View
2
Download
0
Category
Preview:
Citation preview
March 27-29th, 2019 Detroit
9th Automotive Cybersecurity Event
Organized By:
Automotive IQ
www.asdevents.com - www.asdevents.com/event.asp?id=19168
03/27 Pre Conference Workshop Day 9:00am WORKSHOP A: Establishing a Global Information Sharing Community to Address Vehicle
Cybersecurity Risks
- Defining best practices for securing the vehicle ecosystem and providing guidance to implement guidelines
- Addressing inhibitors to information sharing and the way ahead - Efforts to expand organizational sharing in support of increased innovation and consumer
safety Faye Francy Executive Director Auto-ISAC
11:00am Morning Networking and Refreshment Break 11:30am WORKSHOP B: Introduction to Car Hacking with CANbus
- Learning and understanding vehicle hacking techniques to ensure that systems are
reasonably safe under expected real-world conditions - Identifying the basics of threat models for automotive systems - Acquire and analyze in-vehicle communication data - Hacking ECUs, and using tools for vehicle anomaly detection
Mark Zachos Vehicle Data Link Connection (DLC) Security Standards Committee SAE International
1:15pm Networking Lunch 2:15pm WORKSHOP C: Accelerating Cyber Secure Mobility Services via Blockchain and Distributed
Ledger Technologies
- Leveraging Blockchain to coordinate vehicle movement and improve transportation in urban environments
- Managing digital identity and history - Strategies to secure V2I and V2V communications via Blockchain
Chris Ballinger CEO & Founder, The Mobility Open Blockchain Initiative (MOBI) Former CFO & Director of Mobility Services, Toyota Research Institute
4:00pm End of Workshop Day
www.asdevents.com - www.asdevents.com/event.asp?id=19168
03/28 Main Conference Day One 8:00am Conference Registration 9:00am Chairperson’s Welcome and Opening Remarks
Faye Francy, Executive Director, Auto-ISAC
9:15am Developing Security by Design Processes for Improved Vehicle Architecture Security The effort to build in security in the early stages of vehicle design is growing in popularity throughout the automotive sector, as it offers a proactive approach to cybersecurity and protection.
- Testing hardware & software to evaluate product integrity and security as part of component testing - Performing software-level vulnerability testing, including software unit and integration testing - Understanding and identifying methods of attack surface reduction
Kristie Pfosi, Senior Manager, Automotive Cyber Security, Mitsubishi Electric Automotive America, Inc.
10:00am Panel Discussion: Strategies to Secure the Global Automotive Ecosystem from Adaptive Threats The current automotive cybersecurity threat environment is high-speed and adaptive to threat response and mitigation. Cybersecurity threats have already had a profound impact on the automotive ecosystem, and with the ever-increasing connectivity of modern vehicles, this threat will only compound over time.
- Creating benchmarks for improved preparedness and response - Understanding cybersecurity’s affect on the OEM-supplier relationship - Expanding bug bounty programs to target weaknesses in the automotive sector
Moderator: Srini Adiraju, Director of Cybersecurity, Visteon Corporation Panelists: J. Scot Sharland, CEO, Automotive Industry Action Group (AIAG) Chris Ballinger, CEO & Founder, Mobility Open Blockchain Initiative (MOBI)
10:45am Demo Drive & Refreshment Break 11:15am Leveraging Lessons Learned and Best Cyber Practices from the Heavy Machinery Industry
Cyber strategies and lessons learned from the heavy machinery industry can provide a multitude of benefits to the automotive cybersecurity ecosystem. This session will detail cyber challenges and successes from the heavy machinery industry, and will provide insight as to some of Caterpillar’s cyber efforts.
- Understanding the unique cyber challenges for the heavy machine industry - Caterpillar cyber security best practices for the automotive continuum - Cross-industry perspectives on the automotive cyber ecosystem
Scott Smith, CISO, Caterpillar 12:00pm Panel Discussion: Prioritizing and Securing at the ECU Level
The evolving complexity and wide-spread deployment of ECUs has effectively enlarged the attack vector on each vehicle for potential malicious incident. This vulnerability has prompted the automotive industry to reevaluate their current expectations for security specifications and standards.
- Efforts to develop standards for ECU security components - Addressing the diversity of ECUs in vehicles - Defining individual ECU security standards
Moderator: Dave Bares, Product Cybersecurity Senior Engineer, Lear Corporation Panelists: Sanjay Singh, CTO & Executive VP, Dura Automotive Amy Chu, Senior Director, Automotive Cybersecurity, Harman International
www.asdevents.com - www.asdevents.com/event.asp?id=19168
12:45pm Networking Lunch Track 1
Leveraging Community Resources to Combat Automotive Cybersecurity Threats
Track 2 Understanding the Legal, Legislative, and
Regulatory Considerations at the Federal and State Level
1:45pm No Vehicle is An Island The automotive sector is not entirely different from power, water, oil & gas, chemicals and other industries that are each affected by technology trends that lead to the convergence of a digital world with a cyber-physical world. This session will explore a few examples of recent, high-profile security attacks launched against critical infrastructure companies.
- Lessons learned from past cybersecurity
risk-management investments from across industry
- Critical infrastructure security strategies of benefit to the automotive industry
Doug Wylie Director, Industrial & Infrastructure Practice Area SANS Institute
Examining the Future Federal Legislative Policy Ecosystem for Automotive Cybersecurity This discussion will provide an in-depth viewpoint on the ever evolving legislative ecosystem for automotive cybersecurity. With a keen focus on advancing legislation efforts to protect consumers and ensure safety, this panel will detail current legislative efforts to ensure the United States remains at the forefront of advanced vehicle cybersecurity technology, as well as the SELF DRIVE Act’s impact on cybersecurity.
- Federal Challenges Associated with Highly Autonomous Vehicles (HAVs) Security
- Collaborative Efforts to Develop Forward Thinking Regulatory Standards
2:30pm Developing and Attracting Automotive Cybersecurity Expertise for the Benefit of the Automotive Community The automotive community is constantly at risk with emerging cybersecurity attacks on a daily basis, requiring the constant evaluation workforce development and training initiatives.
- Cyber workforce and training priorities - Attracting and retaining top cyber talent
Karl Heimer Principal at Heimer & Associates LLC Senior Technical Advisor, Michigan Auto Office Co-Founder, CyberTruck Challenge
Addressing Autonomous Vehicle Security Concerns at the State Level This session will describe the ongoing regulatory efforts at the State level to prepare for the future of autonomous vehicles, and their security on the roads of Michigan.
- Overview of Current Regulatory Environment for Automotive Security
- Prioritizing MDOT Automotive Cyber Safety Investments
Tony Kratofil Chief Operations Officer Michigan Department of Transportation
3:15pm Afternoon Tea and Networking Break 3:45pm Developing Cyber Secure Strategies for Over the Air (OTA) Updates
Over the air updates provide increased flexibility to manufacturers and car owners to manage embedded systems across the lifecycle of the vehicle. OTA updates are a critical aspect of the automotive cybersecurity ecosystem, but with increased connectivity, brings increased risk.
- Developing secure OTAs for vehicle lifecycle maintenance and management - Safeguarding against data breach and leak - Improving OTA authentication to defer unauthorized entry
Ira McDonald, Security Architect, FCA www.asdevents.com - www.asdevents.com/event.asp?id=19168
4:30pm IDGs Round 1 A
Enhancing Component Security of Critical
Safety Features
Joseph Kristofik Director, Functional Safety and Cybersecurity Management Veoneer
B Understanding the
Unique Cybersecurity Challenges for the
Autonomous Trucking Sector
.
C Considerations on the
Use Case for AI & Machine Learning for Automotive Defense
Uki D. Lucas System Architect and HMI Functional Owner, FCA Group Programs, Connected Car R&D Harman International / Samsung
D Securing ADAS
Technology to Ensure the Future of
Autonomous Vehicle
5:15pm End of Main Conference Day One
www.asdevents.com - www.asdevents.com/event.asp?id=19168
03/29 Main Conference Day Two 8:00am Conference Registration 9:00am Chairperson’s Welcome and Opening Remarks
Faye Francy, Executive Director, Auto-ISAC
9:15am Autonomous Electric Cars, Connected Vehicles, and the Future of Personal Mobility The automotive and transportation industries are undergoing massive transformation. Three disrupting trends are shaping the future of mobility, both personal and commercial: the adoption of shared and on-demand mobility, continued development and market penetration of electric propulsion vehicles, and the maturation of autonomous driving technology.
- Technical factors shaping the future of mobility - Connected vehicle security challenges - Providing governance for companies in the automotive ecosystem
Joe Barkai Chair, Vehicle Internet of Things Program Committee SAE
10:00am Security Architecture Considerations for Automotive Products and Software As cars increasingly transition from hardware driven products to software driven electronic devices, organizations must take careful notice to secure both hardware and software as we move towards the future of connected cars.
- Defining next-gen security architectures in automotive products for both hardware and software
- Ensuring OEM and Tier 1 software and hardware needs are met - Autonomous architecture ECU security trends
Alan Tatourian, Security Architect, P.E. – Autonomous Driving Division, Intel
10:45am Networking & Refreshment Break 11:15am Track 1
Developing Tier 1 Cyber Response Frameworks for Improved Automotive Security & Response Tier 1’s must develop adequate frameworks for responses to cyber incidents to ensure improved incident response. This session will provide insight on to some of the frameworks for Tier 1’s in the automotive continuum.
- Quantifying and measuring cyber incidents for improved organizational results
- Delivering efficient cyber frameworks for organizational response
Matt Fahnestock, CIO, Dana Incorporated
Track 2 Conducting Self-Auditing and Risk Assessments for Improved Accountability In addition to developing intuitive cybersecurity measures for vehicle protection, the automotive industry should document the details related to the cyber processes for improved auditing and accountability of incidents.
- Conducting risk-based approaches to assessing vulnerabilities and potential impacts
- Establishing procedures for internal review and documentation of cyber-related initiatives
- Considerations on BSIMM9, MS SDL, CIS Controls v7, CySAEv2.x
Dave Bares Product Cybersecurity Senior Engineer, Lear Corporation
12:00 Networking Lunch
www.asdevents.com - www.asdevents.com/event.asp?id=19168
1:00pm Driving OBD Port Security Level of Capability Onboard diagnostic security is an integral function for any connected car, and one that is highly vulnerable to cyber attack due to its connectivity to a multitude of safety-critical automotive components. This session will address critical OBD cyber measures and strategies.
- Minimizing attack vector size for safety-critical, OBD connected components - Preventing unauthorized access to the in-vehicle E/E system - Updated SAE standards for OBD port security
Bob Gruszczynski, OBD Communications Expert, Volkswagen Group of America
1:45pm Panel Discussion: Delivering Secure Vehicle to Vehicle Communications Security for Improved Automotive Safety To prepare for the massive influx of connected vehicles entering the roads globally, they must be able to securely connect with one another in order to share pertinent information to ensure driver, pedestrian, and infrastructure safety. Vehicles must be able to connect with one another to create a common sight on roads worldwide, and communication channels must be cyber secure to do so.
- Understanding cybersecurity challenges specific to V2V communications - Weighing the benefits and challenges of DSRC, C-ITS and C-V2X deployments - Assessing safety and security concerns of the data
Moderator: Scott McCormick, President, Connected Vehicle Trade Association Panelists: Cosimo Senni, Head of Cybersecurity Engineering Services, Magneti Marelli
2:30pm Networking & Refreshment Break 3:00pm Understanding the Current Regulatory Environment for Automotive Cybersecurity
This conversation will detail the ongoing regulatory and policy efforts to define proper standards for automotive cybersecurity.
- Emerging policy challenges in auto cybersecurity - Understanding risks and liability of auto cyber incidents and response - Considerations for future regulatory actions to spur economic development
Catherine Muir, Office Counsel, Cybersecurity Group, Baker McKenzie LLP
www.asdevents.com - www.asdevents.com/event.asp?id=19168
3:45pm IDGs Round 2 A
Enhancing Component Security of Critical
Safety Features
Joseph Kristofik
Director, Functional Safety and Cybersecurity Management
Veoneer
B Understanding the
Unique Cybersecurity Challenges for the
Autonomous Trucking Sector
C Considerations on the
Use Case for AI & Machine Learning for Automotive Defense
Uki D. Lucas
System Architect and HMI Functional Owner, FCA Group Programs, Connected Car R&D
Harman International / Samsung
D Securing ADAS
Technology to Ensure the Future of
Autonomous Vehicle .
4:30pm End of Main Conference Day Two
www.asdevents.com - www.asdevents.com/event.asp?id=19168
Recommended