SlideShare a Scribd company logo

Automotive Cybersecurity Gap Persists

Download as PPTX, PDF
OnBoard Security, Inc. - a Qualcomm Company
OnBoard Security, Inc. - a Qualcomm Company

Ponemon Institute Survey; The Hacker Threat

Technology
1 of 52
Automotive Cybersecurity: A Gap Still Exists Ponemon Institute Survey Automotive Cybersecurity: The Gap Still Exists
Gene Carter Director of Product Management Security Innovation Peter Samson Vice President and General Manager Security Innovation Larry Ponemon Chairman Ponemon Institute Today’s Speakers Greg Rudy Director of Business Development INTEGRITY Security Services A Green Hills Company
A Few Things… • A link to the webcast recording and a copy of the slides will be sent to all registrants. • Submit your questions at any time. They will be addressed at the end of the webcast. • The Automotive Cyber Security White Paper can be found at https://web.securityinnovation.com/automotive-cybersecurity- gap-still-exists
The State of Automotive Cyber Security Peter Samson Vice President and General Manager Security Innovation
F22 Raptor 2 Million LoC7 Million LoC 130 Million LoC Software Complexity 787 Dreamliner 2016 Ford F150 http://www.informationisbeautiful.net/visualizations/million-lines-of-code/ "Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away." Antoine de Saint-Exupéry
Connected Vehicle Market Growth $152 billion $141 billion $132 billion $128 billion $98 billion Five-year Economic ValueNumber of Connected Cars
What Could Go Wrong? Theft Terrorism Revenge Mischief Extortion - Ransomware Insurance fraud Espionage Stalking Feature (de)activation Identity theft Counterfeiting
Entry Points for Hackers Internal Diagnostic Port CD/DVD USB/SD card Aux input CAN Bus Other networks Mobile phone External Bluetooth Internet Wi-Fi Key fob LIDAR Digital broadcasts Tire Pressure Monitors Tail light DSRC
The Hacker Threat - 2015 A Sky News investigation finds that almost half the 89,000 vehicles broken into in London last year were hacked electronically.
The Hacker Threat - 2016
The Hacker Threat - 2016
Cybersecurity Standards Hacking protection Data security Hacking mitigation Privacy standards Transparency Consumer choice Marketing prohibition Cyber dashboard A window sticker showing how well the car protects the security and privacy of the owner. Government Takes Action The Security and Privacy in Your Car (SPY) Act
And Warns the Public
Digital Millennium Copyright Act 11/2/2016 05:50 PM
Information Sharing and Access Centers Automotive Security Best Practices  Security by design  Risk assessment and management  Threat detection and protection  Incident response  Collaboration with third parties  Governance  Awareness and training
Sponsored by Security Innovation and Integrity Security Services Automotive Cybersecurity: The Gap Still Exists Larry Ponemon Chairman Ponemon Institute
During August 2016 the Ponemon Institute conducted a cybersecurity survey of more than 500 automotive developers, programmers, engineers, and executives, from automakers (OEMs) and their electronics suppliers. Introduction
Summary Findings • A growing concern that hackers are actively targeting automobiles. • OEMs are more concerned than their suppliers about automobiles being hacked • The lack of skilled personnel and requirements, and pressure to meet release dates are the main impediments to secure software development. • Insufficient use of cryptography. • Legacy technology is hindering the ability to make vehicles more secure. • Automakers believe they are not as knowledgeable about secure software development as other industries. • There is little clarity or consensus regarding a single point of responsibility • On the positive side, there is a small but statistically significant trend toward a more mature approach to securing vehicles.
Sample response Number % Sampling frame 8,680 100.0% Total returns 590 6.8% Rejected or screened surveys 63 0.7% Final sample 527 6.1% Survey Size
Methods
Demographics Headcount of Companies Surveyed
Demographics Reporting LinesJob Roles
Demographics Number of Software Developers Development Responsibilities
Responses
Perceptions about automotive security 42% 43% 45% 44% 47% 47% 51% 52% MY COMPANY MAKES AUTOMOTIVE SECURITY A PRIORITY AUTOMOTIVE DEVELOPMENT TEAMS HAVE THE SKILLS NECESSARY TO COMBAT CYBERSECURITY THREATS MY ORGANIZATION RECRUITS AND RETAINS EXPERT PERSONNEL TO MINIMIZE SECURITY RISKS IN AUTOMOBILES HACKERS ARE ACTIVELY TARGETING AUTOMOBILES FY 2016 FY 2015
AGREE 45%DISAGREE 55% Workers IS SECURITY A PRIORITY FOR YOUR COMPANY? AGREE 61% DISAGREE 39% Management AGREE 52%UNSURE 28% DISAGREE 20% ARE HACKER TARGETING CARS? Organizational Alignment ?
Who is responsible for Security? 23% 17% 18% 11% 12% 19% CIO CISO Partner QA Developer No One!
Perceptions about security practices 26% 44% 45% 43% 44% 24% 39% 43% 47% 49% MY COMPANY HAS THE ENABLING TECHNOLOGIES TO ENSURE AUTOMOTIVE DEVELOPMENT IS SECURE AUTOMAKERS ARE NOT AS KNOWLEDGEABLE ABOUT SECURE PLATFORM DEVELOPMENT AS OTHER INDUSTRIES ARE IT WILL BE THE NORM FOR MY COMPANY TO PARTICIPATE IN OPEN DISCLOSURE OF BUGS AND BUG BOUNTY PROGRAMS MY COMPANY’S AUTOMOTIVE DEVELOPMENT PROCESS INCLUDES ACTIVITIES FOR SECURITY REQUIREMENTS, DESIGN, IMPLEMENTATION AND TESTING ENGINEERS AND DEVELOPERS ARE ADEQUATELY TRAINED IN SECURE ARCHITECTURE AND CODING PRACTICES FY 2016 FY 2015
Challenges to securing automobile software 12% 16% 38% 48% 64% 67% 54% 6% 11% 18% 34% 43% 58% 65% 65% OTHER TOO EXPENSIVE ADDS TOO MUCH TIME TO THE SOFTWARE DEVELOPMENT PROCESS LACK OF FORMAL SECURITY REQUIREMENTS LACK OF DEFINED CORPORATE APPLICATION SECURITY POLICIES INSUFFICIENT RESOURCES LACK OF SKILLED PERSONNEL PRESSURE TO RELEASE FY 2016 FY 2015
What methods does your team use to ensure code is secure without vulnerabilities? 65% 48% 41% 27% 25% 24% 23% 3% 63% 50% 36% 0% 27% 24% 25% 10% AUTOMATED CODE SCANNING TOOLS DURING DEVELOPMENT AUTOMATED CODE SCANNING TOOLS AFTER RELEASE MANUAL PENETRATION TESTING NONE OF THE ABOVE AUTOMATED SCANNING TOOLS USED IN PRODUCTION THREAT MODELLING/RISK ASSESSMENT DURING DEVELOPMENT ADHERENCE TO SECURE CODING STANDARDS OTHER 2016 2015
35% 39% 18% 7% 1% Very difficult Difficult Somewhat difficult Not difficult Easy How difficult is it to secure automobiles?
How difficult is it to secure automobiles? 1% 7% 18% 39% 35% 2% 9% 21% 33% 36% 1 TO 2 3 TO 4 5 TO 6 7 TO 8 9 TO 10 FY 2016 FY 2015 Easy Hard
Is it possible to build a near hack proof car? 17% 55% 28% 19% 47% 34% YES NO UNSURE FY 2016 FY 2015
Challenges to Securing Automobiles 11% 16% 38% 48% 54% 67% 18% 34% 43% 65% 65% TOO EXPENSIVE ADDS TOO MUCH TIME LACK OF REQUIREMENTS LACK OF COMPANY POLICY PRESSURE TO RELEASE LACK OF SKILLED PEOPLE 2016 2015 “Pick Top 3 challenges”
Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys. Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are automotive application development process. We also acknowledge that the results may be biased by external events such as media coverage. Finally, because we used a Web-based collection method, it is possible that non-Web responses by mailed survey or telephone call would result in a different pattern of findings. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide a truthful response.
© 2016 INTEGRITY Security Services - Confidential Slide 36 experts in end-to-end embedded security Car Cybersecurity: The Gap Still Exists Gregory Rudy Director of Business Development Driving Forward
© 2016 INTEGRITY Security Services, Inc - Confidential Slide 37 Threat Actors  Who are these hackers?  Individuals (significant time, varied expertise, limited $ & capability)  Corporate (moderate time, high expertise, moderate $ & capability)  Universities (moderate time & $, high expertise, high capability)  Terrorists (moderate time, varied expertise, moderate $ & capability)  Nation states (significant time, high expertise, high $ & capability)  Hacking Goals  Fame and notoriety  Economic gain – e.g., unlock hidden functionality; access IP/content  Terrorism - e.g., disrupt a city at rush hour; remove fleet from service  Hacking consequences  Brand damage – loss of customer confidence in products/systems  Liability  Economic loss
© 2016 INTEGRITY Security Services, Inc - Confidential Slide 38 Standards: ISO 26262 Safety Using ISO 26262 ≠ Security in your design  If you design to ISO 26262 for safety, other considerations must be taken to achieve levels of system security  Secure Boot  Device Authentication  Software Authentication  FIPS 140-2 Cryptography  Use of products that adhere to and are certified to high Evaluation Assurance Levels (EAL) by BSI and/or Common Criteria  And more….
© 2016 INTEGRITY Security Services, Inc - Confidential Slide 39 ECU Security Architecture Design  Many are looking in the rear view mirror to “solve” current and future vehicle security problems  Focus on IT enterprise-style solution of perimeter security • “All we need is a firewall and IDS” • Network segmentation • SSL to the cloud o Improper/outdated crypto o Poor authentication  “The concept of perimeter control is in total crisis” – Dan Geer, CISO of In-Q-Tel Totally integrated, 15% Partially integrated, 34% Added on, 47% Unsure, 4% Does your company integrate security architecture design into the development process?
© 2016 INTEGRITY Security Services, Inc - Confidential Slide 40 ECU Security Architecture Design  Embedded space is fundamentally different  Constrained environments  Well defined functionality on most ECUs • Infotainment is the outlier due to Android/IOS support & passenger device/application interface.  We can do much better by designing for this environment!  Defense in depth is still required and attainable!
© 2016 INTEGRITY Security Services, Inc. - Confidential Slide 41 Retrofitting Security is Hard to Do
© 2016 INTEGRITY Security Services, Inc - Confidential Slide 42 First Steps - Understand the Task  Identify critical assets that require protection and their lifetimes  Intellectual property, gold firmware images/bitstreams, software/feature updates, secrets (keys), identities  ECUs fielded for 20 – 30 years  Understand the attack surfaces that can be exploited to recover/modify the critical assets  Application & implementation dependent  All remote and local connectivity points • Wireless (BT, WiFi, Cellular, GPS, etc.) & wired (USB, Ethernet, CAN, DVD, OBD-II, etc)  Physical analysis of ECU internals
© 2016 INTEGRITY Security Services, Inc - Confidential Slide 43 First Steps  Understand the difficulty of exploiting the attack surfaces  Can an attacker analyze one ECU to recover an asset that can compromise a large number of vehicles?  Can over-the-air messages be sent to arbitrary vehicles?  Can the service network be used to inject specific data?  Examine the likelihood of exploitation  A local physical attack that compromises a single vehicle is far less interesting than one that compromises many  Remote attacks are the holy grail  A nation-state can be very patient and persistent  Don’t assume proprietary implementations will protect you!  Arrogance and ignorance can each destroy your ECU
© 2016 INTEGRITY Security Services, Inc. - Confidential Slide 44 Holistic View Across All Domains is Required Product Security Domain Manufacturing Security Domain Operations Security Domain - Hardware - Firmware - OS - Applications - Contract Manufacturing - Chip Providers - Board Providers - Test Houses - ISVs - Updates - Feature Control - Content Mgmt - Users - Administrators - Hackers Security Must Exist in All Domains 44 Totally integrated, 11% Partially integrated, 29%Added on, 55% Unsure, 5% Does your company integrate the security architecture, including the entire supply chain and partner network?
© 2016 INTEGRITY Security Services, Inc. - Confidential Slide 45 ECU Cryptographic Boundary  FIPS 140-2 requires all hardware, software and firmware implementing cryptographic functions including algorithms and key generation be contained within a defined cryptographic boundary  Reliable and separate from untrusted software  Begins with a hardware root of trust  Secure Boot Support  Random Number Generation  Secure Key Storage  Cryptographic Acceleration  Anti-Tamper protection 0% 10% 20% 30% 40% 50% 60% Secure boot Encrypted communication Endpoint authentication Encrypted data in storage Which of the following system security features does your company currently use? Select all that apply
© 2016 INTEGRITY Security Services, Inc - Confidential Slide 46 Defense in Depth Hardware Root of Trust Software Crypto Secure Boot Security Protocols Separation Design Remote Updates Establish a Trusted Platform Secure secure communication Minimize software defect risk
© 2016 INTEGRITY Security Services, Inc - Confidential Slide 47 Todays Complex Supply Chains Headquarters Manufacturing Sites 3rd Parties Strategic Partners
© 2016 INTEGRITY Security Services, Inc - Confidential Slide 48 Infrastructure Requirement Security Infrastructures Must  Sign software images  Generate Keys and Certificates  Inject sensitive material  Root key protection  Device Authentication  Remote Management  Software Updates Critical Considerations:  Distributed Supply Chains  Multiple Products  Partner Access  High-Availability  Changing Algorithms
© 2016 INTEGRITY Security Services, Inc - Confidential Slide 49 Enterprise Security Infrastructure Zero exposure distribution of trust assets across global supply chains
© 2016 INTEGRITY Security Services, Inc - Confidential Slide 50 Don’t be Afraid to Ask…  This presentation only covers a few of the architecture design issues for ECUs  “Cryptographic protocols and their implementations …they’re very hard to get right.” – Steven Bellovin, professor, Columbia University  Honestly assess your teams expertise in these areas  Secure design & implementation, supply chain security, post sale security  Diebold got it ALL wrong in their voting machines  Reach out to an expert group such as INTEGRITY Security Services to help you so your ECU security is correct from the start  Save design time – more eyes on the problem, the better!  Secure your supply chain  Prevent recalls  Protect revenue & brand
Q&A
Thank you!

Recommended

Automotive Security (Connected Vehicle Security Issues)
Automotive Security (Connected Vehicle Security Issues)Automotive Security (Connected Vehicle Security Issues)
Automotive Security (Connected Vehicle Security Issues)Priyanka Aash
 
TARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxTARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxShriya Rai
 
AUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTAUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTVinayakSharma609332
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car SecuritySuresh Mandava
 
Automotive OTA Security For The Connected Vehicle (ASRG Secure Our Streets 2022)
Automotive OTA Security For The Connected Vehicle (ASRG Secure Our Streets 2022)Automotive OTA Security For The Connected Vehicle (ASRG Secure Our Streets 2022)
Automotive OTA Security For The Connected Vehicle (ASRG Secure Our Streets 2022)Benny Meisels
 
Addressing Security in the Automotive Industry
Addressing Security in the Automotive IndustryAddressing Security in the Automotive Industry
Addressing Security in the Automotive IndustrySasken Technologies Ltd.
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Bill Harpley
 

Recommended

Automotive Security (Connected Vehicle Security Issues)
Automotive Security (Connected Vehicle Security Issues)Automotive Security (Connected Vehicle Security Issues)
Automotive Security (Connected Vehicle Security Issues)Priyanka Aash
 
TARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxTARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxShriya Rai
 
AUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTAUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTVinayakSharma609332
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car SecuritySuresh Mandava
 
Automotive OTA Security For The Connected Vehicle (ASRG Secure Our Streets 2022)
Automotive OTA Security For The Connected Vehicle (ASRG Secure Our Streets 2022)Automotive OTA Security For The Connected Vehicle (ASRG Secure Our Streets 2022)
Automotive OTA Security For The Connected Vehicle (ASRG Secure Our Streets 2022)Benny Meisels
 
Addressing Security in the Automotive Industry
Addressing Security in the Automotive IndustryAddressing Security in the Automotive Industry
Addressing Security in the Automotive IndustrySasken Technologies Ltd.
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Bill Harpley
 
Automotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesAutomotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesBamboo Apps
 
The Internet of Cars - Towards the Future of the Connected Car
The Internet of Cars - Towards the Future of the Connected CarThe Internet of Cars - Towards the Future of the Connected Car
The Internet of Cars - Towards the Future of the Connected CarJorgen Thelin
 
Cyber Security for the Connected Car
Cyber Security for the Connected Car Cyber Security for the Connected Car
Cyber Security for the Connected Car Real-Time Innovations (RTI)
 
Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?Bill Harpley
 
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...BIS Research Inc.
 
Over-the-air (OTA) updates and the Connected car
Over-the-air (OTA) updates and the Connected carOver-the-air (OTA) updates and the Connected car
Over-the-air (OTA) updates and the Connected carPratik Desai, PhD
 
Autonomous car
Autonomous carAutonomous car
Autonomous carAnil kale
 
Embedded system-in-automobile
Embedded system-in-automobileEmbedded system-in-automobile
Embedded system-in-automobileSiddharth Sanskar
 
Connected Cars - Use Cases for Indian Scenario
Connected Cars - Use Cases for Indian ScenarioConnected Cars - Use Cases for Indian Scenario
Connected Cars - Use Cases for Indian ScenarioHCL Technologies
 
Autonomous vehicles: becoming economically feasible through improvements in l...
Autonomous vehicles: becoming economically feasible through improvements in l...Autonomous vehicles: becoming economically feasible through improvements in l...
Autonomous vehicles: becoming economically feasible through improvements in l...Jeffrey Funk
 
IoT services in the automotive sector
IoT services in the automotive sectorIoT services in the automotive sector
IoT services in the automotive sectorPRIME
 
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitAutomotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitSecurity Innovation
 
Adaptive cruise control
Adaptive cruise controlAdaptive cruise control
Adaptive cruise controlJinu Joy
 
Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Dr. Anish Cheriyan (PhD)
 
Understanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurityUnderstanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurityDominik Strube
 
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLES
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLESPROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLES
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLESiQHub
 
Autonomous car
Autonomous carAutonomous car
Autonomous carJay Patel
 
Self Driving Cars V11
Self Driving Cars V11Self Driving Cars V11
Self Driving Cars V11Kevin Root
 
Embedded system in automobile
Embedded system in automobileEmbedded system in automobile
Embedded system in automobileAali Aalim
 
Autonomous vehicles
Autonomous vehiclesAutonomous vehicles
Autonomous vehiclesvishnum379
 
Car Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still ExistsCar Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still ExistsSecurity Innovation
 
Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Security Innovation
 

More Related Content

What's hot

Automotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesAutomotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesBamboo Apps
 
The Internet of Cars - Towards the Future of the Connected Car
The Internet of Cars - Towards the Future of the Connected CarThe Internet of Cars - Towards the Future of the Connected Car
The Internet of Cars - Towards the Future of the Connected CarJorgen Thelin
 
Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?Bill Harpley
 
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...BIS Research Inc.
 
Over-the-air (OTA) updates and the Connected car
Over-the-air (OTA) updates and the Connected carOver-the-air (OTA) updates and the Connected car
Over-the-air (OTA) updates and the Connected carPratik Desai, PhD
 
Autonomous car
Autonomous carAutonomous car
Autonomous carAnil kale
 
Embedded system-in-automobile
Embedded system-in-automobileEmbedded system-in-automobile
Embedded system-in-automobileSiddharth Sanskar
 
Connected Cars - Use Cases for Indian Scenario
Connected Cars - Use Cases for Indian ScenarioConnected Cars - Use Cases for Indian Scenario
Connected Cars - Use Cases for Indian ScenarioHCL Technologies
 
Autonomous vehicles: becoming economically feasible through improvements in l...
Autonomous vehicles: becoming economically feasible through improvements in l...Autonomous vehicles: becoming economically feasible through improvements in l...
Autonomous vehicles: becoming economically feasible through improvements in l...Jeffrey Funk
 
IoT services in the automotive sector
IoT services in the automotive sectorIoT services in the automotive sector
IoT services in the automotive sectorPRIME
 
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitAutomotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitSecurity Innovation
 
Adaptive cruise control
Adaptive cruise controlAdaptive cruise control
Adaptive cruise controlJinu Joy
 
Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Dr. Anish Cheriyan (PhD)
 
Understanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurityUnderstanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurityDominik Strube
 
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLES
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLESPROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLES
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLESiQHub
 
Autonomous car
Autonomous carAutonomous car
Autonomous carJay Patel
 
Self Driving Cars V11
Self Driving Cars V11Self Driving Cars V11
Self Driving Cars V11Kevin Root
 
Embedded system in automobile
Embedded system in automobileEmbedded system in automobile
Embedded system in automobileAali Aalim
 
Autonomous vehicles
Autonomous vehiclesAutonomous vehicles
Autonomous vehiclesvishnum379
 

What's hot (20)

Automotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesAutomotive Cybersecurity Best Practices
Automotive Cybersecurity Best Practices
 
The Internet of Cars - Towards the Future of the Connected Car
The Internet of Cars - Towards the Future of the Connected CarThe Internet of Cars - Towards the Future of the Connected Car
The Internet of Cars - Towards the Future of the Connected Car
 
Cyber Security for the Connected Car
Cyber Security for the Connected Car Cyber Security for the Connected Car
Cyber Security for the Connected Car
 
Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?Connected & Driverless vehicles: the road to Safe & Secure mobility?
Connected & Driverless vehicles: the road to Safe & Secure mobility?
 
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
Cybersecurity in Automotive Connected Vehicles and Growing Security Vulnerabi...
 
Over-the-air (OTA) updates and the Connected car
Over-the-air (OTA) updates and the Connected carOver-the-air (OTA) updates and the Connected car
Over-the-air (OTA) updates and the Connected car
 
Autonomous car
Autonomous carAutonomous car
Autonomous car
 
Embedded system-in-automobile
Embedded system-in-automobileEmbedded system-in-automobile
Embedded system-in-automobile
 
Connected Cars - Use Cases for Indian Scenario
Connected Cars - Use Cases for Indian ScenarioConnected Cars - Use Cases for Indian Scenario
Connected Cars - Use Cases for Indian Scenario
 
Autonomous vehicles: becoming economically feasible through improvements in l...
Autonomous vehicles: becoming economically feasible through improvements in l...Autonomous vehicles: becoming economically feasible through improvements in l...
Autonomous vehicles: becoming economically feasible through improvements in l...
 
IoT services in the automotive sector
IoT services in the automotive sectorIoT services in the automotive sector
IoT services in the automotive sector
 
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan PetitAutomotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
Automotive Cybersecurity Challenges for Automated Vehicles: Jonathan Petit
 
Adaptive cruise control
Adaptive cruise controlAdaptive cruise control
Adaptive cruise control
 
Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...
 
Understanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurityUnderstanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurity
 
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLES
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLESPROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLES
PROGRESS OF AUTOSAR STANDARDS FOR FUTURE INTELLIGENT VEHICLES
 
Autonomous car
Autonomous carAutonomous car
Autonomous car
 
Self Driving Cars V11
Self Driving Cars V11Self Driving Cars V11
Self Driving Cars V11
 
Embedded system in automobile
Embedded system in automobileEmbedded system in automobile
Embedded system in automobile
 
Autonomous vehicles
Autonomous vehiclesAutonomous vehicles
Autonomous vehicles
 

Similar to Automotive Cybersecurity Gap Persists

Car Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still ExistsCar Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still ExistsSecurity Innovation
 
Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Security Innovation
 
Security Training: Necessary Evil, Waste of Time, or Genius Move?
Security Training: Necessary Evil, Waste of Time, or Genius Move?Security Training: Necessary Evil, Waste of Time, or Genius Move?
Security Training: Necessary Evil, Waste of Time, or Genius Move?Denim Group
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxlior mazor
 
Protecting Autonomous Vehicles and Connected Services with Software Defined P...
Protecting Autonomous Vehicles and Connected Services with Software Defined P...Protecting Autonomous Vehicles and Connected Services with Software Defined P...
Protecting Autonomous Vehicles and Connected Services with Software Defined P...Mahbubul Alam
 
Strategy Analytics - Automotive Cyber Security - Oct 2020.pptx
Strategy Analytics - Automotive Cyber Security - Oct 2020.pptxStrategy Analytics - Automotive Cyber Security - Oct 2020.pptx
Strategy Analytics - Automotive Cyber Security - Oct 2020.pptxNiteshKumar958846
 
六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩baoyin
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareParasoft
 
Security Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsSecurity Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsAlan Tatourian
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
FASTR_Overview2017
FASTR_Overview2017FASTR_Overview2017
FASTR_Overview2017Craig Hurst
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 
Accelerating Enhanced Threat Identification and Incident Investigation
Accelerating Enhanced Threat Identification and Incident InvestigationAccelerating Enhanced Threat Identification and Incident Investigation
Accelerating Enhanced Threat Identification and Incident InvestigationEnterprise Management Associates
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 

Similar to Automotive Cybersecurity Gap Persists (20)

Car Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still ExistsCar Cybersecurity: The Gap Still Exists
Car Cybersecurity: The Gap Still Exists
 
Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?Car Cybersecurity: What do Automakers Really Think?
Car Cybersecurity: What do Automakers Really Think?
 
Car cybersecurity: What do automakers really think?
Car cybersecurity: What do automakers really think?Car cybersecurity: What do automakers really think?
Car cybersecurity: What do automakers really think?
 
Security Training: Necessary Evil, Waste of Time, or Genius Move?
Security Training: Necessary Evil, Waste of Time, or Genius Move?Security Training: Necessary Evil, Waste of Time, or Genius Move?
Security Training: Necessary Evil, Waste of Time, or Genius Move?
 
Revolution in Mobility
Revolution in MobilityRevolution in Mobility
Revolution in Mobility
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
 
Protecting Autonomous Vehicles and Connected Services with Software Defined P...
Protecting Autonomous Vehicles and Connected Services with Software Defined P...Protecting Autonomous Vehicles and Connected Services with Software Defined P...
Protecting Autonomous Vehicles and Connected Services with Software Defined P...
 
Strategy Analytics - Automotive Cyber Security - Oct 2020.pptx
Strategy Analytics - Automotive Cyber Security - Oct 2020.pptxStrategy Analytics - Automotive Cyber Security - Oct 2020.pptx
Strategy Analytics - Automotive Cyber Security - Oct 2020.pptx
 
六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive Software
 
Security Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsSecurity Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical Systems
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
FASTR_Overview2017
FASTR_Overview2017FASTR_Overview2017
FASTR_Overview2017
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
Accelerating Enhanced Threat Identification and Incident Investigation
Accelerating Enhanced Threat Identification and Incident InvestigationAccelerating Enhanced Threat Identification and Incident Investigation
Accelerating Enhanced Threat Identification and Incident Investigation
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk Imperative
 

More from OnBoard Security, Inc. - a Qualcomm Company

Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...OnBoard Security, Inc. - a Qualcomm Company
 
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...OnBoard Security, Inc. - a Qualcomm Company
 

More from OnBoard Security, Inc. - a Qualcomm Company (13)

Garbled Circuits for Secure Credential Management Services
Garbled Circuits for Secure Credential Management ServicesGarbled Circuits for Secure Credential Management Services
Garbled Circuits for Secure Credential Management Services
 
Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018
Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018 Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018
Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018
 
Lattice-based Signatures
Lattice-based SignaturesLattice-based Signatures
Lattice-based Signatures
 
Locking Down and Re-Using V2X Security - Lessons for Smart Cities
Locking Down and Re-Using V2X Security - Lessons for Smart CitiesLocking Down and Re-Using V2X Security - Lessons for Smart Cities
Locking Down and Re-Using V2X Security - Lessons for Smart Cities
 
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
 
A Short Review of the NTRU Cryptosystem
A Short Review of the NTRU CryptosystemA Short Review of the NTRU Cryptosystem
A Short Review of the NTRU Cryptosystem
 
Security for Connected Vehicle: Successes and Challenges
Security for Connected Vehicle: Successes and ChallengesSecurity for Connected Vehicle: Successes and Challenges
Security for Connected Vehicle: Successes and Challenges
 
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
 
Connected Cars: What Could Possibly Go Wrong
Connected Cars: What Could Possibly Go WrongConnected Cars: What Could Possibly Go Wrong
Connected Cars: What Could Possibly Go Wrong
 
Certificate Management Protocols for 1609.2 Certificates
Certificate Management Protocols for 1609.2 CertificatesCertificate Management Protocols for 1609.2 Certificates
Certificate Management Protocols for 1609.2 Certificates
 
Scaling Systems Securely: Challenges and Risks
Scaling Systems Securely: Challenges and RisksScaling Systems Securely: Challenges and Risks
Scaling Systems Securely: Challenges and Risks
 
Misbehavior Handling Throughout the V2V System Lifecycle
Misbehavior Handling Throughout the V2V System LifecycleMisbehavior Handling Throughout the V2V System Lifecycle
Misbehavior Handling Throughout the V2V System Lifecycle
 
Quantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic ModulesQuantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic Modules
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Automotive Cybersecurity Gap Persists

  • 1. Automotive Cybersecurity: A Gap Still Exists Ponemon Institute Survey Automotive Cybersecurity: The Gap Still Exists
  • 2. Gene Carter Director of Product Management Security Innovation Peter Samson Vice President and General Manager Security Innovation Larry Ponemon Chairman Ponemon Institute Today’s Speakers Greg Rudy Director of Business Development INTEGRITY Security Services A Green Hills Company
  • 3. A Few Things… • A link to the webcast recording and a copy of the slides will be sent to all registrants. • Submit your questions at any time. They will be addressed at the end of the webcast. • The Automotive Cyber Security White Paper can be found at https://web.securityinnovation.com/automotive-cybersecurity- gap-still-exists
  • 4. The State of Automotive Cyber Security Peter Samson Vice President and General Manager Security Innovation
  • 5. F22 Raptor 2 Million LoC7 Million LoC 130 Million LoC Software Complexity 787 Dreamliner 2016 Ford F150 http://www.informationisbeautiful.net/visualizations/million-lines-of-code/ "Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away." Antoine de Saint-Exupéry
  • 6. Connected Vehicle Market Growth $152 billion $141 billion $132 billion $128 billion $98 billion Five-year Economic ValueNumber of Connected Cars
  • 7. What Could Go Wrong? Theft Terrorism Revenge Mischief Extortion - Ransomware Insurance fraud Espionage Stalking Feature (de)activation Identity theft Counterfeiting
  • 8. Entry Points for Hackers Internal Diagnostic Port CD/DVD USB/SD card Aux input CAN Bus Other networks Mobile phone External Bluetooth Internet Wi-Fi Key fob LIDAR Digital broadcasts Tire Pressure Monitors Tail light DSRC
  • 9. The Hacker Threat - 2015 A Sky News investigation finds that almost half the 89,000 vehicles broken into in London last year were hacked electronically.
  • 12. Cybersecurity Standards Hacking protection Data security Hacking mitigation Privacy standards Transparency Consumer choice Marketing prohibition Cyber dashboard A window sticker showing how well the car protects the security and privacy of the owner. Government Takes Action The Security and Privacy in Your Car (SPY) Act
  • 13. And Warns the Public
  • 14. Digital Millennium Copyright Act 11/2/2016 05:50 PM
  • 15. Information Sharing and Access Centers Automotive Security Best Practices  Security by design  Risk assessment and management  Threat detection and protection  Incident response  Collaboration with third parties  Governance  Awareness and training
  • 16. Sponsored by Security Innovation and Integrity Security Services Automotive Cybersecurity: The Gap Still Exists Larry Ponemon Chairman Ponemon Institute
  • 17. During August 2016 the Ponemon Institute conducted a cybersecurity survey of more than 500 automotive developers, programmers, engineers, and executives, from automakers (OEMs) and their electronics suppliers. Introduction
  • 18. Summary Findings • A growing concern that hackers are actively targeting automobiles. • OEMs are more concerned than their suppliers about automobiles being hacked • The lack of skilled personnel and requirements, and pressure to meet release dates are the main impediments to secure software development. • Insufficient use of cryptography. • Legacy technology is hindering the ability to make vehicles more secure. • Automakers believe they are not as knowledgeable about secure software development as other industries. • There is little clarity or consensus regarding a single point of responsibility • On the positive side, there is a small but statistically significant trend toward a more mature approach to securing vehicles.
  • 19. Sample response Number % Sampling frame 8,680 100.0% Total returns 590 6.8% Rejected or screened surveys 63 0.7% Final sample 527 6.1% Survey Size
  • 23. Demographics Number of Software Developers Development Responsibilities
  • 25. Perceptions about automotive security 42% 43% 45% 44% 47% 47% 51% 52% MY COMPANY MAKES AUTOMOTIVE SECURITY A PRIORITY AUTOMOTIVE DEVELOPMENT TEAMS HAVE THE SKILLS NECESSARY TO COMBAT CYBERSECURITY THREATS MY ORGANIZATION RECRUITS AND RETAINS EXPERT PERSONNEL TO MINIMIZE SECURITY RISKS IN AUTOMOBILES HACKERS ARE ACTIVELY TARGETING AUTOMOBILES FY 2016 FY 2015
  • 26. AGREE 45%DISAGREE 55% Workers IS SECURITY A PRIORITY FOR YOUR COMPANY? AGREE 61% DISAGREE 39% Management AGREE 52%UNSURE 28% DISAGREE 20% ARE HACKER TARGETING CARS? Organizational Alignment ?
  • 27. Who is responsible for Security? 23% 17% 18% 11% 12% 19% CIO CISO Partner QA Developer No One!
  • 28. Perceptions about security practices 26% 44% 45% 43% 44% 24% 39% 43% 47% 49% MY COMPANY HAS THE ENABLING TECHNOLOGIES TO ENSURE AUTOMOTIVE DEVELOPMENT IS SECURE AUTOMAKERS ARE NOT AS KNOWLEDGEABLE ABOUT SECURE PLATFORM DEVELOPMENT AS OTHER INDUSTRIES ARE IT WILL BE THE NORM FOR MY COMPANY TO PARTICIPATE IN OPEN DISCLOSURE OF BUGS AND BUG BOUNTY PROGRAMS MY COMPANY’S AUTOMOTIVE DEVELOPMENT PROCESS INCLUDES ACTIVITIES FOR SECURITY REQUIREMENTS, DESIGN, IMPLEMENTATION AND TESTING ENGINEERS AND DEVELOPERS ARE ADEQUATELY TRAINED IN SECURE ARCHITECTURE AND CODING PRACTICES FY 2016 FY 2015
  • 29. Challenges to securing automobile software 12% 16% 38% 48% 64% 67% 54% 6% 11% 18% 34% 43% 58% 65% 65% OTHER TOO EXPENSIVE ADDS TOO MUCH TIME TO THE SOFTWARE DEVELOPMENT PROCESS LACK OF FORMAL SECURITY REQUIREMENTS LACK OF DEFINED CORPORATE APPLICATION SECURITY POLICIES INSUFFICIENT RESOURCES LACK OF SKILLED PERSONNEL PRESSURE TO RELEASE FY 2016 FY 2015
  • 30. What methods does your team use to ensure code is secure without vulnerabilities? 65% 48% 41% 27% 25% 24% 23% 3% 63% 50% 36% 0% 27% 24% 25% 10% AUTOMATED CODE SCANNING TOOLS DURING DEVELOPMENT AUTOMATED CODE SCANNING TOOLS AFTER RELEASE MANUAL PENETRATION TESTING NONE OF THE ABOVE AUTOMATED SCANNING TOOLS USED IN PRODUCTION THREAT MODELLING/RISK ASSESSMENT DURING DEVELOPMENT ADHERENCE TO SECURE CODING STANDARDS OTHER 2016 2015
  • 31. 35% 39% 18% 7% 1% Very difficult Difficult Somewhat difficult Not difficult Easy How difficult is it to secure automobiles?
  • 32. How difficult is it to secure automobiles? 1% 7% 18% 39% 35% 2% 9% 21% 33% 36% 1 TO 2 3 TO 4 5 TO 6 7 TO 8 9 TO 10 FY 2016 FY 2015 Easy Hard
  • 33. Is it possible to build a near hack proof car? 17% 55% 28% 19% 47% 34% YES NO UNSURE FY 2016 FY 2015
  • 34. Challenges to Securing Automobiles 11% 16% 38% 48% 54% 67% 18% 34% 43% 65% 65% TOO EXPENSIVE ADDS TOO MUCH TIME LACK OF REQUIREMENTS LACK OF COMPANY POLICY PRESSURE TO RELEASE LACK OF SKILLED PEOPLE 2016 2015 “Pick Top 3 challenges”
  • 35. Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys. Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are automotive application development process. We also acknowledge that the results may be biased by external events such as media coverage. Finally, because we used a Web-based collection method, it is possible that non-Web responses by mailed survey or telephone call would result in a different pattern of findings. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide a truthful response.
  • 36. © 2016 INTEGRITY Security Services - Confidential Slide 36 experts in end-to-end embedded security Car Cybersecurity: The Gap Still Exists Gregory Rudy Director of Business Development Driving Forward
  • 37. © 2016 INTEGRITY Security Services, Inc - Confidential Slide 37 Threat Actors  Who are these hackers?  Individuals (significant time, varied expertise, limited $ & capability)  Corporate (moderate time, high expertise, moderate $ & capability)  Universities (moderate time & $, high expertise, high capability)  Terrorists (moderate time, varied expertise, moderate $ & capability)  Nation states (significant time, high expertise, high $ & capability)  Hacking Goals  Fame and notoriety  Economic gain – e.g., unlock hidden functionality; access IP/content  Terrorism - e.g., disrupt a city at rush hour; remove fleet from service  Hacking consequences  Brand damage – loss of customer confidence in products/systems  Liability  Economic loss
  • 38. © 2016 INTEGRITY Security Services, Inc - Confidential Slide 38 Standards: ISO 26262 Safety Using ISO 26262 ≠ Security in your design  If you design to ISO 26262 for safety, other considerations must be taken to achieve levels of system security  Secure Boot  Device Authentication  Software Authentication  FIPS 140-2 Cryptography  Use of products that adhere to and are certified to high Evaluation Assurance Levels (EAL) by BSI and/or Common Criteria  And more….
  • 39. © 2016 INTEGRITY Security Services, Inc - Confidential Slide 39 ECU Security Architecture Design  Many are looking in the rear view mirror to “solve” current and future vehicle security problems  Focus on IT enterprise-style solution of perimeter security • “All we need is a firewall and IDS” • Network segmentation • SSL to the cloud o Improper/outdated crypto o Poor authentication  “The concept of perimeter control is in total crisis” – Dan Geer, CISO of In-Q-Tel Totally integrated, 15% Partially integrated, 34% Added on, 47% Unsure, 4% Does your company integrate security architecture design into the development process?
  • 40. © 2016 INTEGRITY Security Services, Inc - Confidential Slide 40 ECU Security Architecture Design  Embedded space is fundamentally different  Constrained environments  Well defined functionality on most ECUs • Infotainment is the outlier due to Android/IOS support & passenger device/application interface.  We can do much better by designing for this environment!  Defense in depth is still required and attainable!
  • 41. © 2016 INTEGRITY Security Services, Inc. - Confidential Slide 41 Retrofitting Security is Hard to Do
  • 42. © 2016 INTEGRITY Security Services, Inc - Confidential Slide 42 First Steps - Understand the Task  Identify critical assets that require protection and their lifetimes  Intellectual property, gold firmware images/bitstreams, software/feature updates, secrets (keys), identities  ECUs fielded for 20 – 30 years  Understand the attack surfaces that can be exploited to recover/modify the critical assets  Application & implementation dependent  All remote and local connectivity points • Wireless (BT, WiFi, Cellular, GPS, etc.) & wired (USB, Ethernet, CAN, DVD, OBD-II, etc)  Physical analysis of ECU internals
  • 43. © 2016 INTEGRITY Security Services, Inc - Confidential Slide 43 First Steps  Understand the difficulty of exploiting the attack surfaces  Can an attacker analyze one ECU to recover an asset that can compromise a large number of vehicles?  Can over-the-air messages be sent to arbitrary vehicles?  Can the service network be used to inject specific data?  Examine the likelihood of exploitation  A local physical attack that compromises a single vehicle is far less interesting than one that compromises many  Remote attacks are the holy grail  A nation-state can be very patient and persistent  Don’t assume proprietary implementations will protect you!  Arrogance and ignorance can each destroy your ECU
  • 44. © 2016 INTEGRITY Security Services, Inc. - Confidential Slide 44 Holistic View Across All Domains is Required Product Security Domain Manufacturing Security Domain Operations Security Domain - Hardware - Firmware - OS - Applications - Contract Manufacturing - Chip Providers - Board Providers - Test Houses - ISVs - Updates - Feature Control - Content Mgmt - Users - Administrators - Hackers Security Must Exist in All Domains 44 Totally integrated, 11% Partially integrated, 29%Added on, 55% Unsure, 5% Does your company integrate the security architecture, including the entire supply chain and partner network?
  • 45. © 2016 INTEGRITY Security Services, Inc. - Confidential Slide 45 ECU Cryptographic Boundary  FIPS 140-2 requires all hardware, software and firmware implementing cryptographic functions including algorithms and key generation be contained within a defined cryptographic boundary  Reliable and separate from untrusted software  Begins with a hardware root of trust  Secure Boot Support  Random Number Generation  Secure Key Storage  Cryptographic Acceleration  Anti-Tamper protection 0% 10% 20% 30% 40% 50% 60% Secure boot Encrypted communication Endpoint authentication Encrypted data in storage Which of the following system security features does your company currently use? Select all that apply
  • 46. © 2016 INTEGRITY Security Services, Inc - Confidential Slide 46 Defense in Depth Hardware Root of Trust Software Crypto Secure Boot Security Protocols Separation Design Remote Updates Establish a Trusted Platform Secure secure communication Minimize software defect risk
  • 47. © 2016 INTEGRITY Security Services, Inc - Confidential Slide 47 Todays Complex Supply Chains Headquarters Manufacturing Sites 3rd Parties Strategic Partners
  • 48. © 2016 INTEGRITY Security Services, Inc - Confidential Slide 48 Infrastructure Requirement Security Infrastructures Must  Sign software images  Generate Keys and Certificates  Inject sensitive material  Root key protection  Device Authentication  Remote Management  Software Updates Critical Considerations:  Distributed Supply Chains  Multiple Products  Partner Access  High-Availability  Changing Algorithms
  • 49. © 2016 INTEGRITY Security Services, Inc - Confidential Slide 49 Enterprise Security Infrastructure Zero exposure distribution of trust assets across global supply chains
  • 50. © 2016 INTEGRITY Security Services, Inc - Confidential Slide 50 Don’t be Afraid to Ask…  This presentation only covers a few of the architecture design issues for ECUs  “Cryptographic protocols and their implementations …they’re very hard to get right.” – Steven Bellovin, professor, Columbia University  Honestly assess your teams expertise in these areas  Secure design & implementation, supply chain security, post sale security  Diebold got it ALL wrong in their voting machines  Reach out to an expert group such as INTEGRITY Security Services to help you so your ECU security is correct from the start  Save design time – more eyes on the problem, the better!  Secure your supply chain  Prevent recalls  Protect revenue & brand
  • 51. Q&A