Functional Safety and Cyber-Security Experiences and Trends
|
|
- Roland Ryan
- 6 years ago
- Views:
Transcription
1 Functional Safety and Cyber-Security Experiences and Trends Dr. Christof Ebert, Vector Consulting Services V
2 Welcome Vector Consulting Services Experts for product development, product strategy and IT in critical systems Interim support, such as virtual security and safety officers and interim management Global presence Trainings on Agile, Requirements, Security, Safety, CMMI/SPICE etc. Part of Vector Group with over 2000 employees Automotive Aerospace IT & Finance Digital Transformation Medical Railway 2/26
3 Welcome Vector Client Survey: Security and Safety are Major Challenges 70% 60% 50% 40% 30% 20% 10% 0% Mid-term challenges Complexity Management Security and Safety Connectivity Distributed Development Others Governance and Compliance Automotive magic triangle Innovative Products Digital Transformation Efficiency and Cost Short-term challenges 0% 10% 20% 30% 40% 50% 60% 70% Join 2018 survey now and win a training or book Vector Client Survey Details: Horizontal axis shows short-term challenges; vertical axis shows mid-term challenges. Sum > 100% due to 3 answers per question. Strong validity with >4% response rate of 1500 recipients from different industries worldwide. Vector recommendation: Efficiently implement safety and security 3/26
4 Agenda 1. Welcome 2. Safety needs Security 3. Risk-Oriented Development 4. Practical Guidance and Vector Experiences 5. Conclusions 4/26
5 Safety needs Security ACES (Autonomy, Connectivity, Efficiency, Services) Cyber-Attacks OEM Eavesdropping, Data leakage Suppliers ITS Operator Command injection, data corruption, back doors OBD Man in the DSRC middle attacks 4G LTE Physical attacks, Sensor confusion Trojans, Ransomware Password attacks Rogue clients, malware Public Clouds Application vulnerabilities Service Provider Security will be the major liability risk in the future. Average security breach is detected in of 70% cases by third party after 8 months. 5/26
6 Agenda 1. Welcome 2. Safety needs Security 3. Risk-Oriented Development 4. Practical Guidance and Vector Experiences 5. Conclusions 6/26
7 Risk-Oriented Development Combined Safety and Security Need Holistic Systems Engineering Functional Safety Cyber-Security Privacy Goal: Protect health Risk: External hazards Governance: ISO etc. Methods: HARA, FTA, FMEA, Fail operational, Redundancy, Goal: Protect assets Risk: Internal threats Governance: ISO etc. Methods: TARA, Cryptography, ID/IP, Key management, Goal: Protect personality Risk: Data threats Governance: Privacy laws Methods: TARA, Cryptography, Explicit consent, Liability Risk management Holistic systems engineering 7/26
8 Risk-Oriented Development Standards Demand Risk-Oriented Approach Functional Safety (IEC 61508, ISO 26262) Hazard and risk analysis Functions and risk mitigation Safety engineering ISO ed.2 will not comprehensively address security, but include shared methods, such as TARA Assets, Threats and Risk Assessment Security Goals and Requirements Technical Security Concept Security Implementation Op. Scenarios, Hazard, Risk Assessment Safety Goals and Requirements Functional and Technical Safety- Concept Safety Implementation Safety Case, Certification, Approval Safety Validation Safety Verification Safety Management after SOP Security Case, Audit, Compliance Security Validation Security Verification Security Management in POS + Security (ISO architecture 27001, ISO 15408, ISO 21434, SAE J3061) methods Threat data formats and risk & analysis functionality Abuse, misuse, confuse cases Security engineering Security and Safety are interacting and demand holistic systems engineering For (re) liable and efficient ramp-up connect security to safety governance 8/26
9 Risk-Oriented Development State of the Art: Functional Safety Relevance of ISO is basically understood 1. Driving Situations OEM 2. Hazards OEM 3. Risks and Safety Integrity Level OEM 4. Safety Goals Safety Requirements OEM 5. Technical Safety Concept OEM/Tier1 6. Safety requirements on ECU level OEM/Tier1 7. Software Safety Requirements Tier1/Vector Functional safety can be efficiently achieved on the basis of mature development processes 9/26
10 Risk-Oriented Development State of the Art: Cyber-Security Security demands are growing fast Connectivity and open channels allow security attacks Exploits will persist beyond zero-day because so far no OTA governance Safety-critical systems connected to potentially unsecure bus systems Vector recommendations Extend hazard analysis with threat analysis and automotive attack models Reuse existing safety artefacts to ensure robust safety case Define tailored security protection for safety-critical systems Encrypt entire bus communication, e.g. AUTOSAR Protect ECUs with secure boot and HW-defined security Completely separate infotainment and HU Do not copy paste standards because it increases overheads and complexity 10/26
11 Risk-Oriented Development Functional Safety and Cyber-Security Demand Risk-Oriented Development Risk = Severity of harmful event Probability of occurrence Probability acceptable risk Severity inacceptable risk Asset Attack Threat is causes performed requires against is reduced by has value for Attack Potential Security Goal Stakeholders (e.g., driver, OEM) has Threat Agent (e.g. hacker) is achieved by Security Engineering Risk-oriented engineering means to intelligently mitigate the residual risks 11/26
12 Agenda 1. Welcome 2. Safety needs Security 3. Risk-Oriented Development 4. Practical Guidance and Vector Experiences 5. Conclusions 12/26
13 Practical Guidance and Vector Experiences Concept of Combined Threat/Hazard Analysis and Risk Assessment Assets Threat-Model & Risks Measures Concept for Solution Verification Specific automotive asset categories Example: Identified threats Privacy, Legislation, Governance e.g. private data Safety e.g. Vehicle functions Operational Performance Finance e.g. Liability, brand image Safety Injuries because of malfunctioning Passive Entry Financial Extra cost due to call-back and law-suits Operational Performance Car cannot be started, doors cannot be opened e.g. Driving experience Privacy/Legislation Theft of personal data Consider specific automotive assets derived from CIAAG (Confidentiality, Integrity, Authenticity, Availability, Governance) scheme 13/26
14 Practical Guidance and Vector Experiences Tools for Safety and Security Customer Benefits Efficient implementation of cybersecurity and functional safety Full Life-Cycle support from requirements to concept, design, test and after-sales Traceability and governance Support for heterogeneous environments Package offering for consulting, e.g. Vector SafetyCheck or Vector SecurityCheck Vector SecurityCheck Continuous Safety Case PREEvision Safety support 14/26
15 Practical Guidance and Vector Experiences Case Study Powertrain: Threats and Hazards Throttle pedal, Engine control Safety Item Adjust Speed Lock/Unlock Change Gears Transmission Velocity ASIL C ASIL C Throttle Function Hazard S/E/C ASIL Adjust speed Speed is unintentionally increased during normal operation in cruise control while driving in a city S3/E3/C1 C Change Gears During driving on high speed (Highway) the gear is changing to a higher gear thus reducing acceleration when it is needed during overtaking S3/E4/C3 C Relate identified security threats to safety hazard analysis 15/26
16 Practical Guidance and Vector Experiences Case Study Powertrain: From TARA to Technical Safety/Security Concept 2 Elements of functional architecture 1 Security goal and derived functional security req. Security Goal Functional Security Requirement Entities of Functional Security Architecture ID Level Security Goal ID Requirement Inputs Function Blocks SG05 High It shall be prevented that unauthentic software is installed on vehicle ECUs. The authenticity and integrity of the user_command signal during reading FSR 1 and transmission shall be assured. The authenticity and integrity of the authenticity signal during reading and FSR 2 transmission shall be assured. The authenticity and integrity of the sw_update during reading and FSR 3 transmission shall be assured. FSR 4 FSR 5 FSR 6 FSR 7 It shall be assured that the signal allow_update generated from the input signals is calculated correctly. The authenticity and integrity of the allow_update signal during transmission shall be assured. It shall be assured that the signal change_sw generated from the input signals is calculated correctly. If an error with regards to authenticity and integrity during reading, transmission or calculation of signals or the actuator status occurs, the system will not install the sw update. Update sw command Authenticity and Integrity of sw update (Signature) sw update Prevent unauthorized update Install sw in ECU sw storage (e.g. flash memory).... x x x x x x x x x x x x x x x x x x x x x 3 Allocation of req. to architecture elements Transform technical security concept to security requirements. Handle security requirements exactly like functional requirements. 16/26
17 Practical Guidance and Vector Experiences Case Study Powertrain: Separate Concerns Diagnostic Interface (OBD evolution) Instrument Cluster Head Unit DSRC 4G LTE Powertrain DC Chassis DC Central Gateway Connectivity Gateway CU Laptop Body DC WiFI Smartphone ADAS DC Smart Charging Firewall Key Infrastructure Crypto Primitives Monitoring / Logging Hypervisor ID / IP Secure On Board Comm. Secure Off Board Comm. Download Manager Secure Flash/Boot Secure Synchronized Time Manager Incrementally harden your E/E and IT functions, architectures and components. 17/26
18 Practical Guidance and Vector Experiences Security by Design: Implementation, Verification and Validation Design Use programming rules such as MISRA-C Avoid injectable code Enforce high cryptographic strength Assign least privileges to any function Static and dynamic code analysis Test Encryption cracker, vulnerability scanner Network traffic analyzer, stress tester, interface scanner Layered fuzzing testing Life Hacking Penetration testing Governance and social engineering attacks Test for the unknown. Run automatic regression tests with each delivery. 18/26
19 Practical Guidance and Vector Experiences Consider Risk-oriented Development throughout the life-cycle Assets, Threats and Risk Assessment Security Case, Audit, Compliance After Sales Security Goals and Requirements Security Validation Technical Security Concept Test Security Mechanisms Security Implementation Security Verification Begin with the end in mind: After Sales Support needs early development decisions: Resilience, fail operational strategies, alert center, repair/ota, governance 19/26
20 Practical Guidance and Vector Experiences Game Changer: OTA Facilitates Security Across the Life-cycle OEM Side Update Process There is no security without continuous Over the Air (OTA) update strategy 20/26
21 Agenda 1. Welcome 2. Safety needs Security 3. Risk-Oriented Development 4. Practical Guidance and Vector Experiences 5. Conclusions 21/26
22 Conclusions Risk-Oriented Development Must Cover the Entire Life-Cycle Safety / Security by design Secure provisioning and governance Safety hazards and security threats Development Secured supply chain Services Incident response and upgrades Production Operations Systematic safety and security engineering Scaleable incident monitoring and response Multiple modes of operation (normal, attack, emergency, fail operational, fail safe, etc.) 22/26
23 Conclusions Safety and Security Matter Safety and Security demands a thorough culture change Build necessary competences for safety and security Do not simply copy-paste elements from current standards Enforce strong governance end-to-end Security Safety Risk-oriented development is the order of the day Apply systems engineering for safety and cyber-security Systematically use professional tools, such as PREEvision and CANoe Close known vulnerabilities as soon as possible, preferably with OTA Audit your suppliers and achieve a holistic perspective on risks and solutions Use the hacker s view for security risks, and not that of developer or safety expert To know your enemy, you have to become your enemy. (Sun Tzu, The Art of War) In other words: Think like a Criminal and preemptively act as an Engineer. 23/26
24 Conclusions Vector Offers Comprehensive Portfolio for Cyber-Security and Functional Safety Vector Cyber-Security and Safety Solutions Security and Safety Consulting Trainings SecurityCheck, SafetyCheck, Virtual Safety Manager, Virtual Security Manager AUTOSAR Basic Software: MICROSAR Safe HW based Security Tools for Design, Test and Lifecycle support: PREEvision DaVinci CANoe CANdela and Indigo Engineering Services for Safety and Security 24/26
25 Conclusions Further Information: Vector White Papers on Automotive E/E Trends Mobility: From driving to multi-modal mobility services and sharing culture Business Models: From incumbent tiered supply-chain to flexible new players from IT industry E/E architecture: From distributed electronic controllers to standardized three-tier architecture IT architecture: From proprietary building blocks to open IT systems with off-the-shelf components and adaptive SOA. Development lifecycle: From the classic V model with rather heavy release cycles to agile DevOps-like approach. Governance: From encapsulated safety-critical functions to interwoven quality assurance for liability, safety, cyber-security, privacy. Culture: From R&D vs. IT separation to convergence. Competences: From automotive embedded electronics to IT as a core competence of all engineers. Source: IEEE Software May 2017 (Vector Guest Edited) Contact Vector for white papers, technical benchmarks and consulting 25/26
26 Thank you for your attention. For more information please contact us. Passion. Partner. Value. Vector Consulting Services Phone:
Functional Safety and Cyber Security Experiences and Trends
Functional Safety and Cyber Security Experiences and Trends Vector China Congress, Shanghai, 7. Sep. 2017 Dr. Christof Ebert, Vector Consulting Services V1.0 2017-09-07 Welcome Vector Consulting Services
More informationEnsuring Consistency of Critical Systems in Agile Development
Ensuring Consistency of Critical Systems in Agile Development Helmut Bunge, Samir Sarkic, Bosch Dr. Christof Ebert, Kai Ruedele, Vector Consulting Services V1.1 20181003 Bosch technology to enhance quality
More informationCyber security mechanisms for connected vehicles
Infineon Security Partner Network Partner Use Case Cyber security mechanisms for connected vehicles Protecting automotive vehicle networks and business models from cyber security attacks Products AURIX
More informationSecuring the future of mobility
Kaspersky Transportation System Security AVL Software and Functions Securing the future of mobility www.kaspersky.com #truecybersecurity Securing the future of mobility Connected car benefits The need
More informationMASP Chapter on Safety and Security
MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio
More informationSecure Product Design Lifecycle for Connected Vehicles
Secure Product Design Lifecycle for Connected Vehicles Lisa Boran Vehicle Cybersecurity Manager, Ford Motor Company SAE J3061 Chair SAE/ISO Cybersecurity Engineering Chair AGENDA Cybersecurity Standards
More informationRisk Based Security. Automotive Safety & Security, 30. Mai 2017 Christof Ebert and Dominik Lieckfeldt, Vector Consulting Services V1.
Risk Based Secrity Atomotive Safety & Secrity, 30. Mai 2017 Christof Ebert and Dominik Lieckfeldt, Vector Conslting Services V1.0 2017-05-30 Agenda Motivation Risk-based approach to Cybersecrity Conslsion
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationSicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017
Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen Axel Freiwald 1/2017 All OEMs Will Implement Software OTA As Soon As Possible IHS Study Motivation: Save on recalls caused by software bugs Evolution
More informationSecurity analysis and assessment of threats in European signalling systems?
Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationAutomotive Security An Overview of Standardization in AUTOSAR
Automotive Security An Overview of Standardization in AUTOSAR Dr. Marcel Wille 31. VDI/VW-Gemeinschaftstagung Automotive Security 21. Oktober 2015, Wolfsburg Hackers take over steering from smart car driver
More informationScalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018
Scalable and Flexible Software Platforms for High-Performance ECUs Christoph Dietachmayr Sr. Engineering Manager, November 8, Agenda A New E/E Architectures and High-Performance ECUs B Non-Functional Aspects:
More informationSIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC
W I N D R I V E R H E L I X C H A S S I S SIMPLIFYING THE WIND RIVER HELIX CHASSIS Helix Chassis brings together software, technologies, tools, and services to help automotive manufacturers unify, simplify,
More informationAutomotive Anomaly Monitors and Threat Analysis in the Cloud
Automotive Anomaly Monitors and Threat Analysis in the Cloud Dr. André Weimerskirch Vector Automotive Cyber Security Symposium October 12, 2017 Cybersecurity Components Secure Internal & External Communications
More informationThe modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.
Automotive The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Cars are becoming increasingly connected through a range of wireless networks The increased
More information10 th AUTOSAR Open Conference
10 th AUTOSAR Open Conference Dr. Moritz Neukirchner Elektrobit Automotive GmbH Building Performance ECUs with Adaptive AUTOSAR AUTOSAR Nov-2017 Major market trends and their impact Trends Impact on E/E
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationAutomotive Security: Challenges and Solutions
Automotive Security: Challenges and Solutions 8 th Vector Congress 30 th November 2016 V2.01.00 2016-11-22 Agenda Introduction Services Embedded Security Mechanisms Tools Summary 2 Introduction Vehicle
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationRiccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist
Riccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist Internet of Things Group 2 Internet of Things Group 3 Autonomous systems: computing platform Intelligent eyes Vision. Intelligent
More informationPENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017
PENETRATION TESTING OF AUTOMOTIVE DEVICES Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017 Imagine your dream car 2 Image: 2017 ESCRYPT. Exemplary attack demonstration only. This is NOT
More information13W-AutoSPIN Automotive Cybersecurity
13W-AutoSPIN Automotive Cybersecurity Challenges and opportunities Alessandro Farsaci (CNH industrial) Cosimo Senni (Magneti Marelli) Milan, Italy November 12th, 2015 Agenda Automotive Cybersecurity Overview
More informationAutomotive Security Standardization activities and attacking trend
Automotive Standardization activities and attacking trend Ingo Dassow, Deloitte November 2017 Automotive Risk Overview Trends and risks for connected vehicles 2 Value and Components of a Car Autonomous
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationEnhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationSecure Ethernet Communication for Autonomous Driving. Jared Combs June 2016
Secure Ethernet Communication for Autonomous Driving Jared Combs June 2016 Agenda Motivation for Security The Multi-Level Security Architecture Proposal Level 1: Restrict access to the network Level 2:
More informationUNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)
UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) Koji NAKAO, NICT, Japan (Expert of UNECE WP29/TFCS) General Flow of works in WP29/TFCS and OTA Data protection
More informationSecurity and networks
Security and networks Creating a secure business in a hyper connected world SHIV K. BAKHSHI, PH.D. VP, INDUSTRY RELATIONS, GROUP FUNCTION TECHNOLOGY ITU Regional workshop, Algiers, Algeria, FeBruary 12,
More informationAddressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1
Addressing Future Challenges in the Development of Safe and Secure Software Components 2016 The MathWorks, Inc. 1 Cybersecurity Emerging Topic in the Auto Industry Vehicle-to-Infrastructure Wifi Hotspot
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationConvergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations
Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations Agenda Nexus of Safety and Cybersecurity Separation and Connectivity Trends in Aerospace Cybersecurity Isn t Security
More informationДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT
ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT ENERGY AUTOMATION - SMART GRID Restricted Siemens AG 20XX All rights reserved. siemens.com/answers Frederic Buchi, Energy Management Division, Siemens AG Cyber
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationWELCOME ISO/IEC 27001:2017 Information Briefing
WELCOME ISO/IEC 27001:2017 Information Briefing Denis Ryan C.I.S.S.P NSAI Lead Auditor Running Order 1. Market survey 2. Why ISO 27001 3. Requirements of ISO 27001 4. Annex A 5. Registration process 6.
More informationEstablishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security
Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security Michael John SmartSec 2016, Amsterdam www.encs.eu European Network for Cyber Security The European
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More informationCaribbean Cyber Security: Not Only Government s Responsibility
Caribbean Cyber Security: Not Only Government s Responsibility AWARENESS AND VIGILANCE IS EVERYBODY S RESPONSIBILITY Preseted at: ICT Symposium Antigua and Barbuda March 2017 Caribbean Cyber Security Events
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationSGS CYBER SECURITY GROWTH OPPORTUNITIES
SGS CYBER SECURITY GROWTH OPPORTUNITIES Eric Krzyzosiak GENERAL MANAGER DIGITAL Jeffrey Mc Donald Executive Vice President CERTIFICATION & BUSINESS ENHANCEMENT Eric Lee WIRELESS & CONSUMER RETAIL CYBER
More informationInnovation policy for Industry 4.0
Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda
More informationCYBER SECURITY AND MITIGATING RISKS
CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY
More informationAutomotive Gateway: A Key Component to Securing the Connected Car
Automotive : A Key Component to Securing the Connected Car Introduction Building vehicles with gateways electronic devices that enable secure and reliable communications among a vehicle s electronic systems
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationSupply Chain Integrity and Security Assurance for ICT. Mats Nilsson
Supply Chain Integrity and Security Assurance for ICT Mats Nilsson The starting point 2 B Internet users 85% Population coverage 5+ B Mobile subscriptions 10 years of Daily upload E-Books surpassing Print
More informationConnected Car Solutions Based on IoT
FEATURED ARTICLES Autonomous Driving Technology for Connected Cars Connected Car Solutions Based on IoT With the aim of achieving a prosperous society in which people and vehicles exist in harmony, the
More informationTowards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things
Towards Trustworthy Internet of Things for Mission-Critical Applications Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things Internet of Things is a game changer Organizations are benefiting from
More informationAutomotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017
Automotive Security: Challenges, Standards and Solutions Alexander Much 12 October 2017 Driver s fears are being fueled by recent news Connected Cars, new opportunities for hackers Autonomous Driving Concepts
More informationISO/IEC Information technology Security techniques Code of practice for information security controls
INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01 Information technology Security techniques Code of practice for information security controls Technologies de l information Techniques de
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationLBI Public Information. Please consider the impact to the environment before printing this.
LBI Public Information. Please consider the impact to the environment before printing this. DGPC Framework People Executive management commitment Engaged management team Integrated governance organization
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationCyber Security Technologies
1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales
More informationBringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016
Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016 Dirk Lybaert Chief Group Corporate Affairs We constantly keep people connected to the
More informationCyber Criminal Methods & Prevention Techniques. By
Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation
More informationBrian Russell, Chair Secure IoT WG & Chief Engineer Cyber Security Solutions, Leidos
Brian Russell, Chair Secure IoT WG & Chief Engineer Cyber Security Solutions, Leidos Cloud Security Alliance, 2015 Agenda 1. Defining the IoT 2. New Challenges introduced by the IoT 3. IoT Privacy Threats
More informationCertified Automotive Software Tester Sample Exam Paper Syllabus Version 2.0
Surname, Name: Gender: male female Company address: Telephone: Fax: E-mail-address: Invoice address: Training provider: Trainer: Certified Automotive Software Tester Sample Exam Paper Syllabus Version
More informationAchieving End-to-End Security in the Internet of Things (IoT)
Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of
More informationEconomic and Social Council
United Nations Economic and Social Council ECE/TRANS/WP.29/2017/46 Distr.: General 23 December 2016 Original: English Economic Commission for Europe Inland Transport Committee World Forum for Harmonization
More informationRecommendations for Implementing an Information Security Framework for Life Science Organizations
Recommendations for Implementing an Information Security Framework for Life Science Organizations Introduction Doug Shaw CISA, CRISC Director of CSV & IT Compliance Azzur Consulting Agenda Why is information
More informationHow Security Mechanisms Can Protect Cars Against Hackers. Christoph Dietachmayr, CIS Solution Manager EB USA Techday, Dec.
How Security Mechanisms Can Protect Cars Against Hackers Christoph Dietachmayr, CIS Solution Manager EB USA Techday, Dec. 3 rd 2015 Driver s Fears Are Being Fueled by Recent News ConnectedCars, new opportunies
More informationFending Off Cyber Attacks Hardening ECUs by Fuzz Testing
Fending Off Cyber Attacks Hardening ECUs by Fuzz Testing In designing vehicle communication networks, security test procedures play an important role in the development process. Fuzz testing, which originated
More informationAutonomous Driving needs Safety & Security. Embedded World 2018 Dr. Ciwan Gouma
Autonomous Driving needs Safety & Security Embedded World 2018 Dr. Ciwan Gouma Autonomous Driving The Vision The vision is not new. Picture left (maybe you have seen this in other presentations) but why
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationTurbocharging Connectivity Beyond Cellular
Bitte decken Sie die schraffierte Fläche mit einem Bild ab. Please cover the shaded area with a picture. (24,4 x 11,0 cm) Turbocharging Connectivity Beyond Cellular Scott Beutler, Head of Interior Division
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including
More informationSW-Update. Thomas Fleischmann June 5 th 2015
Thomas Fleischmann June 5 th 2015 2 3 Agenda The big picture SW-Update today Diagnostics vs SW-Update Our solution for SW-Update The real challenges beyond getting a file into the car Elektrobit (EB),
More informationDiagnostic Trends 2017 An Overview
Diagnostic Trends 2017 An Overview Vector India Conference, 2017-07-18+19 V1.0 2017-07-14 Agenda 1. DoIP 2. Remote Diagnostics 3. Cyber Security 4. Summary 2/29 DoIP Why DoIP? Why another diagnostic network?
More informationCybersecurity for IoT to Nuclear
Seminar Series Cybersecurity for IoT to Nuclear Fred Cohn, Program Director Property of Schneider Electric Who Am I? Program Director, Schneider Electric Product Security Office Cybersecurity Strategy
More informationCloud Computing: A European Perspective. Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA
Cloud Computing: A European Perspective Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA Overview Cloud Universe Definitions Cloud Risks in Europe Governance, Risk and Compliance
More informationCyber Security. Building and assuring defence in depth
Cyber Security Building and assuring defence in depth The Cyber Challenge Understanding the challenge We live in an inter-connected world that brings a wealth of information to our finger tips at the speed
More informationRFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template
RFP/RFI Questions for Managed Security Services Sample MSSP RFP Template Table of Contents Request for Proposal Template Overview 1 Introduction... 1 How to Use this Document... 1 Suggested RFP Outline
More informationEngineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationGDPR Update and ENISA guidelines
GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure
More informationTraining and Certifying Security Testers Beyond Penetration Testing
Training and Certifying Security Testers Beyond Penetration Testing Randall W. Rice, CTAL (Full), CTAL-SEC Director, ASTQB Board of Directors www.astqb.org Most organizations do not know the true status
More informationSecure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO
Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO tom.stiehm@coveros.com 1 About Coveros Coveros helps organizations accelerate the delivery of business value through
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationHardening Attack Vectors to cars by Fuzzing
Hardening Attack Vectors to cars by Fuzzing AESIN 2015 Ashley Benn, Regional Sales manager 29 th October, 2015 2015 Synopsys, Inc. 1 Today, there are more than 100m lines of code in cars 2015 Synopsys,
More informationIngram Micro Cyber Security Portfolio
Ingram Micro Cyber Security Portfolio Ingram Micro Inc. 1 Ingram Micro Cyber Security Portfolio Services Trainings Vendors Technical Assessment General Training Consultancy Service Certification Training
More informationInternet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin
Internet of Things Internet of Everything Presented By: Louis McNeil Tom Costin Agenda Session Topics What is the IoT (Internet of Things) Key characteristics & components of the IoT Top 10 IoT Risks OWASP
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationDevelopment of Intrusion Detection System for vehicle CAN bus cyber security
Development of Intrusion Detection System for vehicle CAN bus cyber security Anastasia Cornelio, Elisa Bragaglia, Cosimo Senni, Walter Nesci Technology Innovation - SSEC 14 Workshop Automotive SPIN Italia
More informationThe Information Age has brought enormous
Cyber threat to ships real but manageable KAI hansen, akilur rahman If hackers can cause laptop problems and access online bank accounts or credit card information, imagine the havoc they can wreak on
More informationFailure Diagnosis and Prognosis for Automotive Systems. Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010
Failure Diagnosis and Prognosis for Automotive Systems Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010 Automotive Challenges and Goals Driver Challenges Goals Energy Rising cost of petroleum
More informationSecuring Devices in the Internet of Things
AN INTEL COMPANY Securing Devices in the Internet of Things WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe
More informationPREPARE & PREVENT. The SD Comprehensive Cybersecurity Portfolio for Business Aviation
PREPARE & PREVENT The SD Comprehensive Cybersecurity Portfolio for Business Aviation SD CYBERSECURITY SERVICES At SD, security isn t a slogan, it is our culture. Just because you are in a business jet
More informationGerman OWASP Day 2016 CarIT Security: Facing Information Security Threats. Tobias Millauer
German OWASP Day 2016 CarIT Security: Facing Information Security Threats Tobias Millauer Daimler Business Units German OWASP Day 2016 CarIT Security: Facing Information Security Threats Tobias Millauer
More informationTransforming Security Part 2: From the Device to the Data Center
SESSION ID: SP01-R11 Transforming Security Part 2: From the Device to the Data Center John Britton Director, EUC Security VMware @RandomDevice The datacenter as a hospital 3 4 5 Digital transformation
More informationAUTOSAR proofs to be THE automotive software platform for intelligent mobility
AUTOSAR proofs to be THE automotive software platform for intelligent mobility Dr.-Ing. Thomas Scharnhorst AUTOSAR Spokesperson Simon Fürst, BMW AG Stefan Rathgeber, Continental Corporation Lorenz Slansky,
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More information