23
1 October 2, 2015 CSC Proprietary and Confidential 1 October 2, 2015 CSC Proprietary and Confidential FROM CONNECTED TO SELF-DRIVING — SECURING THE AUTOMOTIVE REVOLUTION Dr. Alexander Schellong General Manager, Cybersecurity Division Central & Eastern Europe, Italy and Turkey

From Connected To Self-Driving - Securing the Automotive Revolution

Embed Size (px)

Citation preview

Page 1: From Connected To Self-Driving - Securing the Automotive Revolution

1 October 2, 2015 CSC Proprietary and Confidential 1 October 2, 2015 CSC Proprietary and Confidential

FROM CONNECTED TO SELF-DRIVING— SECURING THE AUTOMOTIVE

REVOLUTION Dr. Alexander Schellong

General Manager, Cybersecurity Division Central & Eastern Europe, Italy and Turkey

Page 2: From Connected To Self-Driving - Securing the Automotive Revolution

2 October 2, 2015 CSC Proprietary and Confidential

TRAVEL AND TRANSPORTATION

INSURANCE

MANUFACTURING

BANKING AND CAPITAL MARKETS

HEALTHCARE

ENERGY AND NATURAL RESOURCES PUBLIC

SECTOR

TECHNOLOGY AND CONSUMER SERVICES

About CSC

CONSULTING

BIG DATA AND ANALYTICS

BUSINESS PROCESS SERVICES AND OUTSOURCING

INFRASTRUCTURE SERVICES

APPLICATIONS SERVICES SOFTWARE AND IP

CYBERSECURITY CLOUD

NEXT-GEN OFFERINGS

Page 3: From Connected To Self-Driving - Securing the Automotive Revolution

3 October 2, 2015 CSC Proprietary and Confidential

CSC Cybersecurity

CYBER CONSULTING

SERVICES

CLOUD INTERNET OF

THINGS

MOBILITY

SOCIAL

MANUFACTURING

TRAVEL AND TRANSPORTATION

MANAGED SECURITY SERVICES

BIG DATA

HEALTHCARE

RISK MANAGEMENT CENTERS TECHNOLOGY

AND CONSUMER SERVICES

PUBLIC SECTOR

INSURANCE

APPLICATIONS BUSINESS

OUTSIDE-IN

BANKING AND CAPITAL MARKETS

ENERGY AND NATURAL

RESOURCES

BUSINESS CONTINUITY/

DISASTER RECOVERY

Third Platform, Consumerization

of IT

Page 4: From Connected To Self-Driving - Securing the Automotive Revolution

4 October 2, 2015 CSC Proprietary and Confidential

Global Cybersecurity Service Portfolio 09/2015 BUSINESS CONTINUITY &

DISASTER RECOVERY (BC/DR) SERVICES

IDENTITY MANAGEMENT CONSULTING

MANAGED SECURITY SERVICES (MSS)

APPLICATION & SOFTWARE SECURITY

Static/Dynamic/Mobile Scans (HP Fortify)

Compliance / Security Support (Account Security Managers)

Risk / Security Assessment

Strategy & Information Security & Risk Management

STRATEGIC & TECHNICAL SECURITY

CONSULTING

APT / Penetration tests Social Engineering Physical Security

Red Team

Data Protection

Network, Mobile & Cloud Security

BSI / ISO / PCI Audits & Audit Preparation

SOC Planning & Setup

FW / IDS / SIEM Implementation

Industrial Control Systems

Data Loss Prevention

Trainings

RFI / RFP Support

Common Criteria

FIPS

24x7x365 Global IAM Operations & Support

Application Security

Device & Endpoint Security

Network Security

Cloud Security

Mobile Security

Global Cyberthreat Intelligence

Risk Management Center Security Operations Center

Risk & Business Impact Analysis

BC/DR Plans, Reviews & Tests

Crisis Management

Global Incident Response / 24x7 Forensics

Training & Simulation

Mergers & Acquisition (M&A) security due diligence

Secure Code Reviews

SAP

CERTIFICATION SERVICE (LAB)

SECURITY HARDWARE & SOFTWARE RESELLING

(Next-Generation) Firewalls

Antivirus / SIEM / IDS / IPS / DLP

Mobile / Endpoint Security

20+ Product partners Cryptography

BSI Grundschutz / IS-Revision

Secure Software Development Lifecycle

IAM Consulting & Solution Architecture

Identity and Access Governance

RFI / RFP Support

IAM Implementation & Customization

Cloud SSO & Federation

IAM Solution Engineering

Provisioning Solutions

Page 5: From Connected To Self-Driving - Securing the Automotive Revolution

5 October 2, 2015 CSC Proprietary and Confidential

GLOBAL CYBERSECURITY PROFESSIONALS

1,700+

INTEGRATED GLOBAL RISK MANAGEMENT

CENTERS

5+

YEARS PROVIDING CYBERSECURITY

SERVICES

40+

GLOBAL ALLIANCE PARTNERS

PROVIDING SECURITY EXPERTISE

15+

PUBLIC & PRIVATE SECTOR

EXPERTISE

UK

Noida

Kuala Lumpur

Sydney

Newark

Global Scalability

Page 6: From Connected To Self-Driving - Securing the Automotive Revolution

6 October 2, 2015 CSC Proprietary and Confidential

MOBILE SECURITY

CLOUD SECURITY

NETWORK SECURITY

ENDPOINT SECURITY

APPLICATION SECURITY

IDENTITY AND ACCESS MANAGEMENT Our deep industry knowledge,

security specialists, and end-to-end solutions for

traditional and next-generation technologies enable you to

securely adapt as your business and risks change.

End-to-End Managed Security Services

Page 7: From Connected To Self-Driving - Securing the Automotive Revolution

7 October 2, 2015 CSC Proprietary and Confidential

Six decades of safety development to protect us from the biggest risk factor in car mobility

Page 8: From Connected To Self-Driving - Securing the Automotive Revolution

8 October 2, 2015 CSC Proprietary and Confidential

Not this one

Volkswagen

Page 9: From Connected To Self-Driving - Securing the Automotive Revolution

9 October 2, 2015 CSC Proprietary and Confidential

That one

Page 10: From Connected To Self-Driving - Securing the Automotive Revolution

10 October 2, 2015 CSC Proprietary and Confidential

Who is the biggest risk in the future?

Ex Machina / Universal Studios (2015)

Page 11: From Connected To Self-Driving - Securing the Automotive Revolution

11 October 2, 2015 CSC Proprietary and Confidential

Known automotive attack vectors

•  ODB-II Direct connector, USB, WiFi

•  Controller Area Network (CAN) (broadcast nature, DoS vulnerability, network segregation) •  Electronic Control Unit (ECU)

– Engine Control Unit (ECU) (access, reflashing while driving, deviation from standards – Body Control Unit (BCM) – Elctronic Break Control Module (ECBM) – Telematics unit (access) – Radio / Entertainment system (malicious music files) – Bluetooth (pass through vulnerabilities) – Tire Pressure Monitoring Systems (TPMS)

•  Suppliers, OEM and Dealers

Page 12: From Connected To Self-Driving - Securing the Automotive Revolution

12 October 2, 2015 CSC Proprietary and Confidential

Spoofing the LIDAR

Page 13: From Connected To Self-Driving - Securing the Automotive Revolution

13 October 2, 2015 CSC Proprietary and Confidential

GPS jamming and spoofing

Page 14: From Connected To Self-Driving - Securing the Automotive Revolution

14 October 2, 2015 CSC Proprietary and Confidential

Volkswagen’s Automotive Cybercrime: Emission control

Daily use

ECU/ECM

Test

Page 15: From Connected To Self-Driving - Securing the Automotive Revolution

15 October 2, 2015 CSC Proprietary and Confidential

Human error speaks against precautionary approach

- Level of automation +

- hu

man

err

or ri

sks

+

Page 16: From Connected To Self-Driving - Securing the Automotive Revolution

16 October 2, 2015 CSC Proprietary and Confidential

From 1 billion to 2 billion cars

Infographic Wired Magazine 2012

2050 2 billion cars

9 billion people

2030 200+ million

connected cars

2018 20+ million

connected cars

100 million lines of code per car & 17 Petabyte of data p.a.

Page 17: From Connected To Self-Driving - Securing the Automotive Revolution

17 October 2, 2015 CSC Proprietary and Confidential

OEM VM vs. IT market entrant approach

SW

Car

Car

SW

- Level of automation +

- Le

vel o

f cap

abili

ties

+

- Level of automation +

- Le

vel o

f cap

abili

ties

+

Page 18: From Connected To Self-Driving - Securing the Automotive Revolution

18 October 2, 2015 CSC Proprietary and Confidential

From connected to autonomous to self-driving

http://www.leftlaneadvisors.com/project/nhtsa-levels-of-vehicle-autonomy-infographic/

Today

Page 19: From Connected To Self-Driving - Securing the Automotive Revolution

19 October 2, 2015 CSC Proprietary and Confidential

Today’s automotive ecosystem

OEM VM

Tier 1

Tier 1

Tier 1

Tier 2

Tier 2

Tier 2

Suppliers Producer Retail

Tier 3

Tier 3

Tier 3 Aut. Dealers

Aftermarket

Direct Sales

OES repair

Independent car sharing

Ind. ES manufacturers

Car Sharing

Ind. Dealers

Logistics

Assembler Ind. retailers

Telematics provider

Logistics

Direct sales suppliers

Independent repair

Page 20: From Connected To Self-Driving - Securing the Automotive Revolution

20 October 2, 2015 CSC Proprietary and Confidential

Future automotive ecosystem

OEM VM

Tier 1

Tier 1

Tier 1

Tier 2

Tier 2

Tier 2

Suppliers Producer Retail

Tier 3

Tier 3

Tier 3 Auth. Dealers

Aftermarket

Direct Sales

OES repair

Ind. repair

Ind. suppliers

Car Sharing

Ind. Dealers Logistics

Assembler Ind. retailers

Telematics provider

Logistics

Software / Apps / Content provider

Fleet Mgt. & provision (AMaaS)

Infrastructure Smart devices

Smart roads

IT infrastructure & analytics provider

Security & monitoring provider

Ind. car sharing & fleet provision

Smart grid

App Store

S Mobility objects

Page 21: From Connected To Self-Driving - Securing the Automotive Revolution

21 October 2, 2015 CSC Proprietary and Confidential

The Cyber Disruption Opportunity Moves Outside the Walls

•  Live and work “without wires” •  Demand for universal access •  Work everywhere with any device •  Mix personal and corporate lives and information

•  Information is currency and everyone wants it – especially thieves

•  Universal access creates dynamic boundaries that are tougher to protect

•  Ever advancing adversaries outpace traditional, passive cyber defenses

New technology changes expectations

New technology expands and changes risk

Cybersecurity must respond proactively

•  New business opportunities have moved outside the “castle” walls

•  Defensible security perimeters no longer exist •  Products and services must anticipate and

continuously manage risks

Page 22: From Connected To Self-Driving - Securing the Automotive Revolution

22 October 2, 2015 CSC Proprietary and Confidential

Recommended Actions

Hardware / Software / Communications Regulations Culture/Operations

ECU hardening AV & Sec. Proxy Testing requirements Awareness Training

ECU consolidation IPS Operator license req. Cont. Threat analysis

Sec. architecture Sec. architecture Operator training req. Secure Prod. Lifecycle

Black box Cryptography Data collection Patch Mgt. Segregation Sandboxing Data usage transp. Pentesting

Fail-safe mode Secure bot loader Black box SOC (AC+Org)

Last FS state ident. IAM Open codes ISAC

Time stamps Data storage R&D processes

Sec. Governance

Billing relationship?

Bug rewards program

Page 23: From Connected To Self-Driving - Securing the Automotive Revolution

23 October 2, 2015 CSC Proprietary and Confidential 23 October 2, 2015 CSC Proprietary and Confidential

THANK YOU

[email protected]