Upload
alexander-schellong
View
71
Download
1
Embed Size (px)
Citation preview
1 October 2, 2015 CSC Proprietary and Confidential 1 October 2, 2015 CSC Proprietary and Confidential
FROM CONNECTED TO SELF-DRIVING— SECURING THE AUTOMOTIVE
REVOLUTION Dr. Alexander Schellong
General Manager, Cybersecurity Division Central & Eastern Europe, Italy and Turkey
2 October 2, 2015 CSC Proprietary and Confidential
TRAVEL AND TRANSPORTATION
INSURANCE
MANUFACTURING
BANKING AND CAPITAL MARKETS
HEALTHCARE
ENERGY AND NATURAL RESOURCES PUBLIC
SECTOR
TECHNOLOGY AND CONSUMER SERVICES
About CSC
CONSULTING
BIG DATA AND ANALYTICS
BUSINESS PROCESS SERVICES AND OUTSOURCING
INFRASTRUCTURE SERVICES
APPLICATIONS SERVICES SOFTWARE AND IP
CYBERSECURITY CLOUD
NEXT-GEN OFFERINGS
3 October 2, 2015 CSC Proprietary and Confidential
CSC Cybersecurity
CYBER CONSULTING
SERVICES
CLOUD INTERNET OF
THINGS
MOBILITY
SOCIAL
MANUFACTURING
TRAVEL AND TRANSPORTATION
MANAGED SECURITY SERVICES
BIG DATA
HEALTHCARE
RISK MANAGEMENT CENTERS TECHNOLOGY
AND CONSUMER SERVICES
PUBLIC SECTOR
INSURANCE
APPLICATIONS BUSINESS
OUTSIDE-IN
BANKING AND CAPITAL MARKETS
ENERGY AND NATURAL
RESOURCES
BUSINESS CONTINUITY/
DISASTER RECOVERY
Third Platform, Consumerization
of IT
4 October 2, 2015 CSC Proprietary and Confidential
Global Cybersecurity Service Portfolio 09/2015 BUSINESS CONTINUITY &
DISASTER RECOVERY (BC/DR) SERVICES
IDENTITY MANAGEMENT CONSULTING
MANAGED SECURITY SERVICES (MSS)
APPLICATION & SOFTWARE SECURITY
Static/Dynamic/Mobile Scans (HP Fortify)
Compliance / Security Support (Account Security Managers)
Risk / Security Assessment
Strategy & Information Security & Risk Management
STRATEGIC & TECHNICAL SECURITY
CONSULTING
APT / Penetration tests Social Engineering Physical Security
Red Team
Data Protection
Network, Mobile & Cloud Security
BSI / ISO / PCI Audits & Audit Preparation
SOC Planning & Setup
FW / IDS / SIEM Implementation
Industrial Control Systems
Data Loss Prevention
Trainings
RFI / RFP Support
Common Criteria
FIPS
24x7x365 Global IAM Operations & Support
Application Security
Device & Endpoint Security
Network Security
Cloud Security
Mobile Security
Global Cyberthreat Intelligence
Risk Management Center Security Operations Center
Risk & Business Impact Analysis
BC/DR Plans, Reviews & Tests
Crisis Management
Global Incident Response / 24x7 Forensics
Training & Simulation
Mergers & Acquisition (M&A) security due diligence
Secure Code Reviews
SAP
CERTIFICATION SERVICE (LAB)
SECURITY HARDWARE & SOFTWARE RESELLING
(Next-Generation) Firewalls
Antivirus / SIEM / IDS / IPS / DLP
Mobile / Endpoint Security
20+ Product partners Cryptography
BSI Grundschutz / IS-Revision
Secure Software Development Lifecycle
IAM Consulting & Solution Architecture
Identity and Access Governance
RFI / RFP Support
IAM Implementation & Customization
Cloud SSO & Federation
IAM Solution Engineering
Provisioning Solutions
5 October 2, 2015 CSC Proprietary and Confidential
GLOBAL CYBERSECURITY PROFESSIONALS
1,700+
INTEGRATED GLOBAL RISK MANAGEMENT
CENTERS
5+
YEARS PROVIDING CYBERSECURITY
SERVICES
40+
GLOBAL ALLIANCE PARTNERS
PROVIDING SECURITY EXPERTISE
15+
PUBLIC & PRIVATE SECTOR
EXPERTISE
UK
Noida
Kuala Lumpur
Sydney
Newark
Global Scalability
6 October 2, 2015 CSC Proprietary and Confidential
MOBILE SECURITY
CLOUD SECURITY
NETWORK SECURITY
ENDPOINT SECURITY
APPLICATION SECURITY
IDENTITY AND ACCESS MANAGEMENT Our deep industry knowledge,
security specialists, and end-to-end solutions for
traditional and next-generation technologies enable you to
securely adapt as your business and risks change.
End-to-End Managed Security Services
7 October 2, 2015 CSC Proprietary and Confidential
Six decades of safety development to protect us from the biggest risk factor in car mobility
8 October 2, 2015 CSC Proprietary and Confidential
Not this one
Volkswagen
9 October 2, 2015 CSC Proprietary and Confidential
That one
10 October 2, 2015 CSC Proprietary and Confidential
Who is the biggest risk in the future?
Ex Machina / Universal Studios (2015)
11 October 2, 2015 CSC Proprietary and Confidential
Known automotive attack vectors
• ODB-II Direct connector, USB, WiFi
• Controller Area Network (CAN) (broadcast nature, DoS vulnerability, network segregation) • Electronic Control Unit (ECU)
– Engine Control Unit (ECU) (access, reflashing while driving, deviation from standards – Body Control Unit (BCM) – Elctronic Break Control Module (ECBM) – Telematics unit (access) – Radio / Entertainment system (malicious music files) – Bluetooth (pass through vulnerabilities) – Tire Pressure Monitoring Systems (TPMS)
• Suppliers, OEM and Dealers
12 October 2, 2015 CSC Proprietary and Confidential
Spoofing the LIDAR
13 October 2, 2015 CSC Proprietary and Confidential
GPS jamming and spoofing
14 October 2, 2015 CSC Proprietary and Confidential
Volkswagen’s Automotive Cybercrime: Emission control
Daily use
ECU/ECM
Test
15 October 2, 2015 CSC Proprietary and Confidential
Human error speaks against precautionary approach
- Level of automation +
- hu
man
err
or ri
sks
+
16 October 2, 2015 CSC Proprietary and Confidential
From 1 billion to 2 billion cars
Infographic Wired Magazine 2012
2050 2 billion cars
9 billion people
2030 200+ million
connected cars
2018 20+ million
connected cars
100 million lines of code per car & 17 Petabyte of data p.a.
17 October 2, 2015 CSC Proprietary and Confidential
OEM VM vs. IT market entrant approach
SW
Car
Car
SW
- Level of automation +
- Le
vel o
f cap
abili
ties
+
- Level of automation +
- Le
vel o
f cap
abili
ties
+
18 October 2, 2015 CSC Proprietary and Confidential
From connected to autonomous to self-driving
http://www.leftlaneadvisors.com/project/nhtsa-levels-of-vehicle-autonomy-infographic/
Today
19 October 2, 2015 CSC Proprietary and Confidential
Today’s automotive ecosystem
OEM VM
Tier 1
Tier 1
Tier 1
Tier 2
Tier 2
Tier 2
Suppliers Producer Retail
Tier 3
Tier 3
Tier 3 Aut. Dealers
Aftermarket
Direct Sales
OES repair
Independent car sharing
Ind. ES manufacturers
Car Sharing
Ind. Dealers
Logistics
Assembler Ind. retailers
Telematics provider
Logistics
Direct sales suppliers
Independent repair
20 October 2, 2015 CSC Proprietary and Confidential
Future automotive ecosystem
OEM VM
Tier 1
Tier 1
Tier 1
Tier 2
Tier 2
Tier 2
Suppliers Producer Retail
Tier 3
Tier 3
Tier 3 Auth. Dealers
Aftermarket
Direct Sales
OES repair
Ind. repair
Ind. suppliers
Car Sharing
Ind. Dealers Logistics
Assembler Ind. retailers
Telematics provider
Logistics
Software / Apps / Content provider
Fleet Mgt. & provision (AMaaS)
Infrastructure Smart devices
Smart roads
IT infrastructure & analytics provider
Security & monitoring provider
Ind. car sharing & fleet provision
Smart grid
App Store
S Mobility objects
21 October 2, 2015 CSC Proprietary and Confidential
The Cyber Disruption Opportunity Moves Outside the Walls
• Live and work “without wires” • Demand for universal access • Work everywhere with any device • Mix personal and corporate lives and information
• Information is currency and everyone wants it – especially thieves
• Universal access creates dynamic boundaries that are tougher to protect
• Ever advancing adversaries outpace traditional, passive cyber defenses
New technology changes expectations
New technology expands and changes risk
Cybersecurity must respond proactively
• New business opportunities have moved outside the “castle” walls
• Defensible security perimeters no longer exist • Products and services must anticipate and
continuously manage risks
22 October 2, 2015 CSC Proprietary and Confidential
Recommended Actions
Hardware / Software / Communications Regulations Culture/Operations
ECU hardening AV & Sec. Proxy Testing requirements Awareness Training
ECU consolidation IPS Operator license req. Cont. Threat analysis
Sec. architecture Sec. architecture Operator training req. Secure Prod. Lifecycle
Black box Cryptography Data collection Patch Mgt. Segregation Sandboxing Data usage transp. Pentesting
Fail-safe mode Secure bot loader Black box SOC (AC+Org)
Last FS state ident. IAM Open codes ISAC
Time stamps Data storage R&D processes
Sec. Governance
Billing relationship?
Bug rewards program
23 October 2, 2015 CSC Proprietary and Confidential 23 October 2, 2015 CSC Proprietary and Confidential
THANK YOU