Presentation held at Cybersecure Car 2015. Main argument is that we need to move from discussing specific car security to discussing the security of the future automotive ecosystem.
Connected Car Security Issues:
4 main components-
1- ECU (Electronic Control Unit)
2- CAN Bus (Control Area Network Bus)
3- OBD (Onboard Diagnostics)
4- Infotainment
SAE 2014 - Cyber Security: Mission Critical for the Internet of CarsAndreas Mai
Connected vehicles are becoming rolling data centers. More attack surfaces expose vehicles to cyber threats that have become common in the IT industry. Connected vehicles will require an end-to-end security architecture spanning from chip level to cloud based security services that protect vehicles over the entire life cycle.
This talk will attempt to illustrate the close link between both safety and security, as well as the reasons they should remain distinct and separated efforts; the speakers will discuss case studies that relate to security incidents with safety impact, discuss practices that may be adopted in this space, before opening a discussion on the means for maintaining effective security and safety programs that neither overlap, nor underlap each other. The talk is aimed at those with an interest in Operational Technology security; whilst it will be open to a range of knowledge and abilities, the emphasis is towards the simple, basic concepts that are often found wanting in relation to cyber-attacks in the industry.
Connected Car Security Issues:
4 main components-
1- ECU (Electronic Control Unit)
2- CAN Bus (Control Area Network Bus)
3- OBD (Onboard Diagnostics)
4- Infotainment
SAE 2014 - Cyber Security: Mission Critical for the Internet of CarsAndreas Mai
Connected vehicles are becoming rolling data centers. More attack surfaces expose vehicles to cyber threats that have become common in the IT industry. Connected vehicles will require an end-to-end security architecture spanning from chip level to cloud based security services that protect vehicles over the entire life cycle.
This talk will attempt to illustrate the close link between both safety and security, as well as the reasons they should remain distinct and separated efforts; the speakers will discuss case studies that relate to security incidents with safety impact, discuss practices that may be adopted in this space, before opening a discussion on the means for maintaining effective security and safety programs that neither overlap, nor underlap each other. The talk is aimed at those with an interest in Operational Technology security; whilst it will be open to a range of knowledge and abilities, the emphasis is towards the simple, basic concepts that are often found wanting in relation to cyber-attacks in the industry.
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
Space infrastructure has become an integral part of everyday life, with individuals, businesses and governments relying overwhelmingly on it. However, despite the space industry’s technical sophistication, its cybersecurity efforts have lagged behind that of other high-tech sectors.
Block Armour has developed a next-gen Zero Trust Cybersecurity solution explicitly designed for connected devices, integrated IoT systems and related communication networks. And, is extending the solution to deliver Zero Trust Cybersecurity for Software-defined Space based Systems.
Solution: Block Armour Secure Remote Access for WFHBlock Armour
The Covid-19 pandemic has compelled organizations to allow large sections of the workforce to work from home. A majority of enterprises have deployed a VPN to provide remote access and ensure business continuity. However, traditional VPNs were never designed for today's highly distributed and hybrid IT environments and could expose enterprise applications and sensitive data on the corporate network to malware, ransomware, and other cyberattacks. Learn how Block Armour's #ZeroTrust security solution with integrated 2-factor authentication mitigates the risk of unauthorized access, prevents malware propagation and enables secure and compliant remote access for employees working from home due to Covid-19.
The session with highlight Intel’s vision for IoT Security and the fundamental building blocks and capabilities Intel and the ecosystem are providing to organizations to build security in from design through deployment and maintenance.
Reference Security Architecture for Mobility- InsurancePriyanka Aash
The project title for this task force is “Reference security architecture for Mobility”. Some of the key things that you are going to learn from this presentation is:
The reader will learn about the current aspects of mobility, its use cases, control measures and common architectural components
The document highlights the current generic mobility models, business drivers and challenges the enterprise mobility solutions faces
The document also lists out some sample example implementations for better understanding of the concepts presented to the reader
The readers will also learn to create a mobility security architecture framework to successfully build Enterprise Mobility Management program for their organization
IoT Armour: Securing connected devices and critical IoT infrastructure with B...Block Armour
IoT Armour is a Blockchain-powered cybersecurity solution specifically designed to secure connected devices, networks and critical systems in the Internet of Things (IoT). It is targeted at Smart Cities, Autonomous Mobility as well as other related industrial and consumer use cases. IoT Armour is the flagship solution of Block Armour, an India and Singapore-based venture focused on harnessing the potential of Blockchain technology to counter growing cybersecurity challenges in bold new ways.
To learn more, visit www.iotarmour.com
NSA advisory about state sponsored cybersecurity threatsRonald Bartels
Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities. This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...Block Armour
Due to the #covid19 pandemic, organizations were faced with an unprecedented, novel challenge of ensuring business continuity without endangering employee health and safety. Presenting our latest case study about how we enabled secure remote access to on-premise as well as SaaS applications for the employees of a Fortune 500 Oil and Gas firm subsidiary with minimal changes in their existing IT environment.
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
Space infrastructure has become an integral part of everyday life, with individuals, businesses and governments relying overwhelmingly on it. However, despite the space industry’s technical sophistication, its cybersecurity efforts have lagged behind that of other high-tech sectors.
Block Armour has developed a next-gen Zero Trust Cybersecurity solution explicitly designed for connected devices, integrated IoT systems and related communication networks. And, is extending the solution to deliver Zero Trust Cybersecurity for Software-defined Space based Systems.
Solution: Block Armour Secure Remote Access for WFHBlock Armour
The Covid-19 pandemic has compelled organizations to allow large sections of the workforce to work from home. A majority of enterprises have deployed a VPN to provide remote access and ensure business continuity. However, traditional VPNs were never designed for today's highly distributed and hybrid IT environments and could expose enterprise applications and sensitive data on the corporate network to malware, ransomware, and other cyberattacks. Learn how Block Armour's #ZeroTrust security solution with integrated 2-factor authentication mitigates the risk of unauthorized access, prevents malware propagation and enables secure and compliant remote access for employees working from home due to Covid-19.
The session with highlight Intel’s vision for IoT Security and the fundamental building blocks and capabilities Intel and the ecosystem are providing to organizations to build security in from design through deployment and maintenance.
Reference Security Architecture for Mobility- InsurancePriyanka Aash
The project title for this task force is “Reference security architecture for Mobility”. Some of the key things that you are going to learn from this presentation is:
The reader will learn about the current aspects of mobility, its use cases, control measures and common architectural components
The document highlights the current generic mobility models, business drivers and challenges the enterprise mobility solutions faces
The document also lists out some sample example implementations for better understanding of the concepts presented to the reader
The readers will also learn to create a mobility security architecture framework to successfully build Enterprise Mobility Management program for their organization
IoT Armour: Securing connected devices and critical IoT infrastructure with B...Block Armour
IoT Armour is a Blockchain-powered cybersecurity solution specifically designed to secure connected devices, networks and critical systems in the Internet of Things (IoT). It is targeted at Smart Cities, Autonomous Mobility as well as other related industrial and consumer use cases. IoT Armour is the flagship solution of Block Armour, an India and Singapore-based venture focused on harnessing the potential of Blockchain technology to counter growing cybersecurity challenges in bold new ways.
To learn more, visit www.iotarmour.com
NSA advisory about state sponsored cybersecurity threatsRonald Bartels
Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities. This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...Block Armour
Due to the #covid19 pandemic, organizations were faced with an unprecedented, novel challenge of ensuring business continuity without endangering employee health and safety. Presenting our latest case study about how we enabled secure remote access to on-premise as well as SaaS applications for the employees of a Fortune 500 Oil and Gas firm subsidiary with minimal changes in their existing IT environment.
Megatrends 2013: Manage the AcceleratingAmount of Software in CarsRed Bend Software
Red Bend's Director of Market Adoption, Yoram Berholtz, speaking at the Megatrends 2013 event about ways and solutions for managing the increasing amount of software in the cars.
This presentation highlights the factors that are critical for the success of a Data Analytics initiative. Questions like how one should go about analyzing data and why data analytics initiatives go wrong are answered in this presentation.
This presentation highlights various automotive security issues. What are the considerations specific to automotive security? What is the motivation for automotive attacks? Answers to these questions can be found in this presentation.
connected car is mobile, social, big data, cloudJoe Speed
from my 5 star rated session at the IOD `13 Big Data convention. Aso demo'd QNX's show car with MQTT, MessageSight, Worklight, Big Data Streams, Predictive Maintenance PMQ, Node-RED on Softlayer cloud.
Recent webinar where I discuss most of these topics
http://www.youtube.com/watch?v=e8iu-bs3T9Q?t=24m25s
blog http://mobilebit.wordpress.com twitter at @mobilebit https://twitter.com/MobileBit
The Current State of Automotive Security by Chris ValasekCODE BLUE
Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation will examine some controls in two modern automobiles from a security researcherís point of view. We will first cover the requisite tools and software needed to analyze a Controller Area Network (CAN) bus. Secondly, we will demo software to show how data can be read and written to the CAN bus. Then we will show how certain proprietary messages can be replayed by a device hooked up to an ODB-II connection to perform critical car functionality, such as braking and steering. Finally, weíll discuss aspects of reading and modifying the firmware of ECUs installed in todayís modern automobile.
Chris Valasek
Christopher Valasek is the Director of Security Intelligence at IOActive, an industry leader in comprehensive computer security services. Valasek specializes in offensive research methodologies with a focus in reverse engineering and exploitation. Valasek is known for his extensive research in the automotive field and his exploitation and reverse engineering of Windows. Valasek is also the Chairman of SummerCon, the nation’s oldest hacker conference. He holds a B.S. in Computer Science from the University of Pittsburgh.
Red Bend Software: Optimizing the User Experience with Over-the-Air UpdatesRed Bend Software
Due to the complexity of most modern operating systems and the frequency with which they are updated, all leading manufacturers provide Over-the-Air (OTA) software updates for their tablets, smartphones and even cars.
It may take several months between devices leaving the production line to reaching consumers’ hands but users demand the latest updates to get access to new features. In today’s connected world, software updates are a must-have feature for any type of consumer electronics device, from low-end smartphones to high end tablets by way of M2M devices such as cars and set top boxes (STB).
In this SlideShare, Red Bend Software shows you how to manage these updates easily and effectively, providing best practices in rolling out OTA software updates.
OMA Seminar/Webinar, October 27, 2016, "How Developers Can Get the Most Out of IoT Standards and Tools" - Presentation #5 from Tao Lin, PhD, Distinguished Architect, Movimento Group
"Support OTA for Automotive with OMA DM"
[CB16] Using the CGC’s fully automated vulnerability detection tools in secur...CODE BLUE
End-user’s requirements for secure IT products are continually increased in environment that are affected directly to human life and industry such as IoT, CPS. Because vendors and end-user sell or buy products based on trustworthy or objective security evaluation results, security evaluation roles are important. Security Evaluations are divided to two parts, one is evaluation on design level such as ISO/IEC 29128(Verification of Cryptographic Protocols) and another one is post-implementation level such as ISO/IEC 15408(Common Criteria). These security evaluation standards, both ISO/IEC 29128 and ISO/IEC 15408, advise to use formal verification and automated tools when high assurance level of target products is required.
For a long time, vulnerability detection using automated tools have been tried and studied by many security researchers and hackers. And recently, the study related to automated vulnerability detection are now more active than ever in hacking community with DARPA’s CGC(Cyber Grand Challenge). But, too many tools are developed continually and usually each tool has their own purpose to use, so it’s hard to achieve ultimate goal of security evaluation effectively and verify evaluation results.
Furthermore, there are no references for categorizing about automated tools on perspective of security evaluations. So, in this presentation we will list up, categorize and analyze all of automated tools for vulnerability detection and introduce our result such as pros and cons, purpose, effectiveness, etc.
-- InHyuk Seo
My name is Inhyuk Seo(Nick: inhack). I graduated B.S. in Computer Science and Engineering at Hanyang University(ERICA) in 2015. Now I’m a researcher and M.S. of SANE(Security Analaysis aNd Evaluation) Lab at Korea University. I’m interested in Programming Language, Software Testing, Machine Learning, Artificial Intelligence.
In 2012, I completed high-quality information security education course “the Best of the Best(BoB)” hosted by KITRI(Korea Information Technology Research Institute) and conducted “Exploit Decoder for Obfuscated Javascript” Project.
I participated in many projects related with vulnerability analysis. I conducted “Smart TV Vulnerability Analysis and Security Evaluation” and “Developing Mobile Security Solution(EAL4) for Military Environment ”. Also, I participated in vulnerability analysis project for IoT products of various domestic tele-communications.
-- Jisoo Park
Jisoo Park graduated with Dongguk University B.S in Computer science engineering. He participated in secure coding research project in Programming Language Lab and KISA(Korea Internet & Security Agency). He worked as a software QA tester at anti-virus company Ahnlab. He also completed high-quality information security education course “Best of the Best” hosted by KITRI(Korea Information Technology Research Institute) and conducted security consulting for Car sharing service company.
Now, Jisoo Park is a
This report will enable you to dive into the process of Big Data analytics following current methods and illustrated by real case scenarios.
It is a step-by-step guide to improve your analytics methodology from explorative to prescriptive.
It includes a 6-phase data handling methodology from collection to exploitation.
Ptolemus also provides profiles and assessment of the 10 most influential analytics providers.
The report is introduced by 5 interviews of insurance and analytics service providers Strategic assessment of the role of telematics on claims management
Real-time threat detection and prevention for connected autonomous systemsHongwenZhang4
Wedge is an industry leader in real time autonomous threat detection and prevention. Our solution, Wedge Absolute Real Time Protection or WedgeARP, is securing millions connected autonomous systems worldwide
A revolutionary approach to cyber security for a cloud connected and 5G enabled world. Proprietary and patented technologies enable our software defined solution to detected and block malicious threats, including new and never-before-seen malware in real time without manual intervention and before threats have the opportunity to cause damages.
WedgeARP’s architecture and design are perfectly suited for connected autonomous systems of today and the future. Wedge is presently focused on providing advance security and ensuring the cyber worthiness of connected and autonomous vehicles through our world class partners
This deck is prepared for those who are interested in enabling real-time threat prevention for their connected systems, providing advanced security services for the customers, or participating in the growth of Wedge in the explosive market of connected autonomous systems, such as CAV, ITS, Smart Infrastructure/Smart City, etc.
2015 D-STOP Symposium session by CTR's Mike Walton. Watch the presentation at http://youtu.be/yd0DJWndSmo?list=PLWQCGQLl10mwkino_uNmTO4JXOg5oCWtU
Get symposium details: http://ctr.utexas.edu/research/d-stop/education/annual-symposium/
Internet of Things (IoT) will enable dramatic society transformation. This seminar presents an introduction to the IoT and explains why IoT Security is important.
Then it presents security issues in wireless sensor networks that constitute a main ingredient of IoT.
Seminar given at Centre Tecnològic de Telecomunicacions de Catalunya (CTTC) on 28 January 2015.
Connected & Driverless vehicles: the road to Safe & Secure mobility?Bill Harpley
Over many decades, the automotive industry has built up an enviable reputation for Safety and Reliability. But will the mass arrival of connected and automous vehicles put this hard-won reputation at risk.
In future, the affordance of Safety will depend very much in the effective functioning of Cybersecurity, both in-vehicle at at infrastructure scale.
This presentation looks at how the automotive industry is managing to adapt to the brave new world of the Connected Car. It looks at the source of security vulnerabilities, the current state of the art and the measures the industry is taking to align Safety and Security design processes.
Advancements and Hurdles in the Evolution of Automotive Wireless Interfaces: ...IJCI JOURNAL
The integration of wireless interfaces into vehicles has posed some challenges for the automotive industry over the years. While manufacturers strive to impress consumers with cutting-edge features, these features also bring security risks that cannot be ignored. To prevent potentially fatal incidents, a thorough protocol must be established to address system vulnerabilities. As the modern century moves towards an era of autonomous vehicles, security must be a top priority to avoid compliance breaches and delays in feature development. The significance of vehicle interfaces in the modern automotive industry cannot be overstated.
The present study aims to explore the prospective advantages and challenges associated with the integration of wireless interfaces in the automotive industry. This analysis will primarily focus on the latest technological advancements in vehicle technology and the critical need to secure against possible cyber-attacks. A wide range of topics will be covered in this paper, from the evolution of vehicle interfaces to the industry’s hurdles and strategies to minimize the risks associated with cyber threats. The objective of this study is to provide a comprehensive understanding of wireless interfaces in the automotive sector, including the benefits of implementing such technology, the challenges that it poses, and the measures needed to maintain the security and safety of vehicles, as well as the passengers.
Ed Adams, CEO of Security Innovation joins forces with Neil Lakomiak of Underwriters Laboratories and Doug Pluta of Cisco to discuss the Internet of Things (IoT) from a safety and security perspective. From an executive panel presentation at Connected Security Expo 2016
Joint Alstom and STM presentation made at UITP IT-Trans in Karlshruhe - Why Integration at the Operation Control Centre (OCC) is Vital for Rail Security?
Preparing for CV Deployment read ahead 9-8-18raymurphy9533
The fundamental premise of the connected vehicle environment lies in the power of wireless connectivity among vehicles (V2V communications), the infrastructure (V2I communications), and mobile devices to bring about transformative changes in highway safety, mobility, and the environmental impacts of the transportation system.
Ed Adams, CEO of Security Innovation, along with Brian Witten from Symantec address the trade-off between safety, security and convenience as well as the steps that need be taken by manufacturers before we can trust our the new IoT ecosystem to deliver the promised benefits of connected services.
Similar to From Connected To Self-Driving - Securing the Automotive Revolution (20)
Symptoms like intermittent starting and key recognition errors signal potential problems with your Mercedes’ EIS. Use diagnostic steps like error code checks and spare key tests. Professional diagnosis and solutions like EIS replacement ensure safe driving. Consult a qualified technician for accurate diagnosis and repair.
5 Warning Signs Your BMW's Intelligent Battery Sensor Needs AttentionBertini's German Motors
IBS monitors and manages your BMW’s battery performance. If it malfunctions, you will have to deal with an array of electrical issues in your vehicle. Recognize warning signs like dimming headlights, frequent battery replacements, and electrical malfunctions to address potential IBS issues promptly.
"Trans Failsafe Prog" on your BMW X5 indicates potential transmission issues requiring immediate action. This safety feature activates in response to abnormalities like low fluid levels, leaks, faulty sensors, electrical or mechanical failures, and overheating.
What Are The Immediate Steps To Take When The VW Temperature Light Starts Fla...Import Motorworks
Learn how to respond when the red temperature light flashes in your VW with this presentation. From checking coolant levels to seeking professional help, follow these steps promptly to prevent engine damage and ensure safety on the road.
Ever been troubled by the blinking sign and didn’t know what to do?
Here’s a handy guide to dashboard symbols so that you’ll never be confused again!
Save them for later and save the trouble!
The Octavia range embodies the design trend of the Škoda brand: a fusion of
aesthetics, safety and practicality. Whether you see the car as a whole or step
closer and explore its unique features, the Octavia range radiates with the
harmony of functionality and emotion
Fleet management these days is next to impossible without connected vehicle solutions. Why? Well, fleet trackers and accompanying connected vehicle management solutions tend to offer quite a few hard-to-ignore benefits to fleet managers and businesses alike. Let’s check them out!
𝘼𝙣𝙩𝙞𝙦𝙪𝙚 𝙋𝙡𝙖𝙨𝙩𝙞𝙘 𝙏𝙧𝙖𝙙𝙚𝙧𝙨 𝙞𝙨 𝙫𝙚𝙧𝙮 𝙛𝙖𝙢𝙤𝙪𝙨 𝙛𝙤𝙧 𝙢𝙖𝙣𝙪𝙛𝙖𝙘𝙩𝙪𝙧𝙞𝙣𝙜 𝙩𝙝𝙚𝙞𝙧 𝙥𝙧𝙤𝙙𝙪𝙘𝙩𝙨. 𝙒𝙚 𝙝𝙖𝙫𝙚 𝙖𝙡𝙡 𝙩𝙝𝙚 𝙥𝙡𝙖𝙨𝙩𝙞𝙘 𝙜𝙧𝙖𝙣𝙪𝙡𝙚𝙨 𝙪𝙨𝙚𝙙 𝙞𝙣 𝙖𝙪𝙩𝙤𝙢𝙤𝙩𝙞𝙫𝙚 𝙖𝙣𝙙 𝙖𝙪𝙩𝙤 𝙥𝙖𝙧𝙩𝙨 𝙖𝙣𝙙 𝙖𝙡𝙡 𝙩𝙝𝙚 𝙛𝙖𝙢𝙤𝙪𝙨 𝙘𝙤𝙢𝙥𝙖𝙣𝙞𝙚𝙨 𝙗𝙪𝙮 𝙩𝙝𝙚 𝙜𝙧𝙖𝙣𝙪𝙡𝙚𝙨 𝙛𝙧𝙤𝙢 𝙪𝙨.
Over the 10 years, we have gained a strong foothold in the market due to our range's high quality, competitive prices, and time-lined delivery schedules.
What Could Cause The Headlights On Your Porsche 911 To Stop WorkingLancer Service
Discover why your Porsche 911 headlights might flicker out unexpectedly. From aging bulbs to electrical gremlins and moisture mishaps, we're delving into the reasons behind the blackout. Stay tuned to illuminate the road ahead and ensure your lights shine bright for safer journeys.
What Does the PARKTRONIC Inoperative, See Owner's Manual Message Mean for You...Autohaus Service and Sales
Learn what "PARKTRONIC Inoperative, See Owner's Manual" means for your Mercedes-Benz. This message indicates a malfunction in the parking assistance system, potentially due to sensor issues or electrical faults. Prompt attention is crucial to ensure safety and functionality. Follow steps outlined for diagnosis and repair in the owner's manual.
Comprehensive program for Agricultural Finance, the Automotive Sector, and Empowerment . We will define the full scope and provide a detailed two-week plan for identifying strategic partners in each area within Limpopo, including target areas.:
1. Agricultural : Supporting Primary and Secondary Agriculture
• Scope: Provide support solutions to enhance agricultural productivity and sustainability.
• Target Areas: Polokwane, Tzaneen, Thohoyandou, Makhado, and Giyani.
2. Automotive Sector: Partnerships with Mechanics and Panel Beater Shops
• Scope: Develop collaborations with automotive service providers to improve service quality and business operations.
• Target Areas: Polokwane, Lephalale, Mokopane, Phalaborwa, and Bela-Bela.
3. Empowerment : Focusing on Women Empowerment
• Scope: Provide business support support and training to women-owned businesses, promoting economic inclusion.
• Target Areas: Polokwane, Thohoyandou, Musina, Burgersfort, and Louis Trichardt.
We will also prioritize Industrial Economic Zone areas and their priorities.
Sign up on https://profilesmes.online/welcome/
To be eligible:
1. You must have a registered business and operate in Limpopo
2. Generate revenue
3. Sectors : Agriculture ( primary and secondary) and Automative
Women and Youth are encouraged to apply even if you don't fall in those sectors.
Things to remember while upgrading the brakes of your carjennifermiller8137
Upgrading the brakes of your car? Keep these things in mind before doing so. Additionally, start using an OBD 2 GPS tracker so that you never miss a vehicle maintenance appointment. On top of this, a car GPS tracker will also let you master good driving habits that will let you increase the operational life of your car’s brakes.
Things to remember while upgrading the brakes of your car
From Connected To Self-Driving - Securing the Automotive Revolution
1. 1October 2, 2015CSC Proprietary and Confidential 1October 2, 2015CSC Proprietary and Confidential
FROM CONNECTED TO SELF-DRIVING
— SECURING THE AUTOMOTIVE
REVOLUTION
Dr. Alexander Schellong
General Manager, Cybersecurity Division
Central & Eastern Europe, Italy and Turkey
2. 2October 2, 2015CSC Proprietary and Confidential
TRAVEL AND
TRANSPORTATION
INSURANCE
MANUFACTURING
BANKING AND
CAPITAL MARKETS
HEALTHCARE
ENERGY AND
NATURAL RESOURCES
PUBLIC
SECTOR
TECHNOLOGY AND
CONSUMER SERVICES
About CSC
CONSULTING
BIG DATA AND
ANALYTICS
BUSINESS PROCESS SERVICES
AND OUTSOURCING
INFRASTRUCTURE
SERVICES
APPLICATIONS
SERVICES SOFTWARE AND IP
CYBERSECURITYCLOUD
NEXT-GEN
OFFERINGS
3. 3October 2, 2015CSC Proprietary and Confidential
CSC Cybersecurity
CYBER
CONSULTING
SERVICES
CLOUD INTERNET
OF
THINGS
MOBILITY
SOCIAL
MANUFACTURING
TRAVEL AND
TRANSPORTATION
MANAGED
SECURITY
SERVICES
BIG DATA
HEALTHCARE
RISK MANAGEMENT
CENTERS
TECHNOLOGY
AND CONSUMER
SERVICES
PUBLIC
SECTOR
INSURANCE
APPLICATIONS
BUSINESS
OUTSIDE-IN
BANKING AND
CAPITAL
MARKETS
ENERGY AND
NATURAL
RESOURCES
BUSINESS
CONTINUITY/
DISASTER
RECOVERY
Third Platform,
Consumerization
of IT
4. 4October 2, 2015CSC Proprietary and Confidential
Global Cybersecurity Service Portfolio 09/2015
BUSINESS CONTINUITY &
DISASTER RECOVERY
(BC/DR) SERVICES
IDENTITY
MANAGEMENT
CONSULTING
MANAGED SECURITY
SERVICES (MSS)
APPLICATION &
SOFTWARE
SECURITY
Static/Dynamic/Mobile
Scans (HP Fortify)
Compliance / Security Support
(Account Security Managers)
Risk / Security Assessment
Strategy & Information
Security & Risk Management
STRATEGIC &
TECHNICAL SECURITY
CONSULTING
APT / Penetration tests
Social Engineering
Physical Security
Red Team
Data Protection
Network, Mobile & Cloud Security
BSI / ISO / PCI
Audits & Audit Preparation
SOC Planning & Setup
FW / IDS / SIEM Implementation
Industrial Control Systems
Data Loss Prevention
Trainings
RFI / RFP Support
Common Criteria
FIPS
24x7x365 Global IAM
Operations & Support
Application Security
Device & Endpoint Security
Network Security
Cloud Security
Mobile Security
Global Cyberthreat Intelligence
Risk Management Center
Security Operations Center
Risk & Business Impact Analysis
BC/DR Plans, Reviews & Tests
Crisis Management
Global Incident Response /
24x7 Forensics
Training & Simulation
Mergers & Acquisition (M&A)
security due diligence
Secure Code Reviews
SAP
CERTIFICATION
SERVICE (LAB)
SECURITY HARDWARE &
SOFTWARE RESELLING
(Next-Generation) Firewalls
Antivirus / SIEM / IDS / IPS / DLP
Mobile / Endpoint Security
20+ Product partnersCryptography
BSI Grundschutz /
IS-Revision
Secure Software
Development Lifecycle
IAM Consulting &
Solution Architecture
Identity and Access
Governance
RFI / RFP Support
IAM Implementation &
Customization
Cloud SSO &
Federation
IAM Solution
Engineering
Provisioning Solutions
5. 5October 2, 2015CSC Proprietary and Confidential
GLOBAL CYBERSECURITY
PROFESSIONALS
1,700+
INTEGRATED
GLOBAL RISK
MANAGEMENT
CENTERS
5+
YEARS PROVIDING
CYBERSECURITY
SERVICES
40+
GLOBAL ALLIANCE
PARTNERS
PROVIDING SECURITY
EXPERTISE
15+
PUBLIC &
PRIVATE
SECTOR
EXPERTISE
UK
Noida
Kuala Lumpur
Sydney
Newark
Global Scalability
6. 6October 2, 2015CSC Proprietary and Confidential
MOBILE
SECURITY
CLOUD
SECURITY
NETWORK
SECURITY
ENDPOINT
SECURITY
APPLICATION
SECURITY
IDENTITY AND
ACCESS
MANAGEMENT Our deep industry knowledge,
security specialists, and
end-to-end solutions for
traditional and next-generation
technologies enable you to
securely adapt as your business
and risks change.
End-to-End Managed Security Services
7. 7October 2, 2015CSC Proprietary and Confidential
Six decades of safety development to protect us from the
biggest risk factor in car mobility
10. 10October 2, 2015CSC Proprietary and Confidential
Who is the biggest risk in the future?
Ex Machina / Universal Studios (2015)
11. 11October 2, 2015CSC Proprietary and Confidential
Known automotive attack vectors
• ODB-II
Direct connector, USB, WiFi
• Controller Area Network (CAN) (broadcast nature, DoS vulnerability, network segregation)
• Electronic Control Unit (ECU)
– Engine Control Unit (ECU) (access, reflashing while driving, deviation from standards
– Body Control Unit (BCM)
– Elctronic Break Control Module (ECBM)
– Telematics unit (access)
– Radio / Entertainment system (malicious music files)
– Bluetooth (pass through vulnerabilities)
– Tire Pressure Monitoring Systems (TPMS)
• Suppliers, OEM and Dealers
14. 14October 2, 2015CSC Proprietary and Confidential
Volkswagen’s Automotive Cybercrime: Emission control
Daily use
ECU/ECM
Test
15. 15October 2, 2015CSC Proprietary and Confidential
Human error speaks against precautionary approach
- Level of automation +
-humanerrorrisks+
16. 16October 2, 2015CSC Proprietary and Confidential
From 1 billion to 2 billion cars
Infographic Wired Magazine 2012
2050
2 billion cars
9 billion people
2030
200+ million
connected cars
2018
20+ million
connected cars
100 million lines of code per car & 17 Petabyte of data p.a.
17. 17October 2, 2015CSC Proprietary and Confidential
OEM VM vs. IT market entrant approach
SW
Car
Car
SW
- Level of automation +
-Levelofcapabilities+
- Level of automation +
-Levelofcapabilities+
18. 18October 2, 2015CSC Proprietary and Confidential
From connected to autonomous to self-driving
http://www.leftlaneadvisors.com/project/nhtsa-levels-of-vehicle-autonomy-infographic/
Today
19. 19October 2, 2015CSC Proprietary and Confidential
Today’s automotive ecosystem
OEM
VM
Tier 1
Tier 1
Tier 1
Tier 2
Tier 2
Tier 2
Suppliers Producer Retail
Tier 3
Tier 3
Tier 3
Aut. Dealers
Aftermarket
Direct Sales
OES repair
Independent car sharing
Ind. ES manufacturers
Car Sharing
Ind. Dealers
Logistics
Assembler
Ind. retailers
Telematics provider
Logistics
Direct sales suppliers
Independent repair
21. 21October 2, 2015CSC Proprietary and Confidential
The Cyber Disruption Opportunity Moves Outside the Walls
• Live and work “without wires”
• Demand for universal access
• Work everywhere with any device
• Mix personal and corporate lives and information
• Information is currency and everyone wants it –
especially thieves
• Universal access creates dynamic boundaries that
are tougher to protect
• Ever advancing adversaries outpace traditional,
passive cyber defenses
New technology changes expectations
New technology expands and changes risk
Cybersecurity must respond proactively
• New business opportunities have moved outside the
“castle” walls
• Defensible security perimeters no longer exist
• Products and services must anticipate and
continuously manage risks
22. 22October 2, 2015CSC Proprietary and Confidential
Recommended Actions
Hardware / Software / Communications Regulations Culture/Operations
ECU hardening AV & Sec. Proxy Testing requirements Awareness Training
ECU consolidation IPS Operator license req. Cont. Threat analysis
Sec. architecture Sec. architecture Operator training req. Secure Prod. Lifecycle
Black box Cryptography Data collection Patch Mgt.
Segregation Sandboxing Data usage transp. Pentesting
Fail-safe mode Secure bot loader Black box SOC (AC+Org)
Last FS state ident. IAM Open codes ISAC
Time stamps Data storage R&D processes
Sec. Governance
Billing relationship?
Bug rewards program
23. 23October 2, 2015CSC Proprietary and Confidential 23October 2, 2015CSC Proprietary and Confidential
THANK YOU
aschellong@csc.com