Functional Safety and Cyber Security Experiences and Trends
|
|
- Stephen Booth
- 5 years ago
- Views:
Transcription
1 Functional Safety and Cyber Security Experiences and Trends Vector China Congress, Shanghai, 7. Sep Dr. Christof Ebert, Vector Consulting Services V
2 Welcome Vector Consulting Services Experts for product development, product strategy and IT in critical systems Interim support, such as virtual security and safety officers and interim management Global presence Trainings on Agile, Requirements, Security, Safety, CMMI/SPICE etc. Part of Vector Group with over 1800 employees Automotive Aerospace IT & Finance Digital Transformation Medical Railway
3 Agenda 1. Welcome 2. Safety and Security are Key Risks 3. Risk-Oriented Development 4. Conclusions and Outlook 2/29
4 Safety and Security are Key Risks Vector Client Survey: Security and Safety are Major Challenges 70% 60% 50% 40% 30% 20% 10% Mid-term challenges Complexity Management Security and Safety Connectivity Distributed Development Governance and Compliance Innovative Products Digital Transformation Efficiency and Cost 0% Others Short-term challenges 0% 10% 20% 30% 40% 50% 60% 70% Vector Client Survey Details: Horizontal axis shows short-term challenges; vertical axis shows mid-term challenges. Sum > 100% due to 3 answers per question. Strong validity with >4% response rate of 1500 recipients from different industries worldwide. 3/29
5 Safety and Security are Key Risks Challenge: Security and Safety Increasing complexity of functions Interactive services and connectivity Rising liability risks with cyber security and safety Quantity: Boost in number of systems Maturity: Inefficient processes and tools Quality: Lack of experts Fuel injection Anti-lock brakes Gearbox control Traction control CAN Anti lock brakes Fuel injection Hybrid powertrain Electronic stability control Active body control Emergency call Electric power steering FLEXRAY Engine /gearbox control Traction control Electric powertrain Adaptive cruise control Lane assistant Stop-/start automatic Emergency break assist Head-up display Electronic brake control Tele diagnostics Online Software Updates AUTOSAR Hybrid powertrain Electronic stability control Active body control Mobility services Autonomous driving Brake-by-wire Steer-by-wire Connectivity, Vehicle2X Cloud computing 5G mobile communication Fuel-cell technology Laser-sourced lighting 3D displays Gesture HMI Ethernet/IP backbone Electric powertrain Adaptive cruise control Lane assistant Stop-/start automatic Emergency break assist Head-up display Electronic brake control Remote diagnostics AUTOSAR... Time 4/29
6 Safety and Security are Key Risks Automotive E/E Trends Mobility: From driving to multi-modal mobility services and sharing culture Business Models: From incumbent tiered supply-chain to flexible new players from IT industry E/E architecture: From distributed electronic controllers to standardized three-tier architecture IT architecture: From proprietary building blocks to open IT systems with off-the-shelf components and adaptive SOA. Development lifecycle: From the classic V model with rather heavy release cycles to agile DevOps-like approach. Governance: From encapsulated safety-critical functions to interwoven quality assurance for liability, safety, cyber security, privacy. Culture: From R&D vs. IT separation to convergence. Competences: From automotive embedded electronics to IT as a core competence of all engineers. Details: IEEE Software May 2017 (Vector Guest Edited) 5/29
7 Safety and Security are Key Risks Automotive Trends Impact Safety and Security 1. Powertrain Energy efficiency Unintended speed change 2. Driver Assistance Autonomous driving Signal confusion 3. Connectivity Always connected Sudden Driver distraction 6/29
8 Safety and Security are Key Risks Vector Was First to Address Automotive Cyber Security First presentation on automotive security in 2007 came from Vector: Automotive Security: A Threat with an End? 7/29
9 Safety and Security are Key Risks History Repeats Itself Unless We Learn From It 1980s: IT Systems were Complex Distributed Software Intensive Perceived as secure Then came the Morris worm 2016: Automotive Systems are Then Complex Distributed Software Intensive Perceived as secure A 100% perfect solution is not possible. Advanced risk assessment and mitigation is the order of the day. 8/29
10 Safety and Security are Key Risks Connectivity + Complexity = Cyber Attacks OEM Suppliers ITS Operator Eavesdropping, Data leakage Command injection, data corruption, back doors OBD Man in the DSRC middle attacks 4G LTE Physical attacks, Sensor confusion Trojans, Ransomware Password attacks Rogue clients, Public malware Clouds Application vulnerabilities Service Provider 9/29
11 Safety and Security are Key Risks Combined Safety and Security Need Holistic Systems Engineering Functional Safety Cyber Security Privacy Goal: Protect health Risk: Accident Governance: ISO etc. Methods: HARA, FTA, FMEA, Fail operational, Redundancy, Goal: Protect assets Risk: Attack, exploits Governance: ISO etc. Methods: TARA, Cryptography, ID/IP, Key management, Goal: Protect personal data Risk: Data breach Governance: Privacy laws Methods: TARA, Cryptography, Explicit consent, Liability Risk management Holistic systems engineering 10/29
12 Agenda 1. Welcome 2. Safety and Security are Key Risks 3. Risk-Oriented Development 4. Conclusions and Outlook 11/29
13 Risk-Oriented Development Standards Demand Risk-Oriented Approach Functional Safety (IEC 61508, ISO 26262) Assets, Threats and Risk Assessment Op. Scenarios, Hazard, Risk Assessment Safety Management after SOP Security Management in POS Hazard and risk analysis Functions and risk mitigation Safety engineering ISO ed.2 will not comprehensively address security, but will refer to and include shared methods, such as TARA Security Goals and Requirements Technical Security Concept Security Implementation Safety Goals and Requirements Functional and Technical Safety- Concept Safety Implementation Safety Case, Certification, Approval Safety Validation Safety Verification Security Case, Audit, Compliance Security Validation Security Verification + Security architecture (ISO 27001, ISO 15408, ISO 21434, SAE J3061) methods Threat data formats and risk & analysis functionality Abuse, misuse, confuse cases Security engineering Security and Safety are interacting and demand holistic systems engineering For fast start connect security with safety 12/29
14 Risk-Oriented Development Functional Safety and Cyber Security Risk based approach Risk = Severity of harmful event Probability of occurrence inacceptable risk Probability acceptable risk Severity Risk-oriented engineering means to intelligently mitigate the residual risk. It does not mean to copy paste standards and thus further increase complexity 13/29
15 Risk-Oriented Development State of the Art: Functional Safety Functional safety with ISO is digested Vector Consulting support on all levels for OEM and Tier1 1. Driving Situations OEM 2. Hazards OEM 3. Risks and Safety Integrity Level OEM 4. Safety Goals Safety Requirements OEM 5. Technical Safety Concept OEM/Tier1 6. Safety requirements on ECU level OEM/Tier1 7. Software Safety Requirements Tier1/Vector ISO ed.2 will demand more consistency and enhancements on safety related methodologies 14/29
16 Risk-Oriented Development State of the Art: Cyber Security Security demands growing fast Connectivity and open channels allow security attacks Exploits will persist beyond zero-day because so far no OTA governance Safety-critical systems connected to potentially unsecure bus systems Build security engineering on top of existing safety Extend hazard analysis with threat analysis and automotive attack models Reuse existing safety artefacts to ensure robust safety case Define tailored security protection for safety-critical systems Encrypt entire bus communication, e.g. AUTOSAR Protect ECUs with secure boot and HW-defined security Completely separate infotainment and HU There is no safety without security 15/29
17 Risk-Oriented Development Concept of Combined Threat/Hazard Analysis and Risk Assessment Assets Threat-Model & Risks Measures Concept for Solution Verification General automotive asset categories Example: Identified threats Safety Safety - Vehicle functions 1 Injuries because of malfunctioning Passive Entry Financial Privacy / Legislati on -Private data -ECU SW Operational Performance Finance -Brand Image 2 Loss of annual sales due to damage to brand image Operational Performance Doors locked Privacy/Legislation 3 Theft of private data -Driving performance Security considers a larger scope of threats compared with Safety. 16/29
18 Risk-Oriented Development Case Study Powertrain: Threats and Hazards Throttle pedal, Engine control Safety Item Adjust Speed Lock/Unlock Change Gears Transmission Velocity ASIL C ASIL C Throttle Function Hazard S/E/C ASIL Adjust speed Speed is unintentionally increased during normal operation in cruise control while driving in a city S3/E3/C1 C Change Gears During driving on high speed (Highway) the gear is changing to a higher gear thus reducing acceleration when it is needed during overtaking S3/E4/C3 C Unlike Safety where we work with probabilities, Security threats always have a probability of 1 for exploits and attacks. 17/29
19 Risk-Oriented Development Case Study Powertrain: From TARA to Technical Safety/Security Concept 2 Elements of functional architecture 1 Security goal and derived functional security req. Security Goal Functional Security Requirement Entities of Functional Security Architecture ID Level Security Goal ID Requirement Inputs Function Blocks SG05 High It shall be prevented that unauthentic software is installed on vehicle ECUs. The authenticity and integrity of the user_command signal during reading FSR 1 and transmission shall be assured. The authenticity and integrity of the authenticity signal during reading and FSR 2 transmission shall be assured. The authenticity and integrity of the sw_update during reading and FSR 3 transmission shall be assured. FSR 4 FSR 5 FSR 6 FSR 7 It shall be assured that the signal allow_update generated from the input signals is calculated correctly. The authenticity and integrity of the allow_update signal during transmission shall be assured. It shall be assured that the signal change_sw generated from the input signals is calculated correctly. If an error with regards to authenticity and integrity during reading, transmission or calculation of signals or the actuator status occurs, the system will not install the sw update. Update sw command Authenticity and Integrity of sw update (Signature) sw update Prevent unauthorized update Install sw in ECU sw storage (e.g. flash memory).... x x x x x x x x x x x x x x x x x x x x x 3 Allocation of req. to architecture elements Transform technical security concept to security requirements. Handle security requirements exactly like functional requirements. 18/29
20 Risk-Oriented Development Security by Design: Separate Concerns Diagnostic Interface Instrument Cluster Head Unit DSRC 4G LTE Powertrain DC Chassis DC Central Gateway Connectivity Gateway CU Laptop Body DC Tablet Smartphone ADAS DC Smart Charging Firewall Key Infrastructure Crypto Primitives Monitoring / Logging Hypervisor ID / IP Secure On Board Comm. Secure Off Board Comm. Download Manager Secure Flash/Boot Secure Synchronized Time Manager Incrementally harden your E/E and IT functions, architectures and components. Commit to a roadmap with budget and competences. 19/29
21 Risk-Oriented Development Implementation, Verification and Validation Design Use programming rules such as MISRA-C Avoid injectable code Enforce high cryptographic strength Assign least privileges to any function Static and dynamic code analysis Test Encryption cracker, vulnerability scanner Network traffic analyzer, stress tester, interface scanner Layered fuzzing testing Life Hacking Penetration testing Governance and social engineering attacks Test for the unknown. Run automatic regression tests with each delivery. 20/29
22 Risk-Oriented Development Game Changer: OTA Facilitates Security Across the Life-cycle Over the Air (OTA) Updates: Problem and solution at the same time. 21/29
23 Risk-Oriented Development Conclusion: Apply Different Techniques Across Your Life-Cycle Security Techniques Cost Benefit Quick Wins Vector SafetyCheck and Vector SecurityCheck for initial risk assessment Low Medium and implementation guidance Role of Virtual Security Manager Medium High Safety and Security Training and compliance audits Low High Technology Secure boot, communication, storage High High Secure run-time (e.g. CFI, DFI, MACs) High High IDS/IPS, Firewall with adjusted policies Medium-High Medium Process and Governance Development for safety and security Medium-High High Test strategy, e.g. Fuzz Testing, Penetration Testing etc. High Medium Secure Key Management High Medium Security task force and response team (internal or virtual) Medium High 22/29
24 Agenda 1. Welcome 2. Safety and Security are Key Risks 3. Risk-Oriented Development 4. Conclusions and Outlook 23/29
25 Conclusions and Outlook Risk-Oriented Development Must Cover the Entire Life-Cycle Secure by design Secure provisioning Development Services Internal threats Secure supply chain Secure monitoring External threats Production Operations Systematic safety and security engineering Scaleable monitoring Multiple mode of operation (normal, attack, emergency, fail operatoinal, fail safe, etc.) 24/29
26 Conclusions and Outlook Integrated Safety and Security Engineering Assets and Attack Potentials Threat and Risk Assessment Security Goals Features and Operation Scenarios Hazard and Risk Assessment Safety Goals Safety Case Validate Safety Assumptions Security Case Validate Security Assumptions Security Architecture Functional Safety-Concept Test Safety Mechanisms Test Security Mechanisms & Penetration Tests Technical Security Concept Technical Safety-Concept Verify Safety Mechanisms Verify Security Mechanisms Implement. of Security Mechanisms Implement. of Safety Mechanisms Safety Analysis Security Analysis Safety Activity Secure Implementation of Nominal Functions Security Activity Similar to Safety, Security needs to be an integrated part of the development process. Build security upon existing safety governance. 25/29
27 Conclusions and Outlook Safety and Security Matter Safety and Security demands a thorough culture change Build necessary competences for safety and security Do not simply copy-paste elements from current standards Enforce strong governance end-to-end Security Safety Risk-oriented development is the order of the day Apply systems engineering for safety and cyber security Systematically use professional tools, such as PREEvision and CANoe Close known vulnerabilities as soon as possible, preferably with OTA Audit your suppliers and achieve a holistic perspective on risks and solutions Use the hacker s view for security risks, and not that of developer or safety expert To know your enemy, you have to become your enemy. (Sun Tzu, The Art of War) In other words: Think like a Criminal and preemptively act as an Engineer. 26/29
28 Conclusions and Outlook Vector Offers a Comprehensive Portfolio for Cyber Security and Functional Safety Vector Cyber Security and Safety Solutions Security and Safety Consulting AUTOSAR Basic Software HW based Security Tools (PLM with PREEvision, Architecture, Test, Diagnosis etc.) Engineering Services for Safety and Security 27/29
29 Conclusions and Outlook More Information Annual Vector Security Symposium 12. October 2017 in Stuttgart With all major OEMs and Tier-1 suppliers Trainings and Media Free Cyber-Security Webinar (1 hour, continuously updated) Free Functional Safety Webinar (1 hour, continuously updated) In-house trainings tailored to your needs are worldwide available Vector White Papers 28/29
30 Thank you for your attention. For more information please contact us. Passion. Partner. Value. Vector Consulting Services Phone:
Functional Safety and Cyber-Security Experiences and Trends
Functional Safety and Cyber-Security Experiences and Trends Dr. Christof Ebert, Vector Consulting Services V1.0 2017-12-11 Welcome Vector Consulting Services Experts for product development, product strategy
More informationEnsuring Consistency of Critical Systems in Agile Development
Ensuring Consistency of Critical Systems in Agile Development Helmut Bunge, Samir Sarkic, Bosch Dr. Christof Ebert, Kai Ruedele, Vector Consulting Services V1.1 20181003 Bosch technology to enhance quality
More informationCyber security mechanisms for connected vehicles
Infineon Security Partner Network Partner Use Case Cyber security mechanisms for connected vehicles Protecting automotive vehicle networks and business models from cyber security attacks Products AURIX
More informationRisk Based Security. Automotive Safety & Security, 30. Mai 2017 Christof Ebert and Dominik Lieckfeldt, Vector Consulting Services V1.
Risk Based Secrity Atomotive Safety & Secrity, 30. Mai 2017 Christof Ebert and Dominik Lieckfeldt, Vector Conslting Services V1.0 2017-05-30 Agenda Motivation Risk-based approach to Cybersecrity Conslsion
More informationSecuring the future of mobility
Kaspersky Transportation System Security AVL Software and Functions Securing the future of mobility www.kaspersky.com #truecybersecurity Securing the future of mobility Connected car benefits The need
More informationMASP Chapter on Safety and Security
MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio
More informationSecurity analysis and assessment of threats in European signalling systems?
Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide
More informationAutomotive Security An Overview of Standardization in AUTOSAR
Automotive Security An Overview of Standardization in AUTOSAR Dr. Marcel Wille 31. VDI/VW-Gemeinschaftstagung Automotive Security 21. Oktober 2015, Wolfsburg Hackers take over steering from smart car driver
More informationFailure Diagnosis and Prognosis for Automotive Systems. Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010
Failure Diagnosis and Prognosis for Automotive Systems Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010 Automotive Challenges and Goals Driver Challenges Goals Energy Rising cost of petroleum
More informationSecure Product Design Lifecycle for Connected Vehicles
Secure Product Design Lifecycle for Connected Vehicles Lisa Boran Vehicle Cybersecurity Manager, Ford Motor Company SAE J3061 Chair SAE/ISO Cybersecurity Engineering Chair AGENDA Cybersecurity Standards
More informationScalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018
Scalable and Flexible Software Platforms for High-Performance ECUs Christoph Dietachmayr Sr. Engineering Manager, November 8, Agenda A New E/E Architectures and High-Performance ECUs B Non-Functional Aspects:
More informationSicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017
Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen Axel Freiwald 1/2017 All OEMs Will Implement Software OTA As Soon As Possible IHS Study Motivation: Save on recalls caused by software bugs Evolution
More informationThe modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.
Automotive The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Cars are becoming increasingly connected through a range of wireless networks The increased
More information13W-AutoSPIN Automotive Cybersecurity
13W-AutoSPIN Automotive Cybersecurity Challenges and opportunities Alessandro Farsaci (CNH industrial) Cosimo Senni (Magneti Marelli) Milan, Italy November 12th, 2015 Agenda Automotive Cybersecurity Overview
More information10 th AUTOSAR Open Conference
10 th AUTOSAR Open Conference Dr. Moritz Neukirchner Elektrobit Automotive GmbH Building Performance ECUs with Adaptive AUTOSAR AUTOSAR Nov-2017 Major market trends and their impact Trends Impact on E/E
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationHardening Attack Vectors to cars by Fuzzing
Hardening Attack Vectors to cars by Fuzzing AESIN 2015 Ashley Benn, Regional Sales manager 29 th October, 2015 2015 Synopsys, Inc. 1 Today, there are more than 100m lines of code in cars 2015 Synopsys,
More informationConvergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations
Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations Agenda Nexus of Safety and Cybersecurity Separation and Connectivity Trends in Aerospace Cybersecurity Isn t Security
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationCybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute
Cybersecurity Challenges for Connected and Automated Vehicles Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute Cars are becoming complex (and CAV is only part of it) 1965: No
More informationAddressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1
Addressing Future Challenges in the Development of Safe and Secure Software Components 2016 The MathWorks, Inc. 1 Cybersecurity Emerging Topic in the Auto Industry Vehicle-to-Infrastructure Wifi Hotspot
More informationSIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC
W I N D R I V E R H E L I X C H A S S I S SIMPLIFYING THE WIND RIVER HELIX CHASSIS Helix Chassis brings together software, technologies, tools, and services to help automotive manufacturers unify, simplify,
More informationCountermeasures against Cyber-attacks
Countermeasures against Cyber-attacks Case of the Automotive Industry Agenda Automotive Basics ECU, domains, CAN Automotive Security Motivation, trends Hardware and Software Security EVITA, SHE, HSM Secure
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationSecure Ethernet Communication for Autonomous Driving. Jared Combs June 2016
Secure Ethernet Communication for Autonomous Driving Jared Combs June 2016 Agenda Motivation for Security The Multi-Level Security Architecture Proposal Level 1: Restrict access to the network Level 2:
More informationRiccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist
Riccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist Internet of Things Group 2 Internet of Things Group 3 Autonomous systems: computing platform Intelligent eyes Vision. Intelligent
More informationAUTOSAR proofs to be THE automotive software platform for intelligent mobility
AUTOSAR proofs to be THE automotive software platform for intelligent mobility Dr.-Ing. Thomas Scharnhorst AUTOSAR Spokesperson Simon Fürst, BMW AG Stefan Rathgeber, Continental Corporation Lorenz Slansky,
More informationAutomotive Anomaly Monitors and Threat Analysis in the Cloud
Automotive Anomaly Monitors and Threat Analysis in the Cloud Dr. André Weimerskirch Vector Automotive Cyber Security Symposium October 12, 2017 Cybersecurity Components Secure Internal & External Communications
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More informationAutomotive Security Standardization activities and attacking trend
Automotive Standardization activities and attacking trend Ingo Dassow, Deloitte November 2017 Automotive Risk Overview Trends and risks for connected vehicles 2 Value and Components of a Car Autonomous
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationCyber Criminal Methods & Prevention Techniques. By
Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation
More informationAutomotive Security: Challenges and Solutions
Automotive Security: Challenges and Solutions 8 th Vector Congress 30 th November 2016 V2.01.00 2016-11-22 Agenda Introduction Services Embedded Security Mechanisms Tools Summary 2 Introduction Vehicle
More informationAutomotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017
Automotive Security: Challenges, Standards and Solutions Alexander Much 12 October 2017 Driver s fears are being fueled by recent news Connected Cars, new opportunities for hackers Autonomous Driving Concepts
More informationNew ARMv8-R technology for real-time control in safetyrelated
New ARMv8-R technology for real-time control in safetyrelated applications James Scobie Product manager ARM Technical Symposium China: Automotive, Industrial & Functional Safety October 31 st 2016 November
More informationConnected Car Solutions Based on IoT
FEATURED ARTICLES Autonomous Driving Technology for Connected Cars Connected Car Solutions Based on IoT With the aim of achieving a prosperous society in which people and vehicles exist in harmony, the
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationCYBER SECURITY AND MITIGATING RISKS
CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY
More informationInnovation policy for Industry 4.0
Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationWelcome Note. Dr. Thomas Scharnhorst, AUTOSAR Spokesperson 10 th AUTOSAR Open Conference 8 th Nov 2017, Mountain View, California
Dr. Thomas Scharnhorst, AUTOSAR Spokesperson 10 th AUTOSAR Open Conference 8 th Nov 2017, Mountain View, California Welcome Willkommen Bienvenu 歡迎 Boas-vindas Welkom добро пожаловать ようこそ 환영합니다 Bienvenida
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT
ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT ENERGY AUTOMATION - SMART GRID Restricted Siemens AG 20XX All rights reserved. siemens.com/answers Frederic Buchi, Energy Management Division, Siemens AG Cyber
More informationIngram Micro Cyber Security Portfolio
Ingram Micro Cyber Security Portfolio Ingram Micro Inc. 1 Ingram Micro Cyber Security Portfolio Services Trainings Vendors Technical Assessment General Training Consultancy Service Certification Training
More informationPREEvision Technical Article
PREEvision Technical Article AUTOSAR-Conformant Vehicle Diagnostics over : Developing Diagnostic Communications for E/E Systems The electronically controlled systems of modern vehicles are networked with
More informationUNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)
UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) Koji NAKAO, NICT, Japan (Expert of UNECE WP29/TFCS) General Flow of works in WP29/TFCS and OTA Data protection
More informationHow Security Mechanisms Can Protect Cars Against Hackers. Christoph Dietachmayr, CIS Solution Manager EB USA Techday, Dec.
How Security Mechanisms Can Protect Cars Against Hackers Christoph Dietachmayr, CIS Solution Manager EB USA Techday, Dec. 3 rd 2015 Driver s Fears Are Being Fueled by Recent News ConnectedCars, new opportunies
More informationEnhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationSGS CYBER SECURITY GROWTH OPPORTUNITIES
SGS CYBER SECURITY GROWTH OPPORTUNITIES Eric Krzyzosiak GENERAL MANAGER DIGITAL Jeffrey Mc Donald Executive Vice President CERTIFICATION & BUSINESS ENHANCEMENT Eric Lee WIRELESS & CONSUMER RETAIL CYBER
More informationAgenda. > AUTOSAR Overview. AUTOSAR Solution. AUTOSAR on the way
AUTOSAR Overview Agenda > AUTOSAR Overview AUTOSAR Solution AUTOSAR on the way Slide: 2 Overview and Objectives AUTOSAR Partnership Slide: 3 Development of Functionality Electronic fuel injection Cruise
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationIs This What the Future Will Look Like?
Is This What the Future Will Look Like? Implementing fault tolerant system architectures with AUTOSAR basic software Highly automated driving adds new requirements to existing safety concepts. It is no
More informationDevelopment of Intrusion Detection System for vehicle CAN bus cyber security
Development of Intrusion Detection System for vehicle CAN bus cyber security Anastasia Cornelio, Elisa Bragaglia, Cosimo Senni, Walter Nesci Technology Innovation - SSEC 14 Workshop Automotive SPIN Italia
More informationDesigning a software framework for automated driving. Dr.-Ing. Sebastian Ohl, 2017 October 12 th
Designing a software framework for automated driving Dr.-Ing. Sebastian Ohl, 2017 October 12 th Challenges Functional software architecture with open interfaces and a set of well-defined software components
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationSecurity and networks
Security and networks Creating a secure business in a hyper connected world SHIV K. BAKHSHI, PH.D. VP, INDUSTRY RELATIONS, GROUP FUNCTION TECHNOLOGY ITU Regional workshop, Algiers, Algeria, FeBruary 12,
More informationCloud Computing: A European Perspective. Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA
Cloud Computing: A European Perspective Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA Overview Cloud Universe Definitions Cloud Risks in Europe Governance, Risk and Compliance
More informationPENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017
PENETRATION TESTING OF AUTOMOTIVE DEVICES Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017 Imagine your dream car 2 Image: 2017 ESCRYPT. Exemplary attack demonstration only. This is NOT
More informationAutomotive Gateway: A Key Component to Securing the Connected Car
Automotive : A Key Component to Securing the Connected Car Introduction Building vehicles with gateways electronic devices that enable secure and reliable communications among a vehicle s electronic systems
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationAutonomous Driving From Fail-Safe to Fail-Operational Systems
Autonomous Driving From Fail-Safe to Fail-Operational Systems Rudolf Grave December 3, 2015 Agenda About EB Automotive Autonomous Driving Requirements for a future car infrastructure Concepts for fail-operational
More informationSecurity In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.
Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery. 2017 Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property
More informationEstablishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security
Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security Michael John SmartSec 2016, Amsterdam www.encs.eu European Network for Cyber Security The European
More informationFending Off Cyber Attacks Hardening ECUs by Fuzz Testing
Fending Off Cyber Attacks Hardening ECUs by Fuzz Testing In designing vehicle communication networks, security test procedures play an important role in the development process. Fuzz testing, which originated
More informationTrusted Platform Modules Automotive applications and differentiation from HSM
Trusted Platform Modules Automotive applications and differentiation from HSM Cyber Security Symposium 2017, Stuttgart Martin Brunner, Infineon Technologies Axiom: Whatever is connected can (and will)
More informationAutonomous Driving needs Safety & Security. Embedded World 2018 Dr. Ciwan Gouma
Autonomous Driving needs Safety & Security Embedded World 2018 Dr. Ciwan Gouma Autonomous Driving The Vision The vision is not new. Picture left (maybe you have seen this in other presentations) but why
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More informationDeriving safety requirements according to ISO for complex systems: How to avoid getting lost?
Deriving safety requirements according to ISO 26262 for complex systems: How to avoid getting lost? Thomas Frese, Ford-Werke GmbH, Köln; Denis Hatebur, ITESYS GmbH, Dortmund; Hans-Jörg Aryus, SystemA GmbH,
More informationRecommendations for Implementing an Information Security Framework for Life Science Organizations
Recommendations for Implementing an Information Security Framework for Life Science Organizations Introduction Doug Shaw CISA, CRISC Director of CSV & IT Compliance Azzur Consulting Agenda Why is information
More informationAutomotive Functional Safety
Automotive Functional Safety Complexity, Confidence, Compliance, Certification Farmington, 2018-03-22 23.03.2018 150 years TÜV SÜD 150 years of inspiring trust Inspiring trust since 1866 The year 2016
More informationSecure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO
Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO tom.stiehm@coveros.com 1 About Coveros Coveros helps organizations accelerate the delivery of business value through
More informationAuthentication with Privacy for Connected Cars - A research perspective -
Authentication with Privacy for Connected Cars - A research perspective - Mark Manulis Surrey Centre for Cyber Security, Deputy-Director Department of Computer Science University of Surrey sccs.surrey.ac.uk
More informationThe Safe State: Design Patterns and Degradation Mechanisms for Fail- Operational Systems
The Safe State: Design Patterns and Degradation Mechanisms for Fail- Operational Systems Alexander Much 2015-11-11 Agenda About EB Automotive Motivation Comparison of different architectures Concept for
More informationCompute solutions for mass deployment of autonomy
Compute solutions for mass deployment of autonomy Rod Watt Director of Vehicle Architecture and System Analysis Introduction 2 From inception to now 1990 Joint venture between Acorn Computers and Apple.
More informationFunctional Safety Architectural Challenges for Autonomous Drive
Functional Safety Architectural Challenges for Autonomous Drive Ritesh Tyagi: August 2018 Topics Market Forces Functional Safety Overview Deeper Look Fail-Safe vs Fail-Operational Architectural Considerations
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationWELCOME ISO/IEC 27001:2017 Information Briefing
WELCOME ISO/IEC 27001:2017 Information Briefing Denis Ryan C.I.S.S.P NSAI Lead Auditor Running Order 1. Market survey 2. Why ISO 27001 3. Requirements of ISO 27001 4. Annex A 5. Registration process 6.
More informationPeter Kreutzer, PSSAM/Automation Power World 2011 New Delhi, Secure and reliable Redundant communication network and cyber security
Peter Kreutzer, PSSAM/Automation Power World 2011 New Delhi, 2011-09-20 Secure and reliable Redundant communication network and cyber security Content Reliable Substation communication networks Introduction
More informationWeak Spots Enterprise Mobility Management. Dr. Johannes Hoffmann
Weak Spots Enterprise Mobility Management Dr. Johannes Hoffmann Personal details TÜV Informationstechnik GmbH TÜV NORD GROUP Dr. Johannes Hoffmann IT Security Business Security & Privacy Main focus: Mobile
More informationWE IMPROVE THE WORLD THROUGH ENGINEERING!
WE IMPROVE THE WORLD THROUGH ENGINEERING! MARCH 2018 Assystem Technologies worldwide At a glance. 700m TURNOVER IN 2017 PORTFOLIO: Product Engineering Consulting In Service Offerings >9.000 EMPLOYEES OUR
More informationTurbocharging Connectivity Beyond Cellular
Bitte decken Sie die schraffierte Fläche mit einem Bild ab. Please cover the shaded area with a picture. (24,4 x 11,0 cm) Turbocharging Connectivity Beyond Cellular Scott Beutler, Head of Interior Division
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationCrises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.
Crises Control Cloud Security Principles Transputec provides ICT Services and Solutions to leading organisations around the globe. As a provider of these services for over 30 years, we have the credibility
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationSW-Update. Thomas Fleischmann June 5 th 2015
Thomas Fleischmann June 5 th 2015 2 3 Agenda The big picture SW-Update today Diagnostics vs SW-Update Our solution for SW-Update The real challenges beyond getting a file into the car Elektrobit (EB),
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationExamining future priorities for cyber security management
Examining future priorities for cyber security management Cybersecurity Focus Day Insurance Telematics 16 Andrew Miller Chief Technical Officer Thatcham Research Owned by the major UK Motor Insurers with
More informationNew Zealand Government IBM Infrastructure as a Service
New Zealand Government IBM Infrastructure as a Service A world class agile cloud infrastructure designed to provide quick access to a security-rich, enterprise-class virtual server environment. 2 New Zealand
More informationConquering Complexity: Addressing Security Challenges of the Connected Vehicle
Conquering Complexity: Addressing Security Challenges of the Connected Vehicle October 3, 2018 Securely Connecting People, Applications, and Devices Ted Shorter Chief Technology Officer CSS Ted.Shorter@css-security.com
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including
More informationPenetration testing.
Penetration testing Penetration testing is a globally recognized security measure that can help provide assurances that a company s critical business infrastructure is protected from internal or external
More informationTrends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk
Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk Standards Certification Education & Training Publishing Conferences & Exhibits Steve Liebrecht W/WW Industry
More informationData Centers & Technology:
Data Centers & Technology: Risk in the digital landscape Presented by; Ralph de Mesquita Principal Risk Analyst, Risk Engineering UK Agenda Rise of cloud providers Four scenarios: where are the insurable
More informationCaribbean Cyber Security: Not Only Government s Responsibility
Caribbean Cyber Security: Not Only Government s Responsibility AWARENESS AND VIGILANCE IS EVERYBODY S RESPONSIBILITY Preseted at: ICT Symposium Antigua and Barbuda March 2017 Caribbean Cyber Security Events
More informationCSI: VIDEO SURVEILLANCE CONVERTING THE JUGGERNAUT
CSI: VIDEO SURVEILLANCE CONVERTING THE JUGGERNAUT The Market and the Trend Cyber security market (2020): USD 170.21 billion, CAGR ~10% Storage market (2020): USD 18.28 billion, CAGR 22% Tons of data to
More informationYour Data and Artificial Intelligence: Wise Athena Security, Privacy and Trust. Wise Athena Security Team
Your Data and Artificial Intelligence: Wise Athena Security, Privacy and Trust Wise Athena Security Team Contents Abstract... 3 Security, privacy and trust... 3 Artificial Intelligence in the cloud and
More information