Risk Based Security. Automotive Safety & Security, 30. Mai 2017 Christof Ebert and Dominik Lieckfeldt, Vector Consulting Services V1.
|
|
- Penelope Burns
- 6 years ago
- Views:
Transcription
1 Risk Based Secrity Atomotive Safety & Secrity, 30. Mai 2017 Christof Ebert and Dominik Lieckfeldt, Vector Conslting Services V
2 Agenda Motivation Risk-based approach to Cybersecrity Conslsion 2/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
3 Motivation The Challenge of Increasing Fnctionality Increasing nmber and complexity of fnctions More and more distribted development Rising safety, secrity and network reqirements Electronic fel injection Anti-lock brakes Gearbox control Traction control CAN Anti lock brakes Electronic fel injection Hybrid powertrain Electronic stability control Active body control Emergency call Electric power steering FLEXRAY Gearbox control Traction control CAN bs Electric powertrain Adaptive crise control Lane Assistant Stop-/Start atomatic Emergency Break Assist Head-p Display Electronic Brake Control Telediagnostics Online Software Updates AUTOSAR Hybrid powertrain Electronic stability control Active body control Car2Car, Car2X Clod Compting 5G mobile commnication Fel-cell technology Atonomos driving Brake-by-wire Steer-by-wire Secrity & safety Laser-sorced lighting 3D displays Gestre HMI Ethernet/IP backbone Electric powertrain Adaptive crise control Lane Assistant Stop-/Start atomatic Emergency Break Assist Head-p Display Electronic Brake Control Telediagnostics AUTOSAR / Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
4 Motivation Connectivity + Complexity = Cyber Attacks OEM Sppliers ITS Operator Eavesdropping, Data leakage Command injection, data corrption, back doors OBD Man in the middle attacks DSRC 4G LTE Physical attacks, Sensor confsion Password attacks Roge clients, malware Pblic Clods Application vlnerabilities Service Provider 4/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
5 Motivation Many different attack vectors to be regarded OEM Sppliers ITS Operator Attack Vector E/E Network OBD DSRC 4G LTE Pblic Clods Service Provider 5/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
6 Motivation Why do we need to care abot Cybersecrity Fnctional Safety Cyber Secrity Privacy Goal: Protect health Risk: Accident Governance: ISO Methods: HARA, FTA, FMEA, Fail operational, Redndancy, Goal: Protect assets Risk: Attack, exploits Governance: ISO etc. Methods: TARA, Cryptography, IDIP, Key management, Goal: Protect personal data Risk: Data breach Governance: Privacy laws Methods: TARA, Cryptography, Explicit consent, 6/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
7 Motivation Featre Example: Experiences from developer s daily life Key (RF antenna) Safety Item Passive Entry/ Lock/Unlock Steering Colmn Lock Bolt Velocity QM Passive Start ASIL D? Doors lock Fnction Hazard S/E/C ASIL Passive Entry After starting from standstill a nearby second key opens the car from remote by accident. Doors are nlocked and opened nintentionally. Car cold open and hit pedestrian on low speed. S2/E3/C1 QM Steering Colmn Lock Dring driving on high speed (Highway) steering colmn is locked and vehicle crashes in safety fence S3/E4/C3 D Steering Colmn Lock Person nearby is locking steering colmn from remote whereby the vehicle is on medim speed. S3/??/C3?? Fnctional safety methods do not cover secrity isses. An atomotive standard is missing. 7/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
8 Motivation Different Threats Demand Holistic Systems Engineering Fnctional Safety Cyber Secrity Privacy Goal: Protect health Risk: Accident Governance: ISO Methods: HARA, FTA, FMEA, Fail operational, Redndancy, Goal: Protect assets Risk: Attack, exploits Governance: ISO etc. Methods: TARA, Cryptography, IDIP, Key management, Goal: Protect personal data Risk: Data breach Governance: Privacy laws Methods: TARA, Cryptography, Explicit consent, Liability Risk management Holistic systems engineering 8/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
9 Agenda Motivation Risk-based approach to Cybersecrity Conslsion 9/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
10 Probability Risk-based approach to Cybersecrity Fnctional safety & Cyber secrity Risk based approach Risk = Severity of harmfl event Probability of occrrence inacceptable risk acceptable risk Severity The prpose of development measres is to redce the residal risk (cased by new featres) to an acceptable level. 10/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
11 Risk-based approach to Cybersecrity Concept of Threat Analysis and Risk Assessment (TARA) Assets Threat-Model & Risks Measres Concept for Soltion Verification General atomotive asset categories Example: Identified threats Safety Safety - Vehicle fnctions 1 Injries becase of malfnctioning Passive Entry Financial Privacy / Legislati on - Private data -ECU SW Operational Performance Finance - Brand Image 2 Loss of annal sales de to damage to brand image Operational Performance Doors locked Privacy/Legislation 3 Theft of private data - Driving performance Secrity considers a larger scope of threats compared with Safety. 11/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
12 Risk-based approach to Cybersecrity Detailed Steps for TARA Assets Threat-Model & Risks Measres Concept for Soltion Verification Asset/Fnction Secrity Attack Threat Risk Asset 1 Attack-type 1 Threat 1 EAL (Evalation Assrance Levels ) Fnction 1 Attack-type 2 Threat 2 ASIL Asset/ Fnction Passive entry Attack Threat Threat-Level (e.g. Expertise, Eqipment) Athenticity: Attacker nlocks the vehicle doors. Athenticity: Attacker nlocks the vehicle doors. Athenticity: Attacker nlocks the doors of many vehicles. Vehicle doors are nlocked and vehicle is stolen. Vehicle doors are opened at high speed. Vehicle crashes into opposing traffic. Vehicle doors are nlocked and many vehicles are stolen. Impact-Level (e.g. Financial, Privacy, Safety) Risk level High High Medim Very High Very High Very High Medim Very High High / Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
13 No. Variant Asset ID Threat ID Expertise Window of Opportnity Knowledge Eqipment Threat level Safety Financial Operational Privacy Impact Level SG ID Risk-based approach to Cybersecrity TARA Tool from Real World CIAAG Confidentiality, Integrity, Availability, Athenticity, Governance Reslting Secrity Goals Maximm (Safety, Financial) Asset / Vehicle Fnction CIA Hazard / Threat Secrity level Secrity Goal 1 Platform (TBC) Ast 2 Braking to A prevent collision Tht-1 Driver crashes into preceding car. Passengers in both cars are severly wonded or killed. Expert Medim Sensitive Bespokes Low Lifethreatening or fatal injries Low High No impact Critical Medim SG1 If reqested the brakes shall be activated 2 Platform (TBC) Ast 2 Braking to I prevent collision Tht-2 Braking althogh not athorized, e.g. > 10 km/h Expert Medim Sensitive Bespokes Low Severe and life threatening injries High High No impact Critical High SG2 Unathorized braking shall be avoided. 3 Platform (TBC) Ast 1 IPR of fnctions C Tht-3 RCTA fnction becomes pblic knowledge Expert High Pblic Bespokes Medim No injries High No impact No impact Critical High SG3 RCTA fnction shall remain secret. 13/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
14 Risk-based approach to Cybersecrity Secrity Architectre Design Assets, Threats and Risk Assessment Secrity Case, Adit, Compliance Secrity Goals and Secrity Concept Secrity Validation Technical Secrity Concept Test Secrity Mechanisms Secrity Implementation Secrity Verification Secrity Concept: 1. Refinement of Secrity Goals to Fnctional Secrity Reqirements (FSeR) 2. Allocation of FSeR to the first level of system architectre Technical Secrity Concept: 1. Refinement of system architectre to technical component level (SW/HW components) 2. Technical Secrity Reqirements (TSeR) are refined ot of the Secrity Concept 14/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
15 Risk-based approach to Cybersecrity Secrity Architectre Design Assets, Threats and Risk Assessment Secrity Case, Adit, Compliance Secrity Goals and Secrity Concept Secrity Validation Technical Secrity Concept Test Secrity Mechanisms Verification of: Secrity Concept Technical Secrity Concept Secrity Implementation Secrity Verification Peer Reviews Attack Trees as System Vlnerability Analysis 15/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
16 Risk-based approach to Cybersecrity Derive Appropriate Secrity Mechanisms Prevent Detect Forensic Critical High Medim Low (+) + + QM O O + O: No recommendation for or against approach +: Approach is recommended for secrity level ++: Approach is highly recommended for secrity level 16/26 Examples Network/process/ information separation Encryption, digital signatres Key management Access control Firewall Intrsion prevention systems (IPS) Examples Intrsion detection systems (IDS) Monitoring Examples Logging Secrity isse knowledge base Analysis and investigation of digital evidence Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
17 Risk-based approach to Cybersecrity Secrity Engineering Assets, Threats and Risk Assessment Secrity Management in POS Secrity Goals and Reqirements Secrity Case, Adit, Compliance Technical Secrity Concept Secrity Validation Secrity Implementation Secrity Verification 17/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
18 Risk-based approach to Cybersecrity Implement Secrity by Design: Verification and Validation Tools Static / dynamic code analyzer Encryption cracker Vlnerability scanner Network traffic analyzer / stress tester Hardware debgger Interface scanner Exploit tester Layered fzzing tester Life Hacking Penetration testing Attack schemes Governance and social engineering attacks Test for the known and for the nknown. Ensre atomatic regression tests are rnning with each delivery. 18/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
19 Risk-based approach to Cybersecrity Secrity By Design: What will happen to After Sales Services? Assets, Threats and Risk Assessment Secrity Case, Adit, Compliance? Secrity Goals and Reqirements Secrity Validation Technical Secrity Concept Test Secrity Mechanisms Secrity Implementation Secrity Verification Major difference between secrity & safety: Risk-management dring vehicle lifetime. 19/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
20 Risk-based approach to Cybersecrity Game Changer: Deploy Secrity for Service & Operations: OTA Over the Air (OTA) Update: This featre opens the gate for a big nmber of threats and is a soltion at same time. 20/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
21 Agenda Motivation Risk-based approach to Cybersecrity Conslsion 21/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
22 Conslsion Atomotive Cyber Secrity Secrity demands a thorogh cltre change Advance a cyber secrity cltre across fnctions Enforce strong governance end-to-end, not jst encryption and key management Risk based secrity is the order of the day Apply systems engineering for safety and cyber secrity Systematically se professional tools sch as Threat Analysis and Risk Assessment (TARA), vlnerability analysis, secre by design methods, hacking invitations, and varios penetration testing Close known vlnerabilities as soon as possible ( OTA) Adit yor sppliers and achieve a holistic perspective on risks and soltions It needs the ability to think like a Criminal and preemptively act as an Engineer 22/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
23 Conslsion Vector Cyber Secrity is Defined by Three Levers Digitization Atomotive and IT indstries increasingly converge. Software and IT are the major market driver in atomotive. IT departments and atomotive E/E mst collaborate. Attacks Critical systems are by definition insecre. A 100% secrity soltion is not possible. Advanced risk assessment and mitigation is the order of the day. Governance Abse, misse and confse cases will make it to the headlines. Especially if safety and privacy are impacted. Systematic secrity engineering needs a thorogh cltre change. Vector proposition: Bridging best practices from IT and engineering Holistic systems Engineering for Secrity and Safety Vector proposition: Risk based secrity assessment and engineering AUTOSAR software, HW based secrity, engineering services Vector proposition: Secrity cltre: Competences, organization, process Secre by design: Infrastrctres, methods, tools 23/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
24 Conslsion Vector Cyber Secrity Portfolio Secrity Soltions Conslting Vector Secrity Check, Secrity Engineering, Software AUTOSAR, Re-programming ECUs, OTA, Smart Charging Tools Test, Diagnosis, Trainings and media Training Atomotive Cyber Secrity Stttgart, Te. 5. Jl In-hose trainings tailored to yor needs available worldwide Free white papers 24/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
25 Conslsion Qestions? 25/ Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
26 Thank yo for yor attention. For more information please contact s. Vector Conslting Services Yor Partner in Achieving Engineering Excellence Phone Fax Vector Conslting Services GmbH. All rights reserved. Any distribtion or copying is sbject to prior written approval by Vector. V
Functional Safety and Cyber Security Experiences and Trends
Functional Safety and Cyber Security Experiences and Trends Vector China Congress, Shanghai, 7. Sep. 2017 Dr. Christof Ebert, Vector Consulting Services V1.0 2017-09-07 Welcome Vector Consulting Services
More informationFunctional Safety and Cyber-Security Experiences and Trends
Functional Safety and Cyber-Security Experiences and Trends Dr. Christof Ebert, Vector Consulting Services V1.0 2017-12-11 Welcome Vector Consulting Services Experts for product development, product strategy
More informationOverview of Security Support in Vector Tools
Overview of Secrity Spport in Vector Tools Secrity Manager V0.2 2017-09-22 Agenda Motivation Challenges Secrity Manager Otlook 2 Motivation Secrity protects Featres and Bsiness Models Secrity Goals: Integrity
More informationPutting the dynamic into software security testing
Ptting the dynamic into software secrity testing Detecting and Addressing Cybersecrity Isses V1.1 2018-03-05 Code ahead! 2 Atomated vlnerability detection and triage + = 3 How did we get here? Vector was
More informationUnit Testing with VectorCAST and AUTOSAR
Unit Testing with VectorCAST and AUTOSAR Vector TechDay Software Testing with VectorCAST V1.0 2018-11-15 Agenda Introdction Unit Testing Demo Working with AUTOSAR Generated Code Unit Testing AUTOSAR SWCs
More informationDiagnostics is evolving
Diagnostics is evolving Vector India Conference, 208-07-8 V.0 208-07-3 Agenda AUTOSAR Development Remote Diagnostics and OTA Secrity 2 AUTOSAR Development DEXT Diagnostic Extract Template (=DEXT) Part
More informationVector Logger Cloud. VECTOR GB Ltd Conference, 28th Sept, 2017 V
Vector Logger Clod VECTOR GB Ltd Conference, 28th Sept, 2017 V1.0 2017-09-27 Agenda Challenges Vector Logger Clod Secrity Aspects Data Acqisition Policy Conclsion 2 Vector Logger Clod Challenges Growing
More informationAUTOSAR Diagnostic Extract
AUTOSAR Diagnostic Extract The Standard in Practice V1.0 2017-09-26 Agenda Diagnostic Processes in Place AUTOSAR DEXT Introdction Designed for ECU development Enhancement of E/E Workflow Conclsion 2 Diagnostic
More informationSecuring the future of mobility
Kaspersky Transportation System Security AVL Software and Functions Securing the future of mobility www.kaspersky.com #truecybersecurity Securing the future of mobility Connected car benefits The need
More informationAUTOSAR System and Software Design with PREEvision
PREEvision 9.0 RELEASED V0.0 2018-10-15 Agenda CAN FD Commnication Design 2 OVERVIEW 3 Overview AUTOSAR in PREEvision Software Architectre Commnication Network Topology 4 Overview 5 Overview Mlti ser spport
More informationWhat s New in AUTOSAR?
What s New in AUTOSAR? By Stephen Waldron Local Prodct Line Manager Vector UK Conference, Wednesday 27 th September 2017 V1.6.1 2017-08-22 Agenda What s New in AUTOSAR? AUTOSAR 4.3 Software Architectre
More informationWhat s New in AppSense Management Suite Version 7.0?
What s New in AMS V7.0 What s New in AppSense Management Site Version 7.0? AppSense Management Site Version 7.0 is the latest version of the AppSense prodct range and comprises three prodct components,
More informationAUTOSAR Diagnostic Extract
AUTOSAR Diagnostic Extract The Standard in Practice V1.0 2016-09-12 Agenda Diagnostic Processes in Place AUTOSAR DEXT Introdction Possibilities with DEXT in Diagnostic Tools Diagnostic Processes with DEXT
More informationDistributed Systems Security. Authentication Practice - 2. Prof. Steve Wilbur
Distribted Systems Secrity Athentication Practice - 2 Prof. Steve Wilbr s.wilbr@cs.cl.ac.k MSc in Data Commnications Networks and Distribted Systems, UCL Lectre Objectives Examine X.509 as a practical
More informationStandard. 8029HEPTA DataCenter. Because every fraction of a second counts. network synchronization requiring minimum space. hopf Elektronik GmbH
8029HEPTA DataCenter Standard Becase every fraction of a second conts network synchronization reqiring minimm space hopf Elektronik GmbH Nottebohmstraße 41 58511 Lüdenscheid Germany Phone: +49 (0)2351
More informationExamining future priorities for cyber security management
Examining future priorities for cyber security management Cybersecurity Focus Day Insurance Telematics 16 Andrew Miller Chief Technical Officer Thatcham Research Owned by the major UK Motor Insurers with
More informationCYBER INSURANCE: A DEEP DIVE
CYBER INSURANCE: A DEEP DIVE Jdy Selby Febrary 24, 2017 BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by garantee, and forms
More informationContent Safety Precaution... 4 Getting started... 7 Input method... 9 Using the Menus Use of USB Maintenance & Safety...
STAR -1- Content 1. Safety Precation... 4 2. Getting started... 7 Installing the cards and the Battery... 7 Charging the Battery... 8 3. Inpt method... 9 To Shift Entry Methods... 9 Nmeric and English
More informationTurbocharging Connectivity Beyond Cellular
Bitte decken Sie die schraffierte Fläche mit einem Bild ab. Please cover the shaded area with a picture. (24,4 x 11,0 cm) Turbocharging Connectivity Beyond Cellular Scott Beutler, Head of Interior Division
More informationAgenda. > AUTOSAR Overview. AUTOSAR Solution. AUTOSAR on the way
AUTOSAR Overview Agenda > AUTOSAR Overview AUTOSAR Solution AUTOSAR on the way Slide: 2 Overview and Objectives AUTOSAR Partnership Slide: 3 Development of Functionality Electronic fuel injection Cruise
More informationMaking Full Use of Multi-Core ECUs with AUTOSAR Basic Software Distribution
Making Fll Use of Mlti-Core ECUs with AUTOSAR Basic Software Distribtion Webinar V0.1 2018-09-07 Agenda Motivation for Mlti-Core AUTOSAR Standard: SWC-Split MICROSAR Extension: BSW-Split BSW-Split: Technical
More informationTAKING THE PULSE OF ICT IN HEALTHCARE
ICT TODAY THE OFFICIAL TRADE JOURNAL OF BICSI Janary/Febrary 2016 Volme 37, Nmber 1 TAKING THE PULSE OF ICT IN HEALTHCARE + PLUS + High-Power PoE + Using HDBaseT in AV Design for Schools + Focs on Wireless
More informationAutomotive Security An Overview of Standardization in AUTOSAR
Automotive Security An Overview of Standardization in AUTOSAR Dr. Marcel Wille 31. VDI/VW-Gemeinschaftstagung Automotive Security 21. Oktober 2015, Wolfsburg Hackers take over steering from smart car driver
More informationSecure Biometric-Based Authentication for Cloud Computing
Secre Biometric-Based Athentication for Clod Compting Kok-Seng Wong * and Myng Ho Kim School of Compter Science and Engineering, Soongsil University, Sangdo-Dong Dongjak-G, 156-743 Seol Korea {kswong,kmh}@ss.ac.kr
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationAddressing in Future Internet: Problems, Issues, and Approaches
Addressing in Ftre Internet: Problems, Isses, and Approaches Mltimedia and Mobile commnications Laboratory Seol National University Jaeyong Choi, Chlhyn Park, Hakyng Jng, Taekyong Kwon, Yanghee Choi 19
More informationCybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute
Cybersecurity Challenges for Connected and Automated Vehicles Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute Cars are becoming complex (and CAV is only part of it) 1965: No
More informationCyber security mechanisms for connected vehicles
Infineon Security Partner Network Partner Use Case Cyber security mechanisms for connected vehicles Protecting automotive vehicle networks and business models from cyber security attacks Products AURIX
More informationCAN FD. An Introduction V
CAN FD An Introdction V.02 208-0- Agenda Why CAN FD? What is CAN FD? CAN FD Use Cases Atomotive Application Domains CAN FD Controller CAN FD Performance CAN FD Devices CAN FD Standardization Smmary References
More informationBIS - Basic Package V4.6
Engineered Soltions BIS - Basic Package V4.6 BIS - Basic Package V4.6 www.boschsecrity.com The Bilding Integration System (BIS) BIS is a flexible, scalable secrity and safety management system that can
More informationAgenda. About TRL. What is the issue? Security Analysis. Consequences of a Cyber attack. Concluding remarks. Page 2
Security Insert the Vulnerabilities title of your of the presentation Connected here Car Presented Presented by by Peter Name Vermaat Here Principal Job Title ITS - Date Consultant 24/06/2015 Agenda 1
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationHow Security Mechanisms Can Protect Cars Against Hackers. Christoph Dietachmayr, CIS Solution Manager EB USA Techday, Dec.
How Security Mechanisms Can Protect Cars Against Hackers Christoph Dietachmayr, CIS Solution Manager EB USA Techday, Dec. 3 rd 2015 Driver s Fears Are Being Fueled by Recent News ConnectedCars, new opportunies
More informationFailure Diagnosis and Prognosis for Automotive Systems. Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010
Failure Diagnosis and Prognosis for Automotive Systems Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010 Automotive Challenges and Goals Driver Challenges Goals Energy Rising cost of petroleum
More informationSecure Ethernet Communication for Autonomous Driving. Jared Combs June 2016
Secure Ethernet Communication for Autonomous Driving Jared Combs June 2016 Agenda Motivation for Security The Multi-Level Security Architecture Proposal Level 1: Restrict access to the network Level 2:
More informationAccess Professional Edition 2.1
Engineered Soltions Access Professional Edition 2.1 Access Professional Edition 2.1 www.boschsecrity.com Compact access control based on Bosch s innovative AMC controller family Integrated Video Verification
More informationEMC AppSync. User Guide. Version REV 01
EMC AppSync Version 1.5.0 User Gide 300-999-948 REV 01 Copyright 2012-2013 EMC Corporation. All rights reserved. Pblished in USA. EMC believes the information in this pblication is accrate as of its pblication
More informationBIS - Basic package V4.2
Engineered Soltions BIS - Basic package V4.2 BIS - Basic package V4.2 www.boschsecrity.com Integration of Bosch and third party systems throgh deployment of OPC All relevant information in one ser interface
More informationRequirements Engineering. Objectives. System requirements. Types of requirements. FAQS about requirements. Requirements problems
Reqirements Engineering Objectives An introdction to reqirements Gerald Kotonya and Ian Sommerville To introdce the notion of system reqirements and the reqirements process. To explain how reqirements
More informationSicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017
Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen Axel Freiwald 1/2017 All OEMs Will Implement Software OTA As Soon As Possible IHS Study Motivation: Save on recalls caused by software bugs Evolution
More informationBIS - Basic package V4.3
Engineered Soltions BIS - Basic package V4.3 BIS - Basic package V4.3 www.boschsecrity.com Integration of Bosch and third party systems throgh deployment of OPC All relevant information in one ser interface
More informationCYBER SECURITY AND MITIGATING RISKS
CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY
More informationSecurity Challenges with ITS : A law enforcement view
Security Challenges with ITS : A law enforcement view Central Observatory for Intelligent Transportation Systems FRENCH MINISTRY OF INTERIOR GENDARMERIE NATIONALE Colonel Franck MARESCAL franck.marescal@gendarmerie.interieur.gouv.fr
More informationLocal Run Manager. Software Reference Guide for MiSeqDx
Local Rn Manager Software Reference Gide for MiSeqDx Local Rn Manager Overview 3 Dashboard Overview 4 Administrative Settings and Tasks 7 Workflow Overview 12 Technical Assistance 17 Docment # 1000000011880
More informationAutomotive Security Standardization activities and attacking trend
Automotive Standardization activities and attacking trend Ingo Dassow, Deloitte November 2017 Automotive Risk Overview Trends and risks for connected vehicles 2 Value and Components of a Car Autonomous
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationNetworks An introduction to microcomputer networking concepts
Behavior Research Methods& Instrmentation 1978, Vol 10 (4),522-526 Networks An introdction to microcompter networking concepts RALPH WALLACE and RICHARD N. JOHNSON GA TX, Chicago, Illinois60648 and JAMES
More informationBringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016
Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016 Dirk Lybaert Chief Group Corporate Affairs We constantly keep people connected to the
More informationCANoe/CANalyzer. Tools for comprehensive CAN Network Analysis and Test - An Overview V
CANoe/CANalyzer Tools for comprehensive CAN Network Analysis and Test - An Overview V1.53 2016-03-08 Agenda Overview Measrement and Simlation Setp Working with Databases Analysis Windows Data Logging Offline
More informationChristoph Schmittner, Zhendong Ma, Paul Smith
FMVEA for Safety and Security Analysis of Intelligent and Cooperative Vehicles 1st International workshop on the Integration of Safety and Security Engineering (ISSE 14) Christoph Schmittner, Zhendong
More informationBIS - Basic Package V4.4
Engineered Soltions BIS - Basic Package V4.4 BIS - Basic Package V4.4 www.boschsecrity.com Integration of Bosch and third party systems via open interfaces and SDK All relevant information in one ser interface
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationMASP Chapter on Safety and Security
MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio
More information13W-AutoSPIN Automotive Cybersecurity
13W-AutoSPIN Automotive Cybersecurity Challenges and opportunities Alessandro Farsaci (CNH industrial) Cosimo Senni (Magneti Marelli) Milan, Italy November 12th, 2015 Agenda Automotive Cybersecurity Overview
More informationBIS - Access Engine (ACE)
Engineered Soltions BIS - Access Engine (ACE) BIS - Access Engine (ACE) www.boschsecrity.com Sophisticated access control with direct alarm management Seamless integration and interaction with video, fire,
More informationVoertuigconstructeurs en data economie
Voertuigconstructeurs en data economie STUDIEDAG VERKEERSVEILIGHEID VLAAMS HUIS VOOR DE VERKEERSVEILIGHEID DEPT MOW VLAAMS PARLEMENT, BRUSSEL 11 DECEMBER 2017 Saturday, 30 December 2017 AGENDA 1. Context
More informationAuthentication with Privacy for Connected Cars - A research perspective -
Authentication with Privacy for Connected Cars - A research perspective - Mark Manulis Surrey Centre for Cyber Security, Deputy-Director Department of Computer Science University of Surrey sccs.surrey.ac.uk
More informationExpress Monitoring 2019
Express Monitoring 2019 WHY CHOOSE PT EXPRESS MONITORING PT Express Monitoring provides a quick evaluation of the current signaling network protection level. This service helps to discover critical vulnerabilities
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationThe Devil is in the Details: The Secrets to Complying with PCI Requirements. Michelle Kaiser Bray Faegre Baker Daniels
The Devil is in the Details: The Secrets to Complying with PCI Requirements Michelle Kaiser Bray Faegre Baker Daniels 1 PCI DSS: What? PCI DSS = Payment Card Industry Data Security Standard Payment card
More informationEnabling Connectivity with Service Oriented Architectures
Enabling Connectivity with Service Oriented Architectres Vector GB Conference 2017 V2.0 2017-09-21 Agenda Different Perspectives on Connectivity From Signal Oriented to Service Oriented Architectres Ftre
More informationIsilon InsightIQ. Version 2.5. User Guide
Isilon InsightIQ Version 2.5 User Gide Pblished March, 2014 Copyright 2010-2014 EMC Corporation. All rights reserved. EMC believes the information in this pblication is accrate as of its pblication date.
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationEnterprise DevOps patterns ROY OSHEROVE ENTERPRISEDEVOPS.ORG BUILDSTUFF 2017
Enterprise DevOps patterns ROY OSHEROVE ENTERPRISEDEVOPS.ORG BUILDSTUFF 2017 Enterprise DevOps workshop Snday Abot me Consltant in the areas of: - TDD & Unit Testing - DevOps transformation - Technical
More informationEMC ViPR. User Guide. Version
EMC ViPR Version 1.1.0 User Gide 302-000-481 01 Copyright 2013-2014 EMC Corporation. All rights reserved. Pblished in USA. Pblished Febrary, 2014 EMC believes the information in this pblication is accrate
More informationDevelopment of Intrusion Detection System for vehicle CAN bus cyber security
Development of Intrusion Detection System for vehicle CAN bus cyber security Anastasia Cornelio, Elisa Bragaglia, Cosimo Senni, Walter Nesci Technology Innovation - SSEC 14 Workshop Automotive SPIN Italia
More information2014 TRANSIT CEOs SEMINAR. Cybersecurity What Every CEO Should Know to Help Secure the System
2014 TRANSIT CEOs SEMINAR Cybersecurity What Every CEO Should Know to Help Secure the System APTA Enterprise Cyber Security WG update Vulnerable Systems Cyber attacks may be targeted toward one or more
More informationAdvanced Driver Assistance: Modular Image Sensor Concept
Vision Advanced Driver Assistance: Modular Image Sensor Concept Supplying value. Integrated Passive and Active Safety Systems Active Safety Passive Safety Scope Reduction of accident probability Get ready
More informationEMC VNX Series. Problem Resolution Roadmap for VNX with ESRS for VNX and Connect Home. Version VNX1, VNX2 P/N REV. 03
EMC VNX Series Version VNX1, VNX2 Problem Resoltion Roadmap for VNX with ESRS for VNX and Connect Home P/N 300-014-335 REV. 03 Copyright 2012-2014 EMC Corporation. All rights reserved. Pblished in USA.
More informationQuestion 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:
Cybercrime Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1: Organizations can prevent cybercrime from occurring through the proper use of personnel, resources,
More informationFunctional Safety Architectural Challenges for Autonomous Drive
Functional Safety Architectural Challenges for Autonomous Drive Ritesh Tyagi: August 2018 Topics Market Forces Functional Safety Overview Deeper Look Fail-Safe vs Fail-Operational Architectural Considerations
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationDialog 4106 Basic/Dialog 4147 Medium
Analog Telephones for MD110 and MX-ONE Telephony System User Gide Cover Page Graphic Place the graphic directly on the page, do not care abot ptting it in the text flow. Select Graphics > Properties and
More informationAAA CENTER FOR DRIVING SAFETY & TECHNOLOGY
AAA CENTER FOR DRIVING SAFETY & TECHNOLOGY 2017 FORD MUSTANG PREMIUM CONVERTIBLE INFOTAINMENT SYSTEM* DEMAND RATING Very High Demand The Ford Mstang Convertible s SYNC 3 (version 2.20) infotainment system
More informationUSER S GUIDE: SPRINT RELAY CUSTOMER PROFILE
USER S GUIDE: SPRINT RELAY CUSTOMER PROFILE www.mysprintrelay.com/login n Log-in Go to www.mysprintrelay.com/login. If yo don t have a sername or password, click the gray men btton Cstomer New Profile/Call
More informationAddressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1
Addressing Future Challenges in the Development of Safe and Secure Software Components 2016 The MathWorks, Inc. 1 Cybersecurity Emerging Topic in the Auto Industry Vehicle-to-Infrastructure Wifi Hotspot
More informationUnderstanding & Implementing The CMS Emergency Preparedness (EP) Rule
Understanding & Implementing The CMS Emergency Preparedness (EP) Rle Nora O Brien, MPA, CEM Cathy Larsen, MA Connect Conslting Services, Inc. October 11, 2017 Today s Presenters: Nora O Brien, MPA, CEM,
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationCYBER SECURITY AIR TRANSPORT IT SUMMIT
CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER
More informationSIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC
W I N D R I V E R H E L I X C H A S S I S SIMPLIFYING THE WIND RIVER HELIX CHASSIS Helix Chassis brings together software, technologies, tools, and services to help automotive manufacturers unify, simplify,
More informationGoogle attacks. Patrick Chambet Edelweb ON-X Group We re in Vegas, right?
We re in Vegas, right? EdelWeb Edelweb ON-X Grop patrick.chambet@edelweb.fr http://www.edelweb.fr http://www.chambet.com Planning General points Some examples Recommendations Conclsion Page 2 General Points
More informationFast, reliable and affordable connectivity
Fast, reliable and affordable connectivity Richard Chisala Jnr, MIEEE CTO C3 Limited Kasng Crescent MPC Bsiness Park Chichiri, Blantyre, Malawi e: richard.chisala@c3.mw w: www.c3.mw Broadband for the rest
More informationPenetration testing.
Penetration testing Penetration testing is a globally recognized security measure that can help provide assurances that a company s critical business infrastructure is protected from internal or external
More informationINTEGRATING AUTOMOTIVE HAZARD AND THREAT ANALYSIS METHODS: HOW DOES THIS FIT WITH ASSUMPTIONS OF THE SAE J3061
INTEGRATING AUTOMOTIVE HAZARD AND THREAT ANALYSIS METHODS: HOW DOES THIS FIT WITH ASSUMPTIONS OF THE SAE J3061 23rd EuroAsiaSPI Conference, Graz, Austria Georg Macher AVL List GmbH (Headquarters) INTEGRATING
More informationSecurity analysis and assessment of threats in European signalling systems?
Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide
More informationSecurity and networks
Security and networks Creating a secure business in a hyper connected world SHIV K. BAKHSHI, PH.D. VP, INDUSTRY RELATIONS, GROUP FUNCTION TECHNOLOGY ITU Regional workshop, Algiers, Algeria, FeBruary 12,
More informationTHE ULTIMATE SOLUTION TO SECURE MOBILE COMMUNICATIONS AND DEVICES
THE ULTIMATE SOLUTION TO SECURE MOBILE COMMUNICATIONS AND DEVICES Mobility and cybersecurity concerns Why is it important? + 38% worldwide annual growth in enterprise cyber-attacks in 2015. Source : PwC
More informationMIGRATING TO CAN FD. Tony Adamson. Marketing Director CAN / LIN / FlexRay
MIGRATING TO CAN FD Tony Adamson Marketing Director CAN / LIN / FlexRay Agenda WHO ARE WE CAR NETWORKS UNDER TRANSFORMATION SPEED SRITY OUR MISSION AND STRATEGY 2 2 FEBRUARY 16, 2016 VECTOR CAN FD SYMPOSIUM
More informationCar2Car Communication Consortium C2C-CC
Car2Car Communication Consortium C2C-CC Secure Vehicular Communication: Results and Challenges Ahead February 20th/21st 2008, Lausanne Benjamin Weyl BMW Group Research and Technology Chair C2C-CC Security
More information716 West Ave Austin, TX USA
Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationCAPL Scripting Quickstart
CAPL Scripting Qickstart CAPL (Commnication Access Programming Langage) For CANalyzer and CANoe V1.01 2015-12-03 Agenda Important information before getting started 3 Visal Seqencer (GUI based programming
More informationNortel DECT Handset 4025 User Guide
DECT 4025 Nortel DECT Handset 4025 User Gide Revision history Revision history October 2005 Standard 2.00. This docment is p-issed to spport Nortel Commnication Server 1000 Release 4.5. Febrary 2005 Standard
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationTdb: A Source-level Debugger for Dynamically Translated Programs
Tdb: A Sorce-level Debgger for Dynamically Translated Programs Naveen Kmar, Brce R. Childers, and Mary Lo Soffa Department of Compter Science University of Pittsbrgh Pittsbrgh, Pennsylvania 15260 {naveen,
More informationDIVAR IP Video DIVAR IP Remote viewing via Video Security App and Video Security Client from Bosch
Video DIVAR IP 5000 DIVAR IP 5000 www.boschsecrity.com Remote viewing via Video Secrity App and Video Secrity Client from Bosch Flly featred video recording soltion for p to 32 channels Ot-of-the-box IP
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationAnalog Telephones. User Guide. BusinessPhone Communication Platform
Analog Telephones BsinessPhone Commnication Platform User Gide Cover Page Graphic Place the graphic directly on the page, do not care abot ptting it in the text flow. Select Graphics > Properties and make
More informationWeak Spots Enterprise Mobility Management. Dr. Johannes Hoffmann
Weak Spots Enterprise Mobility Management Dr. Johannes Hoffmann Personal details TÜV Informationstechnik GmbH TÜV NORD GROUP Dr. Johannes Hoffmann IT Security Business Security & Privacy Main focus: Mobile
More informationSecurity Standardization and Regulation An Industry Perspective
Security Standardization and Regulation An Industry Perspective Dr. Ralf Rammig Siemens AG Megatrends Challenges that are transforming our world Digitalization In the future, we ll be living in a world
More information