Master of Ceremony Summit MC
Jeff Stewart Assistant Vice President, Global Public Policy – AT&T Chairman of the Affiliate Advisory Board of the Auto-ISAC
Education Master of Business Administration with a concentration in Technology Innovation and Strategy from Georgia Institute of Technology Bachelor of Arts from University of Chicago
TLP Green: May be shared within the Auto-ISAC Community. 11 October 2018 1 Keynote Speaker Featured Speaker
William R. Evanina Director of the National Counterintelligence and Security Center Office of the Director of National Intelligence
Past Positions Chief of the Central Intelligence Agency’s Counterespionage Group Senior Executive Service
TLP Green: May be shared within the Auto-ISAC Community. 11 October 2018 2 Keynote Speaker Featured Speaker
Shigeru UEHARA In-Vehicle-LAN System Design Engineer, E/E Architecture Development Division at the Toyota Motor Corporation Chairman of Japan Auto ISAC
Past Positions Director of Electronics design area of Toyota Motor Europe
TLP Green: May be shared within the Auto-ISAC Community. 11 October 2018 3 Outline of J-AUTO-ISAC Activities
Sep.26th, 2018
Japan Automobile Manufacturers Association, Inc.
© Japan Automobile Manufacturers Association, Inc. Contents
1.Background of establishment 2.Organization and members 3.Roadmap 4.Activities in peacetime 5.Details (1) – (5) 6.Summary (for future actions)
5 1. Background of establishment
U.S. Auto-ISAC was established in January 2016,
Overseas led by US government agency Participants include from various industries such as suppliers, telecommunications and IT companies as well as OEMs
Considering Japanese domestic particular situation such as the limited models and
Trend K-Cars, thought of being better to have our own ISAC has been growing for taking quick actions against unique incidents in Japan
ISACs of some sector’s have been established such as Finance and ICT led by JPN government agency Japan Improvement of info sharing system of critical infrastructure was focused
For the “automotive sector” which must be just next to critical infrastructure, Recognition of the necessity of information sharing system and Expectation for establishment of Auto-ISAC have increased in the automotive sector
Japan Auto-ISAC was established in Jan.2017 voluntary, modeling the U.S. system
6 2. Organization and members
Establish J-Auto ISAC under JAMA for speedy launch inevitably, the members are all Japanese OEMs J-Auto-ISAC US A-ISAC Collaborations with suppliers, and IT companies are the 2nd step Secretariat:Deloitte Tohmatsu Member to do TOYOTA 〆 HONDA 〆 NISSAN 〆 MAZDA 〆 SUBARU 〆 SUZUKI MITSUBISHI 〆 DAIHATSU ISUZU HINO Primary suppliers MITSUBISHI FUSO HITACHI, CALSONIC KANSEI, YAMAHA PANASONIC, DENSO, AISIN, Suppliers 〆 SUMITOMO, MITSUBISHI Elec.
7 3. Roadmap
J-AUTO-ISAC Roadmap
FY2017 FY2018 FY2019 -
Information sharing activity Technical analysis activity
Continuous development Cooperation and functional Launch operation reinforcement and be in place
Establish Cooperation Promote the cooperation Small start focusing on system covering with other relevant information sharing overall supply-chain parties for information which is just a basic (OEM, suppliers, software sharing and technical function in ISAC vendors etc.) for Tokyo analysis Olympic - Paralympic in 2020 8 4. Activities in peacetime
1 Research on cyber threats on vehicles Identify Analysis of security weakness with security 2 check sheet
Analysis of vulnerability information in Protect 3 / technical task force Detect Analysis of US Auto-ISAC B.P. in a task force 4 to share the common understanding Respond / Recover 5 Case exercise for cyber attack on vehicles
Details of each activity are introduced on the following pages
9 5. Details [①Threat investigation]
Detect dangerous threats-information in advance in order to take quick actions (e.g. information communicated within hackers)
Theme “How to build a virtual environment against car hacking”
Palad1n : 2016/4/7 “…I know there are some tools out there, but not all are great. I think it would be worthwhile to develop such a virtual environment for being able to learn/test attacks against cars virtually from single machine… Is anyone interested in tag- teaming on developing such a tool/systems?”
NSA (Forum administrator) : 2016/5/10 “CANToolz is a framework for analysing CAN networks and devices…CANToolz can be used for ECU discovery, MitM testing, fuzzing, brute-forcing, scanning or R&D, testing and validation. More can easily be implemented with a new module.”
Palad1n : 2016/4/7 “I threw together a quick vagrant image that will create a Debian box that’s set up for some car hacking. It is really basic right now, but it will enable all the relevant modules, create two vcan interfaces, and install the SocketCAN tools so you can start creating virtual car networks to learn how to do this , etc”
10 5. Details [② Weak point analysis]
Improve each OEMs’ organizational concerns (e.g. tackling systems and rules required for automotive security management)
Analysis result Analysis result (per participating companies) (per survey questions)
11 5. Details [③ Technical task force]
Technical discussion and opinion exchange regarding the theme with practical engineers of OEMs (Not ISAC member)
Theme 「Spectre」 「Meltdown」 / 11th Apr.
12 5. Details [ BP task force]
Analyze④ “Auto-ISAC Best Practice Guides” to have common understanding of them within Japanese OEMs
AUTO-ISAC Best Practice Guide Now discussing
Incident response Collaboration and engagement with appropriate third parties Governance and accountability Risk assessment and management Vehicle security by design Threat detection and protection Awareness and training
13 5. Details [ Case exercise 1/3]
Reinforce⑤ the cyber security preparation through simulated exercise for supposed advanced cyber-attacks around 2020
Summary of a story (fiction) X Motor Corporation (HQ:Tokyo) is a global automotive manufacturer with more than 100,000 employees They have released a minivan at 2016, which became favorite for a wide range of generations and recorded more than 500,000 sales A certain cyber criminal organization targeted X Motor Corporation and successfully attacked the minivan after intense research X Motor Corporation is going to share the initial report of the incident information to J-Auto-ISAC
14 5. Details [ Case exercise 2/3]
Case⑤ exercise shows us our common and particular weaknesses concerns and issues to be treated
⇒ Legend ◎ ○ △ ×
Point 1 Validity of temporal axis 観… 2 6 1 2 Point 2 Validity of TLP 観… 8 3
Point 3 Validity of information weakness classification 観… 6 5 Point 4 Processing status of information to be provided 観… 2 9 Point 5 Validity of incident 観… classification 5 6 Point 6 Validity of impact recognition 観… 5 4 2 Point 7 Consistency of sharing information 観… 1 9 1
0 1 2 3 4 5 6 7 8 9 10 11 (Unit:Company) 15 5. Details [ Case exercise 3/3]
⑤ Explanation of point 1 to 7
Validity of temporal axis Validity of incident classification Point 1 Consistency of urgency Lv. and Point 5 Method to determine status of incident detection to notification time classification
Validity of impact recognition Validity of TLP Influence on “user(owner)”, “vehicle”, Point 2 Method to determine the scope of Point 6 and ”society” information sharing Quantitative influence
Consistency of sharing information Validity of information classification Time consistency on notified data and Point 3 Selection of “incident”, “threat”, Point 7 reported contents “vulnerability”, “technical measures” Inconsistency of reported contents Processing status of information to be provided Appropriateness of personal data Point 4 anonymization Abstraction status of technical and supplier information
16 6. Summary(for future actions)
Our short term goal is to ensure the tackling system and 1 operational know-how of the Japanese automotive industry towards Tokyo Olympic and Paralympic in 2020.
In the long term, Contribute to keep timely and reliable 2 response system for global automotive industry, considering introduction of autonomous driving technology into a market shortly.
3 To build “smart mobility society in cyber-safe”, we need to try to have the collaborated system by JPN/US/EU ISACs.
We’d like to start a regular session with US Auto-ISAC to 4 achieve the collaboration above.
17 Thank you for your time!
18 Effective Cybersecurity In A Rapidly Evolving Automotive Landscape – A Tier One Perspective
Sandip Ranjhan SR VP and GM of Automotive BU, Harman Connected Services
© 2018 HARMAN INTERNATIONAL INDUSTRIES, INCORPORATED 19 Copyright ⓒ 2018 HARMAN All Rights reserved. Intro
Tier One Suppliers complete the Picture
20 Copyright ⓒ 2018 HARMAN All Rights reserved. Cybersecurity Role of a Tier One Supplier
Develop Manage the Software Supply Chain
Provide Manage the Expertise in Integration the Systems
21 Copyright ⓒ 2018 HARMAN All Rights reserved. Intro
Tier One Suppliers Help
Complete the link
22 Copyright ⓒ 2018 HARMAN All Rights reserved. The Threat Continues to Grow
PAST NOW FUTURE
10M LOCs ~100M LOCs 100M-200M LOCs
Restricted electronics Active Safety – All car systems are operated by (Head-unit, A/C, key fob, door lock/unlock, broad access of user to safety systems software windows)
Number of attack vectors High Size of attack surface Large Magnitude of cyber physical space High
23 Copyright ⓒ 2018 HARMAN All Rights reserved. Industry Average: 15-50 errors per 1000 lines of delivered code
24 Copyright ⓒ 2018 HARMAN All Rights reserved. Cybersecurity as part of New Technology Intro
25 Copyright ⓒ 2018 HARMAN All Rights reserved. Where to Next
Process & Internal Staffing Security Practices (Architecture, Hardening, etc.) Visibility & Active Protection On-going Threat Management from Supply Chain to Post Production
26 Copyright ⓒ 2018 HARMAN All Rights reserved. Integral to Ensuring Cybersecurity Fundamentals
Security Design Lifecycle
Threat HW/SW Security System Strategy Requirements HW/SW Security Security SYSTEM HW/SW Design Testing PRODUCTION Concept DESIGN Review INTEGRATION
Gateway Gateway Gateway Review Review Review HW/SW CONSTRUCTIONS
Gateway Gateway Gateway Review Review Review SW Code Review System Security HW/SW Final CONCEPT Requirements HW/SW Security SYSTEM Assessment System Design DESIGN Testing INTEGRATION Security Review Signoff
27 Copyright ⓒ 2018 HARMAN All Rights reserved. Multi-Layered Defense in Depth
SECURE HW PLATFORM TAMPER RESISTANCE
HYPERVISOR DOMAIN SEPARATION
OS ACCESS CONTROL AUTHORIZATION POLICY
APPLICATION SANDBOXING APPLICATION ISOLATION
NETWORK PROTECTION INTRUSION PROTECTION
28 Copyright ⓒ 2018 HARMAN All Rights reserved. Active Protection and Visibility
Full visibility to all possible harmful activities
Assessment and investigation
Response, mitigation and initiation of software update campaigns (OTA)
Integration-ready with SIEM and Incident Management systems
29 Copyright ⓒ 2018 HARMAN All Rights reserved. Auto ISAC and the Tier One Supply Base
Improved Increased Greater Global Reach Expertise Collaboration
More Effective Information Sharing
30 Copyright ⓒ 2018 HARMAN All Rights reserved. Key Takeaways
The history of Tier One Suppliers 1 playing an active role in cybersecurity has not been long
An Incredible amount of action 2 has been taken in just a few short years
3 Tier One Suppliers are making a difference
Tier One Suppliers will and have to 4 play a big role in the future.
31 Copyright ⓒ 2018 HARMAN All Rights reserved. [email protected] Featured Speaker Speaker
Kathleen Nuccetelli Critical Infrastructure Analyst with the U.S. Department of Homeland Security (DHS) Supports the Department of Defense, Department of Health & Human Services, and Department of Transportation
Education Master of Science in Management Master of Business Administration Bachelor of Arts in Journalism
TLP Green: May be shared within the Auto-ISAC Community. 11 October 2018 33 The Office of Infrastructure Protection
National Protection and Programs Directorate U.S. Department of Homeland Security
The Critical Manufacturing Sector – Securing Your Organization Through Partnership
September 2018 Presidential Policy Directive - 21
Sector-Specific Agencies
. Sector-Specific Agencies (SSAs) are the primary Federal entities responsible for coordinating critical infrastructure security and resilience efforts at the national level. . Primary responsibilities: – Sustain effective and representative public-private partnerships; – Develop strategic goals to mitigate physical and cyber risks and improve resilience; – Support education, training, information sharing, and outreach; – Provide support to identify vulnerabilities and mitigate incidents; and – Develop and implement sector-specific plans in support of the National Infrastructure Protection Plan. Partnership Collaboration Structure
Sector and cross-sector structures include: – Sector Coordinating Councils – Government Coordinating Councils – Regional Consortium Coordinating Council – Critical Infrastructure Cross-Sector Council – Federal Senior Leadership Council – State, Local, Tribal, and Territorial Government Coordinating Council – Information Sharing Organizations Legal Frameworks
. Critical Infrastructure Partnership Advisory Council (CIPAC)
– DHS established CIPAC in 2006 under the authority of the Homeland Security Act of 2002, as a partnership framework exempt from the Federal Advisory Committee Act (FACA). – CIPAC enables private sector and government stakeholders to work in partnership and meet during joint Sector Coordinating Council (SCC) and Government Coordinating Council (GCC) meetings. – CIPAC provides the legal framework for cross-sector collaboration.
. Protected Critical Infrastructure Information (PCII)
– Congress created the Protected Critical Infrastructure Information (PCII) Program under the Critical Infrastructure Information (CII) Act of 2002 to protect private sector infrastructure information voluntarily shared with the government for the purposes of homeland security. Critical Manufacturing Sector Profile
− Primary Metals Manufacturing
− Machinery Manufacturing
− Electrical Equipment, Appliance, and Component Manufacturing
− Transportation Manufacturing
Map Courtesy of DHS Critical Manufacturing Sector Components
Primary Metals Manufacturing
Primary metals manufacturers convert raw materials into assemblies, intermediate products, and end products. These products can include sheet metal, bar stock, I-beams, slabs, or pipes. The 4,556 manufacturers in this component area were responsible for $270.9 billion in U.S. shipments.
Iron and Steel Mills & Alumina and Aluminum Non-ferrous Metal Production Ferro-Alloy Manufacturing Production & Processing & Processing
Pictures Courtesy of DHS Critical Manufacturing Sector Components
Machinery Manufacturing
Machinery manufacturers produce engines, turbines, and power-transmission equipment. These large, specialized products support infrastructure and primary operations in a number of critical U.S. industries. The 24,124 manufacturers in this component area were responsible for $407.6 billion in U.S. shipments.
Engine & Turbine Power Transmission Earth Moving, Mining, Manufacturing Equipment Agricultural, & Construction Equipment
Pictures Courtesy of DHS Critical Manufacturing Sector Components
Electrical Equipment, Appliance, and Component Manufacturing
Electrical equipment manufacturers produce specialized equipment, assemblies, intermediate products, and end products for power generation. The 5,765 manufacturers in this component area were responsible for $123.9 billion in U.S. shipments.
Electric Motor Transformer Generator Manufacturing Manufacturing Manufacturing
Pictures Courtesy of DHS Critical Manufacturing Sector Components
Transportation Manufacturing
Transportation manufacturers produce cars and trucks, aircraft and component parts, aerospace products and parts, railroad cars and other railroad products, and other transportation equipment. The 11,814 manufacturers in this component area were responsible for $792.9 billion in U.S. shipments.
Vehicle & Commercial Ships Aerospace Products and Locomotives, Railroad and Parts Transit Cars, and Rail Track Equipment
Pictures Courtesy of DHS Critical Manufacturing Sector Partnership Councils
Government Coordinating Council Sector Coordinating Council Members: Executive Committee Members:
− Department of Homeland Security − Aptiv, Chairman − Department of Defense − NCR Corporation, Vice Chairman − Department of Justice − The Boeing Company, Secretary − Members-At-Large: − Nuclear Regulatory Commission − Aerojet Rocketdyne − Environmental Protection Agency − Cisco Systems, Inc. − Department of Commerce − PACCAR − State, Local, Tribal, and Territorial Government − Schweitzer Engineering, Inc. Coordinating Council − ABB Ltd. − Kohler Company − AGCO Corporation Critical Manufacturing Sector Resources
. Critical Infrastructure Stakeholder Training Program:
– Wide array of web-based independent study courses, instructor-led courses, and associated training materials addressing critical infrastructure security and resilience topics.
– Independent study courses available through FEMA’s Emergency Management Institute. Critical Manufacturing Sector Resources
. Stakeholder Readiness and Exercise Program: Active Shooter – Works with critical infrastructure Incidents stakeholders to plan, develop, and Complex Natural Coordinated facilitate a wide range of exercises to Hazards Attacks /IEDs test plans and procedures, identify gaps, and recognize lessons learned and best practices.
Cyber- Physical Threats to – Supports the National Exercise Integrated Faith-Based Program. Incidents Organizations
Radiological, Biological, & Chemical – More than 20 large exercises typically Incidents conducted each year, with more than 4,700 participants. Critical Manufacturing Sector Resources
. Critical Manufacturing Road Show – Introduce members of industry to Federal departments, agencies, and National Labs. – Demonstrates government capabilities in mitigation, response, and recovery. – Provides an opportunity for classified briefings. – One of two annual in-person joint council meetings. – 2018 Meeting to held September 18-19, 2018 in Seattle. Critical Manufacturing Sector Resources
. Security Conference – The Security Conference hosts several briefings requested by industry partners, and have in the past explored the following topics:
. Insider Threat . Cybersecurity . Risk Management . Social Media Monitoring . Geopolitical Events
– Other briefings at the 2018 Conference included two classified briefings held at the Secret Level. – Provides Networking opportunity with industry partners. • 2018 No-Host Voluntary Social at the U.S. Space & Rocket Center. Critical ManufacturingEducation Sectorand Outreach Resources Resources
. Business Continuity – Developed in partnership between the U.S. Department of Homeland Security and the Critical Manufacturing Sector Coordinating Council. . Designed to assist businesses in maintaining normal operations and providing resilience during a disruption. – Available at: https://www.ready.gov/business- continuity-planning-suite – Business Continuity Planning Suite Offers: • Business Continuity Training • Business Continuity Plan Generator • Disaster Recovery Plan Generator (IT Recovery) • Business Continuity Plan Table Top Exercise Critical Manufacturing Sector Information Sharing
. Homeland Security Information Network – Critical Infrastructure
− HSIN-CI Critical Manufacturing portal refresh completed in May 2018.
− Resources available on Critical Manufacturing Portal include analysis, “peer to peer” collaboration, alerts, bulletins, and training.
− For more information on requesting a HSIN-CI account; https://www.dhs.gov/hsin-critical- infrastructure
Picture Courtesy of DHS Programs, Capabilities, and Resources
. Sector-Specific Resources: – Commercial Facilities Sector Protective Measures Guides for various industries, Patron Screening Best Practices Guide, Sports Venue Credentialing and Bag Search Procedures Guides, Suspicious Activity Awareness Videos and Posters, Commercial Facilities Cybersecurity Framework Implementation Guidance. – Nuclear Industry Reactors, Materials & Waste Sector Nuclear Sector Information Sharing Standard Operating Procedure, Nuclear Sector Security Awareness Guide, Roadmap to Enhance Cyber Systems Security in the Nuclear Sector. – Critical Manufacturing Sector Critical Manufacturing Partnership Road Show, Critical Manufacturing Security Conference, Sector Security Awareness Guide. Programs, Capabilities, and Resources
. Sector-Specific Resources: – Dams Sector Security Guidelines, Cybersecurity Capability Maturity Model, Information Sharing Resource Guide. – Emergency Services Sector Emergency Services Personal Readiness Guide for Responders and Their Families, Emergency Services Sector Cybersecurity risk identification and mitigation resources, responder focused resilience and continuity tools and practices. – Chemical Sector Chemical Sector Industrial Control Systems (ICS) Security Resource DVD, Chemical Sector Security Awareness Guide, Chemical Facility Security Best Practices Guide for an Active Shooter Incident, Sector-Specific Tabletop Exercise (Cyber and Domestic Terror). Programs, Capabilities, and Resources
. Active Shooter Preparedness Program: – Active Shooter Workshops Since its inception in 2011, DHS has conducted over 230 workshops across the country with more than 25,000 participants. Programs, Capabilities, and Resources
. Active Shooter Preparedness Program: – Online Training More than 800,000 individuals have completed the “Active Shooter: What You Can Do” independent study course. – Active Shooter Resources Online repository of valuable products and resources available at https://www.dhs.gov/active-shooter-preparedness, with more than 2,000,000 website views to date. A Typical Year… For more information visit: www.dhs.gov/critical-infrastructure
Contact: - Kathleen Nuccetelli - [email protected] Featured Speaker Speaker
Kathleen Nuccetelli Critical Infrastructure Analyst with the U.S. Department of Homeland Security (DHS) Supports the Department of Defense, Department of Health & Human Services, and Department of Transportation
Education Master of Science in Management Master of Business Administration Bachelor of Arts in Journalism
TLP Green: May be shared within the Auto-ISAC Community. 11 October 2018 56 The Office of Infrastructure Protection
National Protection and Programs Directorate U.S. Department of Homeland Security
The Critical Manufacturing Sector – Securing Your Organization Through Partnership
September 2018 Presidential Policy Directive - 21
Sector-Specific Agencies
. Sector-Specific Agencies (SSAs) are the primary Federal entities responsible for coordinating critical infrastructure security and resilience efforts at the national level. . Primary responsibilities: – Sustain effective and representative public-private partnerships; – Develop strategic goals to mitigate physical and cyber risks and improve resilience; – Support education, training, information sharing, and outreach; – Provide support to identify vulnerabilities and mitigate incidents; and – Develop and implement sector-specific plans in support of the National Infrastructure Protection Plan. Partnership Collaboration Structure
Sector and cross-sector structures include: – Sector Coordinating Councils – Government Coordinating Councils – Regional Consortium Coordinating Council – Critical Infrastructure Cross-Sector Council – Federal Senior Leadership Council – State, Local, Tribal, and Territorial Government Coordinating Council – Information Sharing Organizations Legal Frameworks
. Critical Infrastructure Partnership Advisory Council (CIPAC)
– DHS established CIPAC in 2006 under the authority of the Homeland Security Act of 2002, as a partnership framework exempt from the Federal Advisory Committee Act (FACA). – CIPAC enables private sector and government stakeholders to work in partnership and meet during joint Sector Coordinating Council (SCC) and Government Coordinating Council (GCC) meetings. – CIPAC provides the legal framework for cross-sector collaboration.
. Protected Critical Infrastructure Information (PCII)
– Congress created the Protected Critical Infrastructure Information (PCII) Program under the Critical Infrastructure Information (CII) Act of 2002 to protect private sector infrastructure information voluntarily shared with the government for the purposes of homeland security. Critical Manufacturing Sector Profile
− Primary Metals Manufacturing
− Machinery Manufacturing
− Electrical Equipment, Appliance, and Component Manufacturing
− Transportation Manufacturing
Map Courtesy of DHS Critical Manufacturing Sector Components
Primary Metals Manufacturing
Primary metals manufacturers convert raw materials into assemblies, intermediate products, and end products. These products can include sheet metal, bar stock, I-beams, slabs, or pipes. The 4,556 manufacturers in this component area were responsible for $270.9 billion in U.S. shipments.
Iron and Steel Mills & Alumina and Aluminum Non-ferrous Metal Production Ferro-Alloy Manufacturing Production & Processing & Processing
Pictures Courtesy of DHS Critical Manufacturing Sector Components
Machinery Manufacturing
Machinery manufacturers produce engines, turbines, and power-transmission equipment. These large, specialized products support infrastructure and primary operations in a number of critical U.S. industries. The 24,124 manufacturers in this component area were responsible for $407.6 billion in U.S. shipments.
Engine & Turbine Power Transmission Earth Moving, Mining, Manufacturing Equipment Agricultural, & Construction Equipment
Pictures Courtesy of DHS Critical Manufacturing Sector Components
Electrical Equipment, Appliance, and Component Manufacturing
Electrical equipment manufacturers produce specialized equipment, assemblies, intermediate products, and end products for power generation. The 5,765 manufacturers in this component area were responsible for $123.9 billion in U.S. shipments.
Electric Motor Transformer Generator Manufacturing Manufacturing Manufacturing
Pictures Courtesy of DHS Critical Manufacturing Sector Components
Transportation Manufacturing
Transportation manufacturers produce cars and trucks, aircraft and component parts, aerospace products and parts, railroad cars and other railroad products, and other transportation equipment. The 11,814 manufacturers in this component area were responsible for $792.9 billion in U.S. shipments.
Vehicle & Commercial Ships Aerospace Products and Locomotives, Railroad and Parts Transit Cars, and Rail Track Equipment
Pictures Courtesy of DHS Critical Manufacturing Sector Partnership Councils
Government Coordinating Council Sector Coordinating Council Members: Executive Committee Members:
− Department of Homeland Security − Aptiv, Chairman − Department of Defense − NCR Corporation, Vice Chairman − Department of Justice − The Boeing Company, Secretary − Members-At-Large: − Nuclear Regulatory Commission − Aerojet Rocketdyne − Environmental Protection Agency − Cisco Systems, Inc. − Department of Commerce − PACCAR − State, Local, Tribal, and Territorial Government − Schweitzer Engineering, Inc. Coordinating Council − ABB Ltd. − Kohler Company − AGCO Corporation Critical Manufacturing Sector Resources
. Critical Infrastructure Stakeholder Training Program:
– Wide array of web-based independent study courses, instructor-led courses, and associated training materials addressing critical infrastructure security and resilience topics.
– Independent study courses available through FEMA’s Emergency Management Institute. Critical Manufacturing Sector Resources
. Stakeholder Readiness and Exercise Program: Active Shooter – Works with critical infrastructure Incidents stakeholders to plan, develop, and Complex Natural Coordinated facilitate a wide range of exercises to Hazards Attacks /IEDs test plans and procedures, identify gaps, and recognize lessons learned and best practices.
Cyber- Physical Threats to – Supports the National Exercise Integrated Faith-Based Program. Incidents Organizations
Radiological, Biological, & Chemical – More than 20 large exercises typically Incidents conducted each year, with more than 4,700 participants. Critical Manufacturing Sector Resources
. Critical Manufacturing Road Show – Introduce members of industry to Federal departments, agencies, and National Labs. – Demonstrates government capabilities in mitigation, response, and recovery. – Provides an opportunity for classified briefings. – One of two annual in-person joint council meetings. – 2018 Meeting to held September 18-19, 2018 in Seattle. Critical Manufacturing Sector Resources
. Security Conference – The Security Conference hosts several briefings requested by industry partners, and have in the past explored the following topics:
. Insider Threat . Cybersecurity . Risk Management . Social Media Monitoring . Geopolitical Events
– Other briefings at the 2018 Conference included two classified briefings held at the Secret Level. – Provides Networking opportunity with industry partners. • 2018 No-Host Voluntary Social at the U.S. Space & Rocket Center. Critical ManufacturingEducation Sectorand Outreach Resources Resources
. Business Continuity – Developed in partnership between the U.S. Department of Homeland Security and the Critical Manufacturing Sector Coordinating Council. . Designed to assist businesses in maintaining normal operations and providing resilience during a disruption. – Available at: https://www.ready.gov/business- continuity-planning-suite – Business Continuity Planning Suite Offers: • Business Continuity Training • Business Continuity Plan Generator • Disaster Recovery Plan Generator (IT Recovery) • Business Continuity Plan Table Top Exercise Critical Manufacturing Sector Information Sharing
. Homeland Security Information Network – Critical Infrastructure
− HSIN-CI Critical Manufacturing portal refresh completed in May 2018.
− Resources available on Critical Manufacturing Portal include analysis, “peer to peer” collaboration, alerts, bulletins, and training.
− For more information on requesting a HSIN-CI account; https://www.dhs.gov/hsin-critical- infrastructure
Picture Courtesy of DHS Programs, Capabilities, and Resources
. Sector-Specific Resources: – Commercial Facilities Sector Protective Measures Guides for various industries, Patron Screening Best Practices Guide, Sports Venue Credentialing and Bag Search Procedures Guides, Suspicious Activity Awareness Videos and Posters, Commercial Facilities Cybersecurity Framework Implementation Guidance. – Nuclear Industry Reactors, Materials & Waste Sector Nuclear Sector Information Sharing Standard Operating Procedure, Nuclear Sector Security Awareness Guide, Roadmap to Enhance Cyber Systems Security in the Nuclear Sector. – Critical Manufacturing Sector Critical Manufacturing Partnership Road Show, Critical Manufacturing Security Conference, Sector Security Awareness Guide. Programs, Capabilities, and Resources
. Sector-Specific Resources: – Dams Sector Security Guidelines, Cybersecurity Capability Maturity Model, Information Sharing Resource Guide. – Emergency Services Sector Emergency Services Personal Readiness Guide for Responders and Their Families, Emergency Services Sector Cybersecurity risk identification and mitigation resources, responder focused resilience and continuity tools and practices. – Chemical Sector Chemical Sector Industrial Control Systems (ICS) Security Resource DVD, Chemical Sector Security Awareness Guide, Chemical Facility Security Best Practices Guide for an Active Shooter Incident, Sector-Specific Tabletop Exercise (Cyber and Domestic Terror). Programs, Capabilities, and Resources
. Active Shooter Preparedness Program: – Active Shooter Workshops Since its inception in 2011, DHS has conducted over 230 workshops across the country with more than 25,000 participants. Programs, Capabilities, and Resources
. Active Shooter Preparedness Program: – Online Training More than 800,000 individuals have completed the “Active Shooter: What You Can Do” independent study course. – Active Shooter Resources Online repository of valuable products and resources available at https://www.dhs.gov/active-shooter-preparedness, with more than 2,000,000 website views to date. A Typical Year… For more information visit: www.dhs.gov/critical-infrastructure
Contact: - Kathleen Nuccetelli - [email protected] Featured Speaker Speaker
Kathleen Nuccetelli Critical Infrastructure Analyst with the U.S. Department of Homeland Security (DHS) Supports the Department of Defense, Department of Health & Human Services, and Department of Transportation
Education Master of Science in Management Master of Business Administration Bachelor of Arts in Journalism
TLP Green: May be shared within the Auto-ISAC Community. 11 October 2018 79 The Office of Infrastructure Protection
National Protection and Programs Directorate U.S. Department of Homeland Security
The Critical Manufacturing Sector – Securing Your Organization Through Partnership
September 2018 Presidential Policy Directive - 21
Sector-Specific Agencies
. Sector-Specific Agencies (SSAs) are the primary Federal entities responsible for coordinating critical infrastructure security and resilience efforts at the national level. . Primary responsibilities: – Sustain effective and representative public-private partnerships; – Develop strategic goals to mitigate physical and cyber risks and improve resilience; – Support education, training, information sharing, and outreach; – Provide support to identify vulnerabilities and mitigate incidents; and – Develop and implement sector-specific plans in support of the National Infrastructure Protection Plan. Partnership Collaboration Structure
Sector and cross-sector structures include: – Sector Coordinating Councils – Government Coordinating Councils – Regional Consortium Coordinating Council – Critical Infrastructure Cross-Sector Council – Federal Senior Leadership Council – State, Local, Tribal, and Territorial Government Coordinating Council – Information Sharing Organizations Legal Frameworks
. Critical Infrastructure Partnership Advisory Council (CIPAC)
– DHS established CIPAC in 2006 under the authority of the Homeland Security Act of 2002, as a partnership framework exempt from the Federal Advisory Committee Act (FACA). – CIPAC enables private sector and government stakeholders to work in partnership and meet during joint Sector Coordinating Council (SCC) and Government Coordinating Council (GCC) meetings. – CIPAC provides the legal framework for cross-sector collaboration.
. Protected Critical Infrastructure Information (PCII)
– Congress created the Protected Critical Infrastructure Information (PCII) Program under the Critical Infrastructure Information (CII) Act of 2002 to protect private sector infrastructure information voluntarily shared with the government for the purposes of homeland security. Critical Manufacturing Sector Profile
− Primary Metals Manufacturing
− Machinery Manufacturing
− Electrical Equipment, Appliance, and Component Manufacturing
− Transportation Manufacturing
Map Courtesy of DHS Critical Manufacturing Sector Components
Primary Metals Manufacturing
Primary metals manufacturers convert raw materials into assemblies, intermediate products, and end products. These products can include sheet metal, bar stock, I-beams, slabs, or pipes. The 4,556 manufacturers in this component area were responsible for $270.9 billion in U.S. shipments.
Iron and Steel Mills & Alumina and Aluminum Non-ferrous Metal Production Ferro-Alloy Manufacturing Production & Processing & Processing
Pictures Courtesy of DHS Critical Manufacturing Sector Components
Machinery Manufacturing
Machinery manufacturers produce engines, turbines, and power-transmission equipment. These large, specialized products support infrastructure and primary operations in a number of critical U.S. industries. The 24,124 manufacturers in this component area were responsible for $407.6 billion in U.S. shipments.
Engine & Turbine Power Transmission Earth Moving, Mining, Manufacturing Equipment Agricultural, & Construction Equipment
Pictures Courtesy of DHS Critical Manufacturing Sector Components
Electrical Equipment, Appliance, and Component Manufacturing
Electrical equipment manufacturers produce specialized equipment, assemblies, intermediate products, and end products for power generation. The 5,765 manufacturers in this component area were responsible for $123.9 billion in U.S. shipments.
Electric Motor Transformer Generator Manufacturing Manufacturing Manufacturing
Pictures Courtesy of DHS Critical Manufacturing Sector Components
Transportation Manufacturing
Transportation manufacturers produce cars and trucks, aircraft and component parts, aerospace products and parts, railroad cars and other railroad products, and other transportation equipment. The 11,814 manufacturers in this component area were responsible for $792.9 billion in U.S. shipments.
Vehicle & Commercial Ships Aerospace Products and Locomotives, Railroad and Parts Transit Cars, and Rail Track Equipment
Pictures Courtesy of DHS Critical Manufacturing Sector Partnership Councils
Government Coordinating Council Sector Coordinating Council Members: Executive Committee Members:
− Department of Homeland Security − Aptiv, Chairman − Department of Defense − NCR Corporation, Vice Chairman − Department of Justice − The Boeing Company, Secretary − Members-At-Large: − Nuclear Regulatory Commission − Aerojet Rocketdyne − Environmental Protection Agency − Cisco Systems, Inc. − Department of Commerce − PACCAR − State, Local, Tribal, and Territorial Government − Schweitzer Engineering, Inc. Coordinating Council − ABB Ltd. − Kohler Company − AGCO Corporation Critical Manufacturing Sector Resources
. Critical Infrastructure Stakeholder Training Program:
– Wide array of web-based independent study courses, instructor-led courses, and associated training materials addressing critical infrastructure security and resilience topics.
– Independent study courses available through FEMA’s Emergency Management Institute. Critical Manufacturing Sector Resources
. Stakeholder Readiness and Exercise Program: Active Shooter – Works with critical infrastructure Incidents stakeholders to plan, develop, and Complex Natural Coordinated facilitate a wide range of exercises to Hazards Attacks /IEDs test plans and procedures, identify gaps, and recognize lessons learned and best practices.
Cyber- Physical Threats to – Supports the National Exercise Integrated Faith-Based Program. Incidents Organizations
Radiological, Biological, & Chemical – More than 20 large exercises typically Incidents conducted each year, with more than 4,700 participants. Critical Manufacturing Sector Resources
. Critical Manufacturing Road Show – Introduce members of industry to Federal departments, agencies, and National Labs. – Demonstrates government capabilities in mitigation, response, and recovery. – Provides an opportunity for classified briefings. – One of two annual in-person joint council meetings. – 2018 Meeting to held September 18-19, 2018 in Seattle. Critical Manufacturing Sector Resources
. Security Conference – The Security Conference hosts several briefings requested by industry partners, and have in the past explored the following topics:
. Insider Threat . Cybersecurity . Risk Management . Social Media Monitoring . Geopolitical Events
– Other briefings at the 2018 Conference included two classified briefings held at the Secret Level. – Provides Networking opportunity with industry partners. • 2018 No-Host Voluntary Social at the U.S. Space & Rocket Center. Critical ManufacturingEducation Sectorand Outreach Resources Resources
. Business Continuity – Developed in partnership between the U.S. Department of Homeland Security and the Critical Manufacturing Sector Coordinating Council. . Designed to assist businesses in maintaining normal operations and providing resilience during a disruption. – Available at: https://www.ready.gov/business- continuity-planning-suite – Business Continuity Planning Suite Offers: • Business Continuity Training • Business Continuity Plan Generator • Disaster Recovery Plan Generator (IT Recovery) • Business Continuity Plan Table Top Exercise Critical Manufacturing Sector Information Sharing
. Homeland Security Information Network – Critical Infrastructure
− HSIN-CI Critical Manufacturing portal refresh completed in May 2018.
− Resources available on Critical Manufacturing Portal include analysis, “peer to peer” collaboration, alerts, bulletins, and training.
− For more information on requesting a HSIN-CI account; https://www.dhs.gov/hsin-critical- infrastructure
Picture Courtesy of DHS Programs, Capabilities, and Resources
. Sector-Specific Resources: – Commercial Facilities Sector Protective Measures Guides for various industries, Patron Screening Best Practices Guide, Sports Venue Credentialing and Bag Search Procedures Guides, Suspicious Activity Awareness Videos and Posters, Commercial Facilities Cybersecurity Framework Implementation Guidance. – Nuclear Industry Reactors, Materials & Waste Sector Nuclear Sector Information Sharing Standard Operating Procedure, Nuclear Sector Security Awareness Guide, Roadmap to Enhance Cyber Systems Security in the Nuclear Sector. – Critical Manufacturing Sector Critical Manufacturing Partnership Road Show, Critical Manufacturing Security Conference, Sector Security Awareness Guide. Programs, Capabilities, and Resources
. Sector-Specific Resources: – Dams Sector Security Guidelines, Cybersecurity Capability Maturity Model, Information Sharing Resource Guide. – Emergency Services Sector Emergency Services Personal Readiness Guide for Responders and Their Families, Emergency Services Sector Cybersecurity risk identification and mitigation resources, responder focused resilience and continuity tools and practices. – Chemical Sector Chemical Sector Industrial Control Systems (ICS) Security Resource DVD, Chemical Sector Security Awareness Guide, Chemical Facility Security Best Practices Guide for an Active Shooter Incident, Sector-Specific Tabletop Exercise (Cyber and Domestic Terror). Programs, Capabilities, and Resources
. Active Shooter Preparedness Program: – Active Shooter Workshops Since its inception in 2011, DHS has conducted over 230 workshops across the country with more than 25,000 participants. Programs, Capabilities, and Resources
. Active Shooter Preparedness Program: – Online Training More than 800,000 individuals have completed the “Active Shooter: What You Can Do” independent study course. – Active Shooter Resources Online repository of valuable products and resources available at https://www.dhs.gov/active-shooter-preparedness, with more than 2,000,000 website views to date. A Typical Year… For more information visit: www.dhs.gov/critical-infrastructure
Contact: - Kathleen Nuccetelli - [email protected]
Meet the Speaker
Jeff Shiner Micron Technologies, Director IoT & Security Solutions, EBU Member - Industrial Internet Consortium, Automotive Working Group
Past Positions Cypress Semiconductor – Segment & strategic marketing, IoT Spansion – Datacenter Architecture, new memory technologies Spansion – IP sales, Chipset partner alignment AMD – Sales and business development roles
Education Bachelor’s of Science, Industrial Distribution, Texas A&M University
Jeff Shiner
11 October 2018 103 Hi All,
Please find attached the Weekly Automotive Industry Report covering April 3April 8.
ThisThe week Semiconductor’s report includes articles on: Industry Toyota partnering with Microsoft on a new cloud-based division led by the CIO, IntelWhat acquiring is the a semiconductor role of silicon manufacturer vendors that builds to chips help for selfthe-driving security cars, fragmentation problem? Hyundai unveiling its connected vehicle “roadmap,” and, Toyota planning to open a new autonomous vehicle research center in Michigan. Jeff Shiner, Director, IoT & Security Solutions, Micron Technologies, Embedded Business Unit YouAuto can-ISAC find Summit, past Detroit,reports MI on site. September 25-26, 2018 Please let me know if you have any questions. Have a great weekend.
Josh 11 October 2018 104 The Semiconductor Industry Can they fix the security fragmentation problem?
There is a growing problem --
-- The market is starting to respond --
-- Where are we now and what is coming
11 October 2018 105 What we know Fixes to complex problems build on previously developed knowledge… Fixes therefore gain in capability…. … but also complexity
11 October 2018 106 What we know Fixes to complex problems build on previously developed knowledge… Fixes therefore gain in capability…. … but also complexity
11 October 2018 107 What we know Fixes to complex problems build on previously developed knowledge… Fixes therefore gain in capability…. … but also complexity
So how do you fix a space station when you find yourself in need of a space approved device to clean off critical debris…
11 October 2018 108 11 October 2018 109 International Space station saved…
Summer 2012
11 October 2018 110 International Space station saved…
Summer 2012
Toothbrush !!!
11 October 2018 111 In the Ganges Delta in India, how do you keep a Bengal tiger from sneaking through the water and killing you when fishing…
11 October 2018 112 You can take the knowledge from previous learnings and improve…
After guns didn’t work…
Human dummies laced with electrical wires…
This works for a little while… … or
11 October 2018 113 Never lose site of the Bengal Tiger !
11 October 2018 114 ?? TPM Protect secrets Co- Attestations processors Secure or MCUs Elements Other Network HSMs protocols
TEEs Processors or n SOCs Problem Boot processes Protect secrets Code or Code or Data in Motion Attestations Encrypted buses Measurements This is just on one PCB
Code or Data at Rest
11 October 2018 115 What is needed at the IoT / ECU Device Level
Co- Secure processors elements or MCUs / HSMs
Processors or SOCs Code or Code or Data in Motion
Code or Data at Rest
11 October 2018 116 What is needed at the IoT / ECU Device Level
Co- Secure processors elements or MCUs / HSMs
Processors or SOCs
Code or Code or Data in Motion Integrity
Simpler, Scalable, Trustworthy Platforms & Services Code or Data at Rest
11 October 2018 117 Why firmware is at the Heart of the problem
OEM Silicon Services Services
Silicon IoT Device Field Component Deployment Manufacturing Distribution Manufacturing Life Cycle
Anti-tamper, anti-counterfeiting, customer privacy & safety
Secure firmware lifecycle, Audit, Safety, Entitlements, 11 October 2018 118 Why firmware is at the Heart of the problem
New New Services Services OEM Silicon Services Services
Silicon IoT Device Field Component Deployment Manufacturing Distribution Manufacturing Life Cycle
Anti-tamper, anti-counterfeiting, customer privacy & safety
Secure firmware lifecycle, Audit, Safety, Entitlements, 11 October 2018 119 Examples of ongoing support Silicon to Cloud Enablers
Device ID Composition Engine (DICE)
11 October 2018 120 Devices Must be Trusted
*
* Source: NetFoundry 11 October 2018 121 Devices Must be Trusted
*
Zero Trust Networks
* Source: NetFoundry 11 October 2018 122 New types of Silicon Level certificate generation
*
DICE Layer 0 Layer 1 … Layer n Power On Unique Device Secret 0 Secret 1 Secret n Secret
Layer 1’ … Layer n
Secret 1’ Secret n’
The DICE Model by High value certificate uses
• IoT Device onboarding & registration • Power-on (reset) unconditionally start the DICE • Encryption session establishment • DICE has exclusive access to the UDS • FOTA / SOTA management / audit • Each layer computes the secret for next layer (via OWF) • SW Secure supply chain • In this derivation chain, each layer must protect the secret it receives • Advanced Persistent Threat monitors
* Source: Trusted Computing Group 11 October 2018 123 Next Generation Security Enclaves
Authenta™ Technology Aligning with Platform Security Architecture (PSA): • Man-in-the-middle alters communication with the remote server, including measurement uploads • Repudiation from a user who disrupts IoT device activities by obtaining unauthorized access • Impersonation of a maintenance device to modify configuration information, firmware, logs, credentials • Tamper of memory (volatile or nonvolatile) to access or modify assets, including stored measurements • Firmware abuse grants control of the IoT device through installation of a flawed firmware version
11 October 2018 124 Brownfield (OTA) Deployments of HW RoT
* Physically Secure Key Storage One-time Trust Event MCU 1 (Identify + validate device) without a Dedicated Secure Element Flash • SRAM based Physically Unclonable 2 Firmware Function (PUF) create device unique Load signed firmware with PUF identity and secrets from entropy in each Intrinsic ID device’s SRAM Validate and run image 3 BroadKey • Strong protection from physical attacks CPU without additional hardware PUF creates device 4 unique keys SRAM • No secret injection required • Strong identity may also be added at PUF manufacturing stage (Greenfield) 5 Device public key extracted for use as identity or the creation of device certificate 7 Certificate stored and Device is Authenticated
6 Certificate Authority (CA) signs the device identity certificate
* Source: Intrinsic ID 11 October 2018 125 Standard approaches to Pervasive RoT Deployments
Industry standard Secure Element Flash Memory
Cortex M4 MCU
11 October 2018 126 Standard approaches to Pervasive RoT Deployments
Industry standard Secure Element Flash Memory
Cortex M4 MCU Micron Authenta™ enabled Flash Memory
11 October 2018 127 Standard approaches to Pervasive RoT Deployments
Unique key material Cryptographically secured code integrity Configurable measurement engine Trusted storage for credentials TCG’s Device ID Composition Engine (DICE) Integrity verification logic for secure boot Measurement attestation
Cortex M4 MCU Micron Authenta™ enabled Flash Memory
11 October 2018 128 Standardized APIs unify technology secure communication functions
Problem • Many Roots of Trust for Supply Chain Distributed • Many Parties w/o Cryptographic trust Network • Integrity & identity operations are resource intensive
Requirement Orchestrators • Actions, commands and measurement API Sync consistency Translate Supply Chains – Sync/Translate • Secure commands decreasing compute & Update Objects energy sensitive resources Public Keys OASIS KMIP Key Orchestration Appliance
11 October 2018 129 Collaboration is Key
11 October 2018 130 Security in Silicon deep into solutions
IN-VEHICLE SYSTEMS Encryption Digital cluster, navigation, infotainment, after-market boxes Security Policy • FW OTA update enablement keys • Isolation from critical systems
ECU code level 2 way encrypted protection based on CAN traffic SECURE COMMUNICATIONS stored “factory based on stored V2x & Telematics • RTOS FW protection & resilience settings” policy encryption keys • Signed FW health checks
IN-CAR NETWORKS Central & domain gateways • CAN Bus FW protection • Secure ECU solutions
ADAS SYSTEMS • RTOS FW protection & resilience Vision, LiDAR, sensors, control systems • Signed FW health checks
BROAD ECU COVERAGE Powertrain, body & chassis, engine • CAN Bus FW protection • Secure ECU solutions
Micron & Karamba press: HERE 11 October 2018 131 Partner End to End Solutions and Collaboration
* Industrial Internet Consortium (IIC) Automotive Security Demo @ IoT SWC Barcelona
• Partner orchestration for end to end solutions • Establishing cybersecurity capabilities including certifications, contracts and commercial platforms • Linking best practices to commercial certification requirements • Enables next generation silicon based trust solutions
Based on LHP Open-framework Automotive Functional Safety and Cybersecurity Validation Platform
* Source: Industrial Internet Consortium 11 October 2018 132 Micron’s Approach with Authenta Technology
Make it pervasive Make it affordable Make it serviceable Make it scalable Make it in Silicon
11 October 2018 133 Micron’s Approach with Authenta Technology
Make it pervasive Improved customer time to market Make it affordable Lessen security resource dependencies Make it serviceable Enable new monetization strategies Make it scalable Improve roadmap security plans Make it in Silicon Achieve strong solution integrity
11 October 2018 134 Contact info Contact
Micron Authenta Website (News, Datasheets, Partners, contacts + ) https://www.micron.com/products/advanced-solutions/authenta
Micron Authenta Development Kit requests or additional information [email protected]
Industrial Internet Consortium (IIC) Website (Best Practicies, Automotive Working group, Security Frameworks, Claims,Test Beds, Security Maturity Models +) https://www.iiconsortium.org/index.htm
11 October 2018 135 Audience Questions?
11 October 2018 136 Featured Speaker Featured Speaker
John Krzeszewski Chief Engineer of Cybersecurity at Aptiv Chair and U.S Representative for upcoming SAE-ISO 21434 Member of Industrial Advisory Board for the Cybersecurity Center at the University of Michigan
Past Positions Associate Engineer at General Motors
Education Master of Science degree in Electrical Engineering from Michigan State University Bachelor of Science degree in Electrical Engineering from Kettering University
TLP Green: May be shared within the Auto-ISAC Community. 11 October 2018 137 ISO/SAE 21434 Automotive Cybersecurity Standard
John T. Krzeszewski Chief Engineer, Cybersecurity Architecture Chair, “PG1: Risk Management” in ISO/SAE 21434 Aptiv
24 September 2018 AGENDA
• Overview of Aptiv and cybersecurity • ISO/SAE 21434 “Road vehicles: Cybersecurity Engineering” – Why the standard is needed and general background – Key principles – Scope – ISO and SAE delegations involved in the development – Overview of the document structure – Timeline – Cybersecurity Assurance Level
139 We are a global technology company that develops secure, safer, greener, and more connected solutions, which enable the future of mobility.
SAE Autonomous Vehicle Engineering March 2018 Aptiv Addressing Mobility's Toughest Challenges Aptiv Provides End-to-end Solutions that Allow us to Commercialize New Mobility
SMART VEHICLE ARCHITECTURE SMART MOBILITY SOLUTIONS
SOFTWARE ACTIVE SAFETY
SENSING AND USER COMPUTING EXPERIENCE
SIGNAL AND POWER CONNECTED DISTRIBUTION SERVICES
AUTONOMOUS CONNECTIVITY SYSTEMS
141 Experience with Cybersecurity Guidelines and Techniques
Security must be part of the entire product life-cycle • Cybersecurity is a product architecture, a design, and a system qualification • Cybersecurity follows the development v-cycle
We have a multi-layered guideline to protect products • Proper protection is based on TARA (Threat Analysis / Risk Analysis) results
Aptiv’s 4-levels of system security Level 1 – Guidelines and best practices – TARA, reviews, code analysis Level 2 – Authenticated software – secure boot, secure updates Level 3 – Secure external attack surfaces – firewall, communication restrictions Level 4 – Secure internal messaging – encrypt data, protect diagnostics
142 Experience with Cybersecurity Established Cybersecurity Facility - CyberSEAL Lab Operational World Class Cybersecurity Testing Facility Lab Responsibilities • Threat modeling (TARA) • Vulnerability assessments • Penetration assessments • Development of advanced security tools Test Benches Advanced Tools (Aptiv GPS spoofing tool) Training • Training & awareness in the art of exploitation (hands-on) • Advanced cybersecurity R&D • Blockchain work group • POC evaluations Lab Achievements • Highly qualified security experts in place • Completed penetration assessments Penetration • Established lab test processes Testing Process
Multiple Partnerships with Leading Cybersecurity Companies
143 Why is Standard needed for Automotive Cybersecurity?
• Existing cybersecurity standards do not address unique automotive challenges • Safety • Long lifecycle • Use of embedded controllers • etc. Benefit of Standard for Automotive Cybersecurity
• Define common terminology for use throughout supply chain
• Drive industry consensus on key cybersecurity issues
• Set minimum criteria for vehicle cybersecurity engineering
• Reference for regulators, etc. to minimize contradictions
• Provide evidence that industry is taking cybersecurity seriously ISO/SAE 21434 – How Did This Begin?
• SAE issued Best Practice document ― J3061 “Cybersecurity Guidebook for Cyber-Physical Vehicle Systems” ― Issued 2016-01-14 • ISO New Item Work Proposal 3556 “Automotive Security Engineering” • Nov. 2016: Partnership Standards Development Organization (PSDO) • Cooperation agreement between ISO and SAE in two areas: ― Road Vehicles ― Intelligent Transportation Systems • SAE & ISO to work together to develop cybersecurity standard • ISO/SAE 21434 = first standard to be created under new agreement ― Will be jointly released by both SAE and ISO ISO SAE 21434 Participation – 82 companies
ECU SUPPLIERS OEMs Aptiv, Continental, Valeo, GOVERNING Ford, GM, Volvo, Bosch, Lear, Delphi, ZF, Mitsubishi, FCA, Honda, ORG Magna, Denso, Hella, Toyota, Volkswagen, BMW, NIST, RDW, etc. Wabco, Actia, etc. Jaguar-Land Rover, Opel, Peugeot, Renault, Daimler, MICRO STANDARDS Nissan, Iveco, etc. SUPPLIERS ORG Infineon, Intel, Melexes, SAE, ISO, JSAE, VDA, ON Semiconductor, etc. RESEARCH/ etc. VALIDATION OTHERS University of Warwick, CYBERSECURITY Southwest Research STEER, Thales, Institute, AIT, Horiba COMPANIES Method Park, Mira, UL, TUV, Bureau Karamba, Vector, BNA, Scania, Veritas, etc. TowerSec, Synopsys, etc. etc. 147 ISO SAE 21434 Participation
OEM Governance
82 Entities
Security Others ISO/SAE 21434 – Key Principles (1 of 2)
1. Applicable to road-vehicles
2. Goal of reasonably secure vehicles and systems
3. Automakers and suppliers can use to show “due diligence”
4. Focus on automotive cybersecurity engineering
5. Based on current state-of-the-art for cybersecurity engineering ISO/SAE 21434 – Key Principles (2 of 2)
6. Risk-oriented approach – Risk is used for prioritization of action – Analyses of risk factors for methodical elicitation of cybersecurity requirements – Common language for communicating/managing cyber risk among stakeholders 7. Management activities for cybersecurity 8. Cybersecurity activities/processes for all phases of vehicle lifecycle: – Design and Engineering, Production, Operation by Customer, – Maintenance and Service, Decommissioning ISO/SAE 21434 – What will it be applicable to? • Applicable to: – Road vehicle, – its systems, – its components, – its software, – its connection from vehicle to any external device/network.
151 ISO/SAE 21434 – What is Out of Scope? ISO/SAE 21434 -- Purpose
The purpose is to: • Define a structured process to ensure cybersecurity is designed in upfront – Following a structured process helps reduce the potential for a successful attack, thus reducing the likelihood of losses – A structured process also provides a clear means to react to a continually changing threat landscape • Maintain consistency across global industry • Be complete and promote conscious decision making
153 ISO/SAE 21434 – Joint Working Group (JWG)
• Equal number SAE experts and ISO delegations: – 1 vote per ISO Delegation – 1 vote per SAE expert • Co-chaired by SAE & ISO • Votes on key issues relative to 21434 • Coordinate work of Project Groups (PGs)
154 Delegations • ISO • SAE Experts – Austria – Angela Barber – Belgium – Lisa Boran – China – Chris Clark – France – Di Jin – Germany – John Krzeszewski – Israel – Susan Lightman – Italy – Bill Mazarra – Japan – Brian Murray – Netherlands – Dan Selke – Sweden – Anuja Sonalker – Switzerland – Alan Tatourian – United Kingdom – David Ward 155 ISO/SAE 21434 – Project Groups (PGs)
• PG1: Risk Assessment Methods (SAE chair;54 participants ISO co-chair) • PG2: Product Development (ISO chair;42 participants SAE co-chair) • PG3: Production, Operations & Maintenance (SAE chair;29 participants ISO co-chair) • PG4: Process Overview and Interdependences (ISO chair;37 participants SAE co-chair) • Drafting Team (ISO co-chair; SAE co-chair) • Terms & Definitions Team (member from each PG) • Use Case Team (members from each PG) ISO/SAE 21434 – Overview of Structure
157 ISO/SAE 21434 – Committee Draft Outline (1 of 4)
•1.0 Scope Mandatory elements of every ISO standard. •2.0 Normative References • What the standard does & its applicability •3.0 Terms and Abbreviations • External sources of mandatory contents •4.0 General Considerations •5.0 Management of Cybersecurity •6.0 Risk Assessment Methods •7.0 Concept Phase •8.0 Product Development •9.0 Production, Operations and Maintenance •10.0 Supporting Processes •Annexes ISO/SAE 21434 – Committee Draft Outline (2 of 4)
•1.0 Scope Informative text – no requirements. •2.0 Normative References • Provides context •3.0 Terms and Abbreviations • Describes structure of the standard •4.0 General Considerations • Explains interrelationships of clauses •5.0 Management of Cybersecurity •6.0 Risk Assessment Methods •7.0 Concept Phase Cybersecurity-specific or cybersecurity •8.0 Product Development focused management activities: •9.0 Production, Operations and Maintenance• At corporate level •10.0 Supporting Processes • For different phases of engineering lifecycle •Annexes • Over product lifetime ISO/SAE 21434 – Committee Draft Outline (3 of 4)
•1.0 Scope Methodolgy for analysis, assessment and •2.0 Normative References management of cybersecurity risk. •3.0 Terms and Abbreviations •4.0 General Considerations •5.0 Management of Cybersecurity •6.0 Risk Assessment Methods •7.0 Concept Phase Processes and activities relative to •8.0 Product Development cybersecurity engineering during •9.0 Production, Operations and Maintenance concept phase. •10.0 Supporting Processes •Annexes ISO/SAE 21434 – Committee Draft Outline (4 of 4)
•1.0 Scope Product Development phase processes and •2.0 Normative References activities (not cybersecurity focused) that •3.0 Terms and Abbreviations add to or support cybersecurity engineering. •4.0 General Considerations •5.0 Management of Cybersecurity •6.0 Risk Assessment Methods Processes and activities relative to •7.0 Concept Phase cybersecurity engineering in post- development phase. •8.0 Product Development •9.0 Production, Operations and Maintenance •10.0 Supporting Processes •Annexes General processes and activities (not cybersecurity focused) that add to or support cybersecurity engineering. ISO/SAE 21434 – High-level Timeline
ISO CD/SAE Wider Kickoff meeting Committee Ballot October 17th, 2016 …. Sept 2018 Week
ISO WD/SAE Internal ISO DIS/SAE MVC Committee Ballot Ballot April 2018 June 2019
Expect a late 2019 or 2020 release
162 ISO/SAE 21434 -- Overview of Stages WD, CD, DIS • Working Draft (WD) – Developed/reviewed by JWG participants – Informal comment resolution • Committee Draft (CD) – Request for comments sent to ISO Technical Committee & SAE Committee – 8 weeks review period/ballot; approval by consensus – Formal comment resolution process • Draft International Standard (DIS) – Request for comments sent to all ISO National Bodies and to SAE Committee – 12 weeks review period/ballot; 2/3 majority for approval – Formal comment resolution process (no technical comments for passage) – Publicly for sale 163 ISO/SAE 21434 – Committee Draft (CD)
• WD version incorporated updates from PGs until CD stage
• All normative clauses to be indicated by terms “shall” or “shall not” – Requirements to be strictly followed in order to meet ISO/SAE 21434 – No deviation is permitted from these requirements
• Rationale will be provided for each normative clause – A short explanation of the purpose of a requirement, or group of requirements
164 ISO/SAE 21434 – Committee Draft (CD)
• JWG has voted to have Cybersecurity Assurance Level (CAL) in 21434 • Decision made to including CAL:
― CAL level would indicate the required level of cybersecurity process rigor
― Methodology for determining CAL is defined in ISO/SAE 21434
― CAL is informational
• CD has just been released for comment CAL Purpose and Benefits - What problem does CAL solve? • ISO/SAE 21434 is a single standard which is to be applied to many types of items, which contain assets with different levels of criticality
• Applying all requirements of ISO/SAE 21434 in all cases is neither appropriate nor feasible
• An appropriate means of scaling the effort and costs of implementing the cybersecurity engineering process requirements is required
• The automotive distributed development process requires a common means of communicating these process requirements through the supply chain, and also within an organization
166 CAL Purpose and Benefits - How CAL helps
Appropriate scaling of engineering process Assurance / confidence The CAL concept enables scaling of the Engineering process rigour engineering process to Scaling is achieved ensure we build in based on how much Methods and measures assurance CAL sets assurance appropriate security requirements in terms while managing costs, (confidence) we need The required to have in the of the engineering without over- process rigour engineering process engineering developed item based rigour determines the on what could go applicable methods and wrong measures within the ISO/SAE 21434 requirements in order to achieve that assurance 1. CAL Purpose and Benefits - Assurance – some definitions • grounds for confidence that a TOE meets the SFRs – ISO/IEC 15408-1:2009 – Information technology — Security techniques — Evaluation criteria for IT security
• grounds for justified confidence that a claim has been or will be achieved – ISO/IEC 15026-1:2013 (also NIST SP 800-160) – Systems and software engineering — Systems and software assurance
• grounds for confidence that a deliverable meets its security objectives – ISO/IEC 21827:2008 – Information technology — Security techniques — Systems Security Engineering — Capability Maturity Model® (SSE-CMM®)
• Assurance in this context means confidence, it does not imply guarantee
168 CAL Purpose and Benefits - “Heritage” of CAL • Assurance levels are not a new invention for ISO/SAE 21434 • Variants of integrity or assurance levels can be found in other established standards: – Functional safety The different risk • IEC 61508 – Safety Integrity Level (SIL) models adopted by these standards mean • ISO 26262 – Automotive Safety Integrity Level (ASIL) that their uses of levels • DO-178 – Design Assurance Level (DAL) are not directly – Security comparable • ISO/IEC 15408 – Evaluation Assurance Level (EAL) • IEC 62443 – Security Level (SL) • None of these is suitable to use directly in ISO/SAE 21434 • However the CAL takes inspiration from several of these How CAL relates to other concepts
• CAL and Risk have a connection, but are not the same • Need to decouple CAL and dynamic Risk factors (so CAL remains as stable as
possible) Implement another Improve countermeasure countermeasure What is my current Specify countermeasure Test shows Vulnerability discovered in residual risk given countermeasure not field effective the current spec / Vulnerability fixed design / implementation? Risk (dynamic) Acceptable risk What level of assurance do I need given the criticality of the CAL assets I need to (ideal
protect? case) Concept Product Production, operation, development maintenance, decommissioning
170 How CAL relates to other concepts
• “Requirement Allocation” Value of CAL: (c.f. CAL tailoring, details still TBD) TA CAL NO CHANGE Validation Concept phase ReqA
VA System Development VA
RA (SD) phase RA Residual Risk Residual Risk
VA VA
RA HW phase RA Residual Risk Residual Risk
VA SW phase VA RA RA Residual Risk Residual Risk
Value of CAL
Value of CAL John T. Krzeszewski THANK YOU Chief Engineer, Cybersecurity Architecture Aptiv [email protected]
https://aptiv.com QUESTIONS?
172 Keynote Speaker Closing Keynote Speaker
Mike McConnell Vice Chairman of Booz Allen Hamilton Retired from the U.S. Navy as Vice Admiral
Past Positions Served as Director of the National Security Agency (DIRNSA) Served as the Intelligence Officer for the Chairman of the Joint Chiefs of Staff and the Secretary of Defense Served as U.S. Navy Intelligence Officer
TLP Green: May be shared within the Auto-ISAC Community. 11 October 2018 173 Summit Task Force Quadrant Leader STF Leader Threat Intelligence
Current Position Director, Business Development North America, Automotive Cyber Security – HARMAN Vice Chair of Auto-ISAC Affiliate Advisory Board
Past Positions Director of Sales for Atmel’s Automotive Business in the Americas Global Sales Director at Freescale Semiconductor Leadership and Engineering for International Rectifier, Mitsubishi Semiconductor and the US Navy
Education Bachelor of Science in Electrical Engineering at Grand Valley State Geoff Wood University
11 October 2018 174 2018 Auto-ISAC Summit Task Force Summit Support
Chair Vice Chair Kristie Pfosi Stephanie Scheuermann Automotive Cyber Security Cyber Threat Intelligence Specialist Senior Manager Ford Motor Company MEAA
Additional Participants: Allen Houk, Business Development – Auto In Vehicle Networking and Cyber Security, NXP Derek Benz, Chief Information Security Officer at Ford Motor Company Jeff Stewart, Assistant Vice President, Global Public Policy at AT&T Andre Weimerskirch, Vice President, Cybersecurity and Functional Safety at Lear Corporation Dvir Reznik, Sr. Marketing Manager, Automotive Cybersecurity @ HARMAN Tyler Henderson, Product Cybersecurity Specialist at Cummins Inc. Jennifer Tisdale, Director, Connected Mobility & Infrastructure at GRIMM
Auto-ISAC Staff: Candice Burke, Kim Kalinyak, Jessica Etts, Josh Poster, Heather Rosenker, Julie Kirk, Faye Francy
11 October 2018 175 Auto-ISAC Executive Director Executive Director Faye Francy Executive Director of Auto-ISAC Member of National Council of ISACs
Past Positions Executive Director of Aviation-ISAC The Boeing Company, Director ARINC, Director Forensic / Chief Chemist Aviation Security (AvSec), Senior Vice President, Owner InterSec, President & Owner
Education Bachelor’s of Science, Chemistry & Mathematics Faye Francy Master’s of Science, Forensic Chemistry
11 October 2018 176