
• Brand recognition
• Advance the discussion around infrastructures role in the in the future of transportation
• Identify new customers and partners
Study Methodology
• Exhaustive data review
• Interviewed 50 organizations and over 75 individuals
• Focus primarily on light duty vehicles
• Focus primarily on the United States
Status of Connected Vehicles in the U.S.• NPRM mandating DSRC
• GM’s 2014 and 2018 announcements
• Toyota and VWs’ 2018 announcements
• AASHTO’s Spat Challenge
• Formation of 5GAA
• CV2X demonstrations and testing
• Ford’s 2019 announcement
• U.S. DOT and FCC requests for comment
Big Picture Findings• As the telecommunications industry builds out its 5G network, it should
consider the needs of connected vehicles
• The automotive, technology and telecommunications industries support a Federally led connected vehicle program to save lives, time and money
• While the automotive and technology industries are divided on the need for vehicle connectivity in autonomous vehicles, most agree that if it is available, they would use it
• U.S. DOT should continue to support the build-out of connected vehicle infrastructure to expedite the deployment of connected vehicles
• The data collection, transfer, analysis and storage needs of connected and autonomous vehicles will be significant
• Much of the industry is technologically agnostic regarding DSRC and C-V2X
Connected Vehicle Technology Readiness
DSRCCurrent C-V2X
(4G LTE Cellular)
Current C-V2X
(PC5)
Future C-V2X
(5G and Beyond)
Non-Time-Critical
CommunicationsYes Yes Yes Yes
Time-Critical Safety
CommunicationsYes No Yes Yes
Integrated Communications No No No Yes
Path to 5G Possible Yes Likely13 Yes
Communications Standards
CompleteYes Yes Partial No
Ready for Deployment Yes Yes No No
Connected Vehicle Deployment in the U.S.
Is a Connected Vehicle Mandate Necessary?
30
8
10
Yes
No
Not Sure
Connected Vehicle Recommendations• The Federal Communications Commission should preserve the 5.9 Ghz
spectrum for connected vehicles
• U.S. DOT should mandate the deployment of vehicle to vehicle (V2V) connectivity to enhance safety, minimize market confusion, and reduce costs
• U.S. DOT should drive the Industry to a single V2V technology
• U.S. DOT should financially support the deployment of vehicle to everything (V2X) technology
• Operators should upgrade their traffic signal technology with connected vehicle technology
Is Vehicle Connectivity Necessary for AVs?
31
3
14
Yes
No
Not Sure
State Regulation of AVs Continuesto be Inconsistent
Anticipated Uses of AVs
29
23
21
16
15
14
14
13
13
Last Mile Transit
Taxis
Mass Transit
Freight
Paratransit
Personal Vehicles / Pods
Municipal Fleets
Private Autos
Local delivery
Autonomous Vehicle Recommendations• U.S. DOT should require that AVs are connected
• Congress should expand Federal funding for autonomous vehicle research
• Congress should pass legislation to clarify Federal and State authorities and responsibilities in the autonomous vehicle space
• Autonomous Vehicle stakeholders should promote and participate in the development of international standards
• U.S. DOT should facilitate greater collaboration among the parties
• Manufacturers should support campaigns to educate the public about autonomous vehicles
274 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Open Discussion
Around the Room
Any questions about the
Auto-ISAC or future topics
for discussion?
284 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Connect with us at upcoming events:Nullcon Conference Mar. 1-2, Goa, India
Security BSides San Francisco Mar. 3-4, San Francisco, CA
RSA 2019 Mar. 4-8, San Francisco, CA
NDIA Cybersecurity: Defense Sector Summit Mar. 5-6, Detroit, MI
Auto-ISAC Community Call*** Mar. 6, Telecon
Connected Vehicles – Telematics Wire Mar. 6-7, Bengaluru, India
International Conference on Cyber Security and Connected Technologies Mar. 8-9, Taipei, Taiwan
SXSW 2019*** Mar. 8-17, Austin, TX
Quarterly NCI Face to Face Meeting*** Mar. 12, Washington, DC
SAE On Board Diagnostics Symposium Europe Mar. 12-14, Stuttgart, Germany
RVX: The RV Experience Mar. 12-14, Salt Lake City, UT
VDA Technischen Kongress 2019 Mar. 14-15, Berlin, Germany
ATA Technology & Maintenance Council (TMC) Annual Meeting &
Transportation Technology Exhibition***Mar. 18- 21, Atlanta, GA
Black Hat Asia 2019 Mar. 26-29, Singapore
2019 IQPC Detroit Automotive Cybersecurity Summit*** Mar. 27-29, Novi, MI
Women in Cybersecurity Conference Mar. 29-30, Pittsburgh, PA
Event Outlook
**For full 2018 calendar, visit www.automotiveisac.com
Closing Remarks
294 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Closing Remarks
If you are an OEM, supplier or commercial
vehicle company, now is a great time to join
Auto-ISAC!
How to Get Involved: Membership
To learn more about Auto-ISAC Membership or Partnership,
please contact Kim Kalinyak ([email protected]).
➢ Real-time Intelligence
Sharing
➢ Development of Best Practice
Guides
➢ Intelligence Summaries ➢ Exchanges and Workshops
➢ Regular intelligence
meetings
➢ Tabletop exercises
➢ Crisis Notifications ➢ Webinars and Presentations
➢ Member Contact Directory ➢ Annual Auto-ISAC Summit Event
304 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Strategic Partnership Programs
NAVIGATORSupport Partnership
- Provides guidance and
support
- Annual definition of
activity commitments
and expected outcomes
- Provides guidance on
key topics / activities
INNOVATORPaid Partnership
- Annual investment
and agreement
- Specific commitment
to engage with ISAC
- In-kind contributions
allowed
COLLABORATORCoordination
Partnership- “See something, say
something”
- May not require a formal
agreement
- Information exchanges-
coordination activities
BENEFACTORSponsorship
Partnership - Participate in monthly
community calls
- Sponsor Summit
- Network with Auto
Community
- Webinar / Events
Solutions
Providers
For-profit companies
that sell connected
vehicle cybersecurity
products & services.
Examples: Hacker ONE,
SANS, IOActive
Affiliations
Government,
academia, research,
non-profit orgs with
complementary
missions to Auto-ISAC.
Examples: NCI, DHS,
NHTSA
Community
Companies interested
in engaging the
automotive ecosystem
and supporting -
educating the
community.
Examples: Summit
sponsorship –
key events
Associations
Industry associations
and others who want
to support and invest
in the Auto-ISAC
activities.
Examples: Auto Alliance,
Global Auto, ATA
Closing Remarks
314 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
➢Focused Intelligence Information/Briefings
➢Cybersecurity intelligence sharing
➢Vulnerability resolution
➢Member to Member Sharing
➢Distribute Information Gathering Costs across the Sector
➢Non-attribution and Anonymity of Submissions
➢Information source for the entire organization
➢Risk mitigation for automotive industry
➢Comparative advantage in risk mitigation
➢Security and Resiliency
Auto-ISAC Benefits
Securing Across the Auto Industry
Benefits
324 March 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Our contact info
Faye FrancyExecutive Director
20 F Street NW, Suite 700
Washington, DC 20001
703-861-5417
Kim KalinyakMembership Engagement
Lead
20 F Street NW, Suite 700
Washington, DC 20001
240-422-9008
Josh PosterProgram Operations
Manager
20 F Street NW, Suite 700
Washington, DC 20001
Jessica EttsSenior Intel Coordinator
20 F Street NW, Suite 700
Washington, DC 20001