Encryption Technology Connected Car Autonomous Vehicles Export Control Implications

Similar documents
CATEGORY 5 - TELECOMMUNICATIONS AND "INFORMATION SECURITY" A. SYSTEMS, EQUIPMENT AND COMPONENTS. II. "Information Security"

Welcome to Baker McKenzie Stockholm Fifth Annual Trade Day. 7 November 2017

Export Management System. Information Needed for an Export Controls License Assessment. June 2009

Cyber security mechanisms for connected vehicles

INTERNATIONAL TRADE COMPLIANCE ISSUE REPORT FORM For use in reporting suspected export or import compliance issues Effective as of 3/25/2016

How do you classify encryption under the Commerce Department s Export Administration Regulations (EAR)?

DDTC IT Modernization

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

INSPIRING IOT INNOVATION: MARKET EVOLUTION TO REMOVE BARRIERS. Mark Chen Taiwan Country Manager, Senior Director, Sales of Broadcom

Instructions for Form DS-7787: Disclosure of Violations of the Arms Export Control Act

Security+ SY0-501 Study Guide Table of Contents

BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module

Export Controls and Cloud Computing

Securing IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region

SUMMARY: The Bureau of Industry and Security (BIS) proposes to implement the

Introduction to the Export Services Branch Programmes and Services Ministry of International Trade

CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)

EMERG IOT / M2M regulation and autonomous driving

Cyber security of automated vehicles

Vehicle To Android Communication Mode

Smart Grid vs. The NERC CIP

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Entire contents 2013 Mobile Experts LLC. Reproduction of this publication in any form without prior written permission is strictly forbidden and will

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

About Office 365 [PLACEHOLDER]

CardOS Secure Elements for Smart Home Applications

Session 6A: Export Controls and Cloud Computing. Key Regulatory Issues

Trust & Privacy: Information Security and Identity Management for Autonomous Vehicles. March 31, failure analysis & prevention

Automotive Cyber Security

Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations (NIST SP Revision 1)

ARM processors driving automotive innovation

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Information Security Drivers and Challenges for High Assurance Applications

Oracle Data Cloud ( ODC ) Inbound Security Policies

TopSec Mobile Secure voice encryption for smartphones and laptops

SafeGuard SecurityServer

Corporate Guideline. Export Compliance Policy

What are Embedded Systems? Lecture 1 Introduction to Embedded Systems & Software

Grenzen der Kryptographie

The Role of SANAS in Support of South African Regulatory Objectives. Mr. Mpho Phaloane South African National Accreditation System

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

Getting to Grips with Public Key Infrastructure (PKI)

ITAR and EAR Contamination and Impacts on Employment, Facility Visits and Retransfers

CS155b: E-Commerce. Lecture 6: Jan. 25, Security and Privacy, Continued

fips185 U.S. DEPARTMENT OF COMMERCE/National Institute of Standards and Technology

About FIPS, NGE, and AnyConnect

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

Cisco VPN Internal Service Module for Cisco ISR G2

SDBOR Technology Control Plan (TCP) Project Title:

Securing V2X communications with Infineon HSM

HP Instant Support Enterprise Edition (ISEE) Security overview

New Security Features in DLMS/COSEM

Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications

Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015

Authentication with Privacy for Connected Cars - A research perspective -

UCOP ITS Systemwide CISO Office Systemwide IT Policy

WiFi and Wireless System on Module Applications and Bluegiga products

Enterprise Identity Management 101. Phillip J. Windley Brigham Young University

APNIC elearning: Cryptography Basics

NOVEMBER 2017 Leading Digital Transformation Driving innovation at scale Marc Leroux Executive Evangelist/Digital ABB

UNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE

Apple Inc. Apple IOS 11 VPN Client on iphone and ipad Guidance Documentation

Achieving a FIPS Compliant Wireless Infrastructure using Intel Centrino Mobile Technology Clients

Data Localization. Data Localization

Roger C. Lanctot Director, Automotive Connected Mobility

Messe Wien Internet FAQ

Department of Public Health O F S A N F R A N C I S C O

GlobalPlatform Trusted Execution Environment (TEE) for Mobile

Mobile Computing Introduction

24th MONDAY. Overview 2018

Securing the future of mobility

SGS CYBER SECURITY GROWTH OPPORTUNITIES

MASP Chapter on Safety and Security

GM Information Security Controls

Digital Opportunity Index. Michael Minges Telecommunications Management Group, Inc.

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Technology / Export Control Plan (T/ECP)

The Expanding Role of Bluetooth in Smart Buildings. Chuck Sabin Senior Director, Business Strategy

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Paul A. Karger

Standard For IIUM Wireless Networking

CYBER SECURITY WHITEPAPER

E-Seminar. Wireless LAN. Internet Technical Solution Seminar

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

Automotive Gateway: A Key Component to Securing the Connected Car

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

White paper. Combatant command (COCOM) next-generation security architecture

Connected Car. Dr. Sania Irwin. Head of Systems & Applications May 27, Nokia Solutions and Networks 2014 For internal use

E-Seminar. Voice over IP. Internet Technical Solution Seminar

ST33F1M, ST33F1M0, ST33F896, ST33F768, ST33F640, ST33F512

Database Centric Information Security. Speaker Name / Title

A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage

Fast 3D EMC/EMI Scan with Detectus Scanning System and Tektronix Real Time Spectrum Analyzers CASE STUDY

SAC PA Security Frameworks - FISMA and NIST

Datacryptor AP Layer 3 IP Encryptor

Meeting FFIEC Meeting Regulations for Online and Mobile Banking

Transcription:

Encryption Technology Connected Car Autonomous Vehicles Export Control Implications Maher Shomali maher@t-b.com Wes Demory wes@t-b.com

What is an Export? Shipments of Physical Items Electronic Transfers Information Sharing Deemed Exports

What is Subject to U.S. Export Controls? U.S.-Origin Items AND Foreign Made Items Inside the United States Foreign Made Items Containing U.S.-Origin Components or Made from U.S.-Origin Technology

U.S. Agencies & Regulations Directorate of Defense Trade Controls (DDTC) Bureau of Industry and Security (BIS) Bureau of the Census Office of Foreign Assets Control (OFAC) International Traffic in Arms Regulations (ITAR) Export Administration Regulations (EAR) Foreign Trade Regulations (FTR) Sanctions Programs

United States Munitions List [ITAR]

Commerce Control List [EAR] 0 - Nuclear Materials, Facilities & Equipment 1 - Materials, Chemicals, Microorganisms & Toxins 2 - Materials Processing 3 - Electronics 4 - Computers 5 - Telecommunications & Information Security 6 - Lasers & Sensors 7 - Navigation & Avionics 8 - Marine 9 - Aerospace & Propulsion

Reasons For Control

EAR99 is the Catch-all Classification 3A001 5A991 5A002 6A005 EAR99

ENCRYPTION CONTROLS

How Did We Get Here? License Exception ENC ITAR Licenses EAR Licenses No License Required

What is an Encryption Product? A product that includes encryption functionality - Can be proprietary or from third-party source - Even dormant encryption functionality may be controlled

What is an Encryption Product? A product that uses encryption functionality without including the encryption code - An application that relies on the web browser to encrypt data between the device and server

Encryption Algorithms: - AES, DES, RC4, Blowfish, RSA, DSA, Diffie-Hellman, Elliptic Curve... Encryption Protocols: - SSL/HTTPS, TLS, SSH, IPsec, VPN, IKE, SNMPv3, WPA, Wi- Fi, Bluetooth... Encryption Uses: - Data Confidentiality, Key Management, Authentication, Digital Signature, IP Protection... Encryption Terms

Why is Encryption Important? Consumers will be reluctant to use connected cars if invehicle systems are vulnerable to cyberattacks. Comprehensive IT security solutions that cover the connected car s entire lifecycle can ease these concerns. - In-vehicle security - Cloud-based security

Authentication/Tamper Protection Trusted identity of all parts to the system TPM-based solutions for the ECU - Secure key storage - Only releases keys once parts to the system are authenticated

Infotainment Systems

Connectivity Systems

Data Applications Applications transmitting sensor or user data... - In-vehicle AND - To the cloud

EAR Controls on Encryption Items Is my item an encryption product? Is my item controlled under Category 5, Part 2 of the EAR? What is the appropriate ECCN and License Exception? - 5x002 for data confidentiality - 5x992 for mass market - EAR99 for limited use encryption What are my pre-shipment requirements? - No pre-shipment requirements - Notification - Formal Classification - Licensing What are my post-shipment reporting requirements?

Data Confidentiality Designed or modified to use cryptography for data confidentiality, including: - Items having information security as a primary function; - Digital communication or networking systems, equipment and components; and - Computers and components therefor... What about automotive applications?

Data Confidentiality Does Not Include... Authentication Digital Signature Data Integrity Non-repudiation DRM Entertainment, mass commercial broadcasts, or medical records

Other Decontrols... Smart cards and smart card readers Specially designed and limited for banking use or money transactions Portable or mobile radiotelephones for civil use Cordless telephone equipment Wireless Personal Area Network equipment Disabled crypto Mobile telecommunications Radio Access Network equipment Operations, Administration or Maintenance items

Mass Market Note Note 3 Category 5, Part 2 - Generally available to public - Crypto cannot be easily changed - Designed for install without support - Can include components - Must consider target market and price Automotive items have generally been considered mass market

Formal Classification Requirements - Network infrastructure commodities - Encryption source code that is not publicly available - Encryption technology - Chips, chipsets, and other components - Cryptographic libraries, modules, development kits and toolkits - Non-standard encryption items - Network or computer forensics items

Encryption Checklist Develop an encryption checklist for internal company use - Request encryption details from product team - Algorithms? Uses? Protocols? Sources? Thomsen & Burke Encryption Checklist @ www.t-b.com Make it a mandatory step in the new product introduction process

Pre- and Post-Shipment Reporting Requirements There are three types of pre- and post-shipment reporting requirements: 1. Yearly Encryption Registration Report for products selfclassified 2. Semi-Annual ENC Report for more restricted products formally classified 3. Pre-Shipment Notifications for products exported under a bulk encryption license Maintain reports throughout the year to avoid stress at reporting deadline

Foreign Import Control Requirements Transparent Rules - France - Israel Opaque Rules - Russia - China Key Points of Trans-shipment - Hong Kong - Singapore Other countries to consider - UAE - India - Poland - South Africa - Malaysia - Turkey THIS IS NOT AN EXHAUSTIVE LIST

OTHER TECHNOLOGIES

Light Detection and Ranging (LIDAR)

Light Detection and Ranging (LIDAR) ITAR Category XII(b)(6): LIDAR specially designed for a military end user EAR 6A008.j: LIDAR equipment having any of the following: 1. Space-qualified 2. Employing coherent heterodyne or homodyne detection techniques and having an angular resolution of less (better) than 20 µrad (microradians) 3. Designed for carrying out airborne bathymetric littoral surveys... Note: 6A008 does not control Civil Automotive Radar

Cameras EAR 6A003.b: Imaging cameras Note: 6A003.b.4.b and.c do not control imaging cameras having any of the following: The camera is specially designed for installation into a civilian passenger land vehicle and having all of the following: 1. The placement and configuration of the camera within the vehicle are solely to assist the driver in the safe operation of the vehicle; 2. Is operable only when installed in any of the following: a. The civilian passenger land vehicle for which it was intended and the vehicle weighs less than 4,500 kg (gross vehicle weight); or b. A specially designed, authorized maintenance test facility; and 3. Incorporates an active mechanism that forces the camera not to function when it is removed from the vehicle for which it was intended.

Camera Technology EAR 6E001/6E002: Technology for 6A003 cameras License Exception TSR may not be used, unless it is for the integration of 6A003 cameras into camera systems specially designed for civil automotive applications

Artificial Intelligence / Machine Learning EAR 3A001.a.9 Neural network integrated circuits NOTE: The control status of integrated circuits described in 3A001.a.9 that are unalterably programmed or designed for a specific function for other equipment is determined by the control status of the other equipment.

Data Privacy Issues Who owns the data that is collected or generated? To whom is data sent and how is it stored? How is the data being secured?

Key Compliance Considerations Determine if the item/project is controlled under the ITAR or EAR Classify the item/technology Does is matter if it is specially designed for civil automotive vs generic? Does it use encryption in a non-exempt manner? In what ways will there be an export? Physical shipment Electronic transmission Sharing of information Who will receive the export? Internal parties Third-parties Foreign persons

Questions? Maher M. Shomali maher@t-b.com 410.539.6336 Wes Demory wes@t-b.com 410.539.2691 Two Hamill Road, Suite 415 Baltimore, Maryland 21210

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback