From Connected To Self-Driving - Securing the Automotive Revolution

1October 2, 2015CSC Proprietary and Confidential 1October 2, 2015CSC Proprietary and Confidential
FROM CONNECTED TO SELF-DRIVING
— SECURING THE AUTOMOTIVE
REVOLUTION
Dr. Alexander Schellong
General Manager, Cybersecurity Division
Central & Eastern Europe, Italy and Turkey

2October 2, 2015CSC Proprietary and Confidential
TRAVEL AND
TRANSPORTATION
INSURANCE
MANUFACTURING
BANKING AND
CAPITAL MARKETS
HEALTHCARE
ENERGY AND
NATURAL RESOURCES
PUBLIC
SECTOR
TECHNOLOGY AND
CONSUMER SERVICES
About CSC
CONSULTING
BIG DATA AND
ANALYTICS
BUSINESS PROCESS SERVICES
AND OUTSOURCING
INFRASTRUCTURE
SERVICES
APPLICATIONS
SERVICES SOFTWARE AND IP
CYBERSECURITYCLOUD
NEXT-GEN
OFFERINGS

CSC Cybersecurity
CYBER
CONSULTING
SERVICES
CLOUD INTERNET
OF
THINGS
MOBILITY
SOCIAL
MANUFACTURING
TRAVEL AND
TRANSPORTATION
MANAGED
SECURITY
SERVICES
BIG DATA
HEALTHCARE
RISK MANAGEMENT
CENTERS
TECHNOLOGY
AND CONSUMER
SERVICES
PUBLIC
SECTOR
INSURANCE
APPLICATIONS
BUSINESS
OUTSIDE-IN
BANKING AND
CAPITAL
MARKETS
ENERGY AND
NATURAL
RESOURCES
BUSINESS
CONTINUITY/
DISASTER
RECOVERY
Third Platform,
Consumerization
of IT

Global Cybersecurity Service Portfolio 09/2015
BUSINESS CONTINUITY &
DISASTER RECOVERY
(BC/DR) SERVICES
IDENTITY
MANAGEMENT
CONSULTING
MANAGED SECURITY
SERVICES (MSS)
APPLICATION &
SOFTWARE
SECURITY
Static/Dynamic/Mobile
Scans (HP Fortify)
Compliance / Security Support
(Account Security Managers)
Risk / Security Assessment
Strategy & Information
Security & Risk Management
STRATEGIC &
TECHNICAL SECURITY
CONSULTING
APT / Penetration tests
Social Engineering
Physical Security
Red Team
Data Protection
Network, Mobile & Cloud Security
BSI / ISO / PCI
Audits & Audit Preparation
SOC Planning & Setup
FW / IDS / SIEM Implementation
Industrial Control Systems
Data Loss Prevention
Trainings
RFI / RFP Support
Common Criteria
FIPS
24x7x365 Global IAM
Operations & Support
Application Security
Device & Endpoint Security
Network Security
Cloud Security
Mobile Security
Global Cyberthreat Intelligence
Risk Management Center
Security Operations Center
Risk & Business Impact Analysis
BC/DR Plans, Reviews & Tests
Crisis Management
Global Incident Response /
24x7 Forensics
Training & Simulation
Mergers & Acquisition (M&A)
security due diligence
Secure Code Reviews
SAP
CERTIFICATION
SERVICE (LAB)
SECURITY HARDWARE &
SOFTWARE RESELLING
(Next-Generation) Firewalls
Antivirus / SIEM / IDS / IPS / DLP
Mobile / Endpoint Security
20+ Product partnersCryptography
BSI Grundschutz /
IS-Revision
Secure Software
Development Lifecycle
IAM Consulting &
Solution Architecture
Identity and Access
Governance
RFI / RFP Support
IAM Implementation &
Customization
Cloud SSO &
Federation
IAM Solution
Engineering
Provisioning Solutions

GLOBAL CYBERSECURITY
PROFESSIONALS
1,700+
INTEGRATED
GLOBAL RISK
MANAGEMENT
CENTERS
5+
YEARS PROVIDING
CYBERSECURITY
SERVICES
40+
GLOBAL ALLIANCE
PARTNERS
PROVIDING SECURITY
EXPERTISE
15+
PUBLIC &
PRIVATE
SECTOR
EXPERTISE
UK
Noida
Kuala Lumpur
Sydney
Newark
Global Scalability

MOBILE
SECURITY
CLOUD
SECURITY
NETWORK
SECURITY
ENDPOINT
SECURITY
APPLICATION
SECURITY
IDENTITY AND
ACCESS
MANAGEMENT Our deep industry knowledge,
security specialists, and
end-to-end solutions for
traditional and next-generation
technologies enable you to
securely adapt as your business
and risks change.
End-to-End Managed Security Services

Six decades of safety development to protect us from the
biggest risk factor in car mobility

Not this one
Volkswagen

That one

Who is the biggest risk in the future?
Ex Machina / Universal Studios (2015)

Known automotive attack vectors
•  ODB-II
Direct connector, USB, WiFi
•  Controller Area Network (CAN) (broadcast nature, DoS vulnerability, network segregation)
•  Electronic Control Unit (ECU)
–  Engine Control Unit (ECU) (access, reflashing while driving, deviation from standards
–  Body Control Unit (BCM)
–  Elctronic Break Control Module (ECBM)
–  Telematics unit (access)
–  Radio / Entertainment system (malicious music files)
–  Bluetooth (pass through vulnerabilities)
–  Tire Pressure Monitoring Systems (TPMS)
•  Suppliers, OEM and Dealers

Spoofing the LIDAR

GPS jamming and spoofing

Volkswagen’s Automotive Cybercrime: Emission control
Daily use
ECU/ECM
Test

Human error speaks against precautionary approach
- Level of automation +
-humanerrorrisks+

From 1 billion to 2 billion cars
Infographic Wired Magazine 2012
2050
2 billion cars
9 billion people
2030
200+ million
connected cars
2018
20+ million
connected cars
100 million lines of code per car & 17 Petabyte of data p.a.

OEM VM vs. IT market entrant approach
SW
Car
Car
SW
-Levelofcapabilities+
-Levelofcapabilities+

From connected to autonomous to self-driving
http://www.leftlaneadvisors.com/project/nhtsa-levels-of-vehicle-autonomy-infographic/
Today

Today’s automotive ecosystem
OEM
VM
Tier 1
Tier 1
Tier 1
Tier 2
Tier 2
Tier 2
Suppliers Producer Retail
Tier 3
Tier 3
Tier 3
Aut. Dealers
Aftermarket
Direct Sales
OES repair
Independent car sharing
Ind. ES manufacturers
Car Sharing
Ind. Dealers
Logistics
Assembler
Ind. retailers
Telematics provider
Logistics
Direct sales suppliers
Independent repair

Future automotive ecosystem
OEM
VM
Tier 1
Tier 1
Tier 1
Tier 2
Tier 2
Tier 2
Suppliers Producer Retail
Tier 3
Tier 3
Tier 3
Auth. Dealers
Aftermarket
Direct Sales
OES repair
Ind. repair
Ind. suppliers
Car Sharing
Ind. Dealers
Logistics
Assembler
Ind. retailers
Telematics provider
Logistics
Software / Apps / Content provider
Fleet Mgt. & provision (AMaaS)
Infrastructure
Smart devices
Smart roads
IT infrastructure & analytics provider
Security & monitoring provider
Ind. car sharing & fleet provision
Smart grid
App Store
S Mobility objects

The Cyber Disruption Opportunity Moves Outside the Walls
•  Live and work “without wires”
•  Demand for universal access
•  Work everywhere with any device
•  Mix personal and corporate lives and information
•  Information is currency and everyone wants it –
especially thieves
•  Universal access creates dynamic boundaries that
are tougher to protect
•  Ever advancing adversaries outpace traditional,
passive cyber defenses
New technology changes expectations
New technology expands and changes risk
Cybersecurity must respond proactively
•  New business opportunities have moved outside the
“castle” walls
•  Defensible security perimeters no longer exist
•  Products and services must anticipate and
continuously manage risks

Recommended Actions
Hardware / Software / Communications Regulations Culture/Operations
ECU hardening AV & Sec. Proxy Testing requirements Awareness Training
ECU consolidation IPS Operator license req. Cont. Threat analysis
Sec. architecture Sec. architecture Operator training req. Secure Prod. Lifecycle
Black box Cryptography Data collection Patch Mgt.
Segregation Sandboxing Data usage transp. Pentesting
Fail-safe mode Secure bot loader Black box SOC (AC+Org)
Last FS state ident. IAM Open codes ISAC
Time stamps Data storage R&D processes
Sec. Governance
Billing relationship?
Bug rewards program

23October 2, 2015CSC Proprietary and Confidential 23October 2, 2015CSC Proprietary and Confidential
THANK YOU
aschellong@csc.com

From Connected To Self-Driving - Securing the Automotive Revolution

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to From Connected To Self-Driving - Securing the Automotive Revolution

Similar to From Connected To Self-Driving - Securing the Automotive Revolution (20)

Recently uploaded

Recently uploaded (20)

From Connected To Self-Driving - Securing the Automotive Revolution