Presentation held at Cybersecure Car 2015. Main argument is that we need to move from discussing specific car security to discussing the security of the future automotive ecosystem.
Call me @ 9892124323 Call Girl in Andheri East With Free Home Delivery
From Connected To Self-Driving - Securing the Automotive Revolution
1. 1October 2, 2015CSC Proprietary and Confidential 1October 2, 2015CSC Proprietary and Confidential
FROM CONNECTED TO SELF-DRIVING
— SECURING THE AUTOMOTIVE
REVOLUTION
Dr. Alexander Schellong
General Manager, Cybersecurity Division
Central & Eastern Europe, Italy and Turkey
2. 2October 2, 2015CSC Proprietary and Confidential
TRAVEL AND
TRANSPORTATION
INSURANCE
MANUFACTURING
BANKING AND
CAPITAL MARKETS
HEALTHCARE
ENERGY AND
NATURAL RESOURCES
PUBLIC
SECTOR
TECHNOLOGY AND
CONSUMER SERVICES
About CSC
CONSULTING
BIG DATA AND
ANALYTICS
BUSINESS PROCESS SERVICES
AND OUTSOURCING
INFRASTRUCTURE
SERVICES
APPLICATIONS
SERVICES SOFTWARE AND IP
CYBERSECURITYCLOUD
NEXT-GEN
OFFERINGS
3. 3October 2, 2015CSC Proprietary and Confidential
CSC Cybersecurity
CYBER
CONSULTING
SERVICES
CLOUD INTERNET
OF
THINGS
MOBILITY
SOCIAL
MANUFACTURING
TRAVEL AND
TRANSPORTATION
MANAGED
SECURITY
SERVICES
BIG DATA
HEALTHCARE
RISK MANAGEMENT
CENTERS
TECHNOLOGY
AND CONSUMER
SERVICES
PUBLIC
SECTOR
INSURANCE
APPLICATIONS
BUSINESS
OUTSIDE-IN
BANKING AND
CAPITAL
MARKETS
ENERGY AND
NATURAL
RESOURCES
BUSINESS
CONTINUITY/
DISASTER
RECOVERY
Third Platform,
Consumerization
of IT
4. 4October 2, 2015CSC Proprietary and Confidential
Global Cybersecurity Service Portfolio 09/2015
BUSINESS CONTINUITY &
DISASTER RECOVERY
(BC/DR) SERVICES
IDENTITY
MANAGEMENT
CONSULTING
MANAGED SECURITY
SERVICES (MSS)
APPLICATION &
SOFTWARE
SECURITY
Static/Dynamic/Mobile
Scans (HP Fortify)
Compliance / Security Support
(Account Security Managers)
Risk / Security Assessment
Strategy & Information
Security & Risk Management
STRATEGIC &
TECHNICAL SECURITY
CONSULTING
APT / Penetration tests
Social Engineering
Physical Security
Red Team
Data Protection
Network, Mobile & Cloud Security
BSI / ISO / PCI
Audits & Audit Preparation
SOC Planning & Setup
FW / IDS / SIEM Implementation
Industrial Control Systems
Data Loss Prevention
Trainings
RFI / RFP Support
Common Criteria
FIPS
24x7x365 Global IAM
Operations & Support
Application Security
Device & Endpoint Security
Network Security
Cloud Security
Mobile Security
Global Cyberthreat Intelligence
Risk Management Center
Security Operations Center
Risk & Business Impact Analysis
BC/DR Plans, Reviews & Tests
Crisis Management
Global Incident Response /
24x7 Forensics
Training & Simulation
Mergers & Acquisition (M&A)
security due diligence
Secure Code Reviews
SAP
CERTIFICATION
SERVICE (LAB)
SECURITY HARDWARE &
SOFTWARE RESELLING
(Next-Generation) Firewalls
Antivirus / SIEM / IDS / IPS / DLP
Mobile / Endpoint Security
20+ Product partnersCryptography
BSI Grundschutz /
IS-Revision
Secure Software
Development Lifecycle
IAM Consulting &
Solution Architecture
Identity and Access
Governance
RFI / RFP Support
IAM Implementation &
Customization
Cloud SSO &
Federation
IAM Solution
Engineering
Provisioning Solutions
5. 5October 2, 2015CSC Proprietary and Confidential
GLOBAL CYBERSECURITY
PROFESSIONALS
1,700+
INTEGRATED
GLOBAL RISK
MANAGEMENT
CENTERS
5+
YEARS PROVIDING
CYBERSECURITY
SERVICES
40+
GLOBAL ALLIANCE
PARTNERS
PROVIDING SECURITY
EXPERTISE
15+
PUBLIC &
PRIVATE
SECTOR
EXPERTISE
UK
Noida
Kuala Lumpur
Sydney
Newark
Global Scalability
6. 6October 2, 2015CSC Proprietary and Confidential
MOBILE
SECURITY
CLOUD
SECURITY
NETWORK
SECURITY
ENDPOINT
SECURITY
APPLICATION
SECURITY
IDENTITY AND
ACCESS
MANAGEMENT Our deep industry knowledge,
security specialists, and
end-to-end solutions for
traditional and next-generation
technologies enable you to
securely adapt as your business
and risks change.
End-to-End Managed Security Services
7. 7October 2, 2015CSC Proprietary and Confidential
Six decades of safety development to protect us from the
biggest risk factor in car mobility
10. 10October 2, 2015CSC Proprietary and Confidential
Who is the biggest risk in the future?
Ex Machina / Universal Studios (2015)
11. 11October 2, 2015CSC Proprietary and Confidential
Known automotive attack vectors
• ODB-II
Direct connector, USB, WiFi
• Controller Area Network (CAN) (broadcast nature, DoS vulnerability, network segregation)
• Electronic Control Unit (ECU)
– Engine Control Unit (ECU) (access, reflashing while driving, deviation from standards
– Body Control Unit (BCM)
– Elctronic Break Control Module (ECBM)
– Telematics unit (access)
– Radio / Entertainment system (malicious music files)
– Bluetooth (pass through vulnerabilities)
– Tire Pressure Monitoring Systems (TPMS)
• Suppliers, OEM and Dealers
14. 14October 2, 2015CSC Proprietary and Confidential
Volkswagen’s Automotive Cybercrime: Emission control
Daily use
ECU/ECM
Test
15. 15October 2, 2015CSC Proprietary and Confidential
Human error speaks against precautionary approach
- Level of automation +
-humanerrorrisks+
16. 16October 2, 2015CSC Proprietary and Confidential
From 1 billion to 2 billion cars
Infographic Wired Magazine 2012
2050
2 billion cars
9 billion people
2030
200+ million
connected cars
2018
20+ million
connected cars
100 million lines of code per car & 17 Petabyte of data p.a.
17. 17October 2, 2015CSC Proprietary and Confidential
OEM VM vs. IT market entrant approach
SW
Car
Car
SW
- Level of automation +
-Levelofcapabilities+
- Level of automation +
-Levelofcapabilities+
18. 18October 2, 2015CSC Proprietary and Confidential
From connected to autonomous to self-driving
http://www.leftlaneadvisors.com/project/nhtsa-levels-of-vehicle-autonomy-infographic/
Today
19. 19October 2, 2015CSC Proprietary and Confidential
Today’s automotive ecosystem
OEM
VM
Tier 1
Tier 1
Tier 1
Tier 2
Tier 2
Tier 2
Suppliers Producer Retail
Tier 3
Tier 3
Tier 3
Aut. Dealers
Aftermarket
Direct Sales
OES repair
Independent car sharing
Ind. ES manufacturers
Car Sharing
Ind. Dealers
Logistics
Assembler
Ind. retailers
Telematics provider
Logistics
Direct sales suppliers
Independent repair
21. 21October 2, 2015CSC Proprietary and Confidential
The Cyber Disruption Opportunity Moves Outside the Walls
• Live and work “without wires”
• Demand for universal access
• Work everywhere with any device
• Mix personal and corporate lives and information
• Information is currency and everyone wants it –
especially thieves
• Universal access creates dynamic boundaries that
are tougher to protect
• Ever advancing adversaries outpace traditional,
passive cyber defenses
New technology changes expectations
New technology expands and changes risk
Cybersecurity must respond proactively
• New business opportunities have moved outside the
“castle” walls
• Defensible security perimeters no longer exist
• Products and services must anticipate and
continuously manage risks
22. 22October 2, 2015CSC Proprietary and Confidential
Recommended Actions
Hardware / Software / Communications Regulations Culture/Operations
ECU hardening AV & Sec. Proxy Testing requirements Awareness Training
ECU consolidation IPS Operator license req. Cont. Threat analysis
Sec. architecture Sec. architecture Operator training req. Secure Prod. Lifecycle
Black box Cryptography Data collection Patch Mgt.
Segregation Sandboxing Data usage transp. Pentesting
Fail-safe mode Secure bot loader Black box SOC (AC+Org)
Last FS state ident. IAM Open codes ISAC
Time stamps Data storage R&D processes
Sec. Governance
Billing relationship?
Bug rewards program
23. 23October 2, 2015CSC Proprietary and Confidential 23October 2, 2015CSC Proprietary and Confidential
THANK YOU
aschellong@csc.com