Hi All,
Please find attached the Weekly Automotive Industry Report covering April 3April 8. Auto-ISAC ThisMonthly week’s report Community includes articles Call on: Toyota partnering with Microsoft on a new cloud-based division led by the CIO, that builds chips for self-driving cars, Hyundai11 July unveiling 2018 its connected vehicle “roadmap,” and, Toyota planning to open a new autonomous vehicle research center in Michigan. Audio: 1-877-885-1087 Code: 9972152385 You Skypecan find link: past https://autoisac.adobeconnect.com/communitycall reports on site. /
Please let me know if you have any questions. Have a great weekend.
TLP Green: May be shared within Auto-ISAC Community. Josh TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 1 Agenda
Time (ET) Topic
Welcome 10:00 Why we’re here Expectations for this community Auto-ISAC Update 10:10 Auto-ISAC overview Heard around the community
Featured Speakers 10:20 Justin Cappos, Professor at New York University Sebastien Awwad, Lead Developer for Uptane
Around the Room 10:45 Sharing around the virtual room
10:55 Closing Remarks
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 2 Welcome Welcome to our community!
Purpose: These monthly Auto-ISAC Community Meetings are an opportunity for you, our Members and connected vehicle ecosystem stakeholders, to: Stay informed of Auto-ISAC activities Share information on key vehicle cybersecurity topics
Participants: Auto-ISAC Members, Potential Members, Partners, Academia, Industry Stakeholders, and Government Agencies
Classification Level: TLP Green, and “off the record”
Agenda: Each meeting will have three core segments: 1) Auto-ISAC Update: Our operations team will overview key activities, outcomes, and intel trends 2) Featured Speaker: We will invite an industry leader to share relevant topics of interest. Content featured on the Auto-ISAC Community Call is not considered an endorsement. Speakers are selected based on their relevant content and experience for the broader community. 3) Closing Remarks: An Auto-ISAC leader will open up for comments and sum up key takeaways
How to Connect: For further info, questions, or to add other POCs to the invite, please contact Auto-ISAC Membership Engagement Lead Kim Kalinyak ([email protected])
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 3 Welcome Expectations for this community
Share – “If you see something, say something!” Submit threat intelligence Send us information on potential vulnerabilities Contribute incident reports and lessons learned Provide best practices around mitigation techniques
Participate Participate in monthly virtual conference calls (1st Wednesday) If you have a topic of interest, connect with our Membership Engagement Lead, Kim Kalinyak – [email protected], to apply for a speaking opportunity at one of these calls
Join If your organization is eligible, apply for Auto-ISAC membership If you aren’t eligible for membership, connect with us as a partner
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 4 Our 2018 BoD Leadership
Jeff Massimilla Tom Stricker Mark Chernoby Steve Center Jeff Stewart Auto-ISAC Auto-ISAC Vice Auto-ISAC Auto-ISAC Affiliate Advisory Chairman Chairman Treasurer Secretary Board Chairman General Motors Toyota FCA Honda AT&T
2018 AAB Leadership Jeff Stewart Geoff Wood Bob Kaster Affiliate Advisory Affiliate Advisory Supplier Affinity Group Board Chair Board Vice Chair Chair AT&T Harman Bosch
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 5 Staff Updates Auto-ISAC Staff
Auto-ISAC Program Operations Team
Josh Poster, Program Operations Faye Francy, Executive Director Manager E: [email protected] E: [email protected]
Kim Kalinyak, Membership Jessica Etts, Senior Intel Engagement Lead Coordinator E: [email protected] E: [email protected]
Candice Burke, Business and Heather Rosenker, Executive Administrator Communications (Auto-Alliance) E: E:heatherrosenker@automotiveisac. [email protected] com
Julie Kirk, Finance E: [email protected]
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 6 Support Updates Auto-ISAC Support Staff Auto-ISAC Support Team
Denis Cosgrove, Senior Associate, BAH Meredith Shaw, Program Manager [email protected] [email protected]
Pat Ruff, System Admin, Michele David, Intel Lead, BAH BAH [email protected] [email protected]
Linda Rhodes, Legal Sudharson Sundararajan, Best Council, Mayer Brown Practices Lead, BAH [email protected] [email protected]
Rob Geist, Accountant, Tate and Tryon Sarah Kelch, Portal Lead [email protected] [email protected]
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 7 Auto-ISAC Update Auto-ISAC overview
Mission Scope Serve as an unbiased information broker to Light- and heavy-duty vehicles, commercial provide a central point of coordination and vehicle fleets and carriers. Currently, we are communication for the global automotive focused on vehicle cyber security, and industry through the analysis and sharing of anticipate expanding into manufacturing trusted and timely cyber threat information. and IT cyber related to the vehicle.
Membership represents 99% Members from 7 countries 4 Best Practice of cars on the road in North America on 3 continents Guides complete, 3 more planned 19 OEM members 28 supplier & commercial vehicle 160+ 200+ members intel reports media mentions 6+ partners
50+ Coordination with 23 200+ 900+ speaking critical infrastructure ISACs active users community members engagements through the National ISAC Council
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 8 Auto-ISAC Update Recent activities What we do
Highlights of key activities in June
Auto- ISAC hired a Business and Executive Administrator, Candice Burke. Welcome Candice! Auto-ISAC and BPWG started developing the Best Practice Guide #6 on Threat Detection and Analysis. Auto-ISAC continued planning our Annual Summit happening in September 2018 Auto-ISAC attended the TU Automotive Summit in Detroit, MI.
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 9 Auto-ISAC Update Heard around the community
CyberTruck Challenge TU Automotive June 11-15, 2018 June 6-7, 2018 • Hosted at Macomb Community College in Warren, MI. • World’s largest conference and expo for future automotive technology with 4000 attendees. • Event had two-phases including: • Hands on training for engineering • Executive Director, Faye Francy monitored a and computer science students panel with representatives from GM, Harman, understand practical aspects of and Continental that highlighted: heavy vehicle networks, • The mission of Auto- ISAC telematics, and diagnostic • How Auto-ISAC operates systems. • The different engagement opportunities • Cybersecurity analysis available. assessments on available devices and assets that provided ITS America sponsors with great value through observing and June 5-7, 2018 interacting with assessment teams. • Executive Director, Faye Francy was a participant in the Cyber Security and Risk Management Panel • Students attending the challenge came along with representatives from the State of from various universities including: Michigan and New York City Department of Colorado State University, Arizona State Transportation. University, and Virginia Tech.
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 10 Activity of Interest– what’s happening around the industry Information Sharing
Topic Description Reseachers from Riscure prove that it is possible for an attacker to inject faults and bypass the UDS authentication, obtaining access to the internal Flash and SRAM memories of the targets. By analyzing the dumped Fault injection as a technique to firmware, the keys and algorithm that protect the UDS are extracted, giving bypass the security of diagnosis full access to the diagnosis services without requiring the use of fault protocol implementations injection techniques. Riscure shared their research findings for the first time at Escar 2018 on June 20-21. To read Riscures entire findings, visit https://www.riscure.com/publication/fault-injection-automotive-diagnostic- protocols/#jump-to Security Researchers from VU University will present findings at DEF CON 2018 regarding TLBleed, a novel side-channel attack that leaks information out of Translation Lookaside Buffers (TLBs). The exploit successfully leaks a 256-bit EdDSA key from cryptographic signing code, which would be safe from cache attacks with cache isolation turned on, but would no longer be TLBleed: When Protecting Your safe with TLBleed. Further, they will show how another exploit based on CPU Caches is not Enough TLBleed can leak bits from a side-channel resistant RSA implementation. This talk contains details about the architecture and complex behavior of modern, multilevel TLB's on several modern Intel microarchitectures that is undocumented, and will be publically presented for the first time. https://www.blackhat.com/us-18/briefings/schedule/#tlbleed-when-protecting- your-cpu-caches-is-not-enough-10149 Blackhat and DEF CON will take place on August 4-9 and 9-12 respectively. Both are general cybersecurity/information security conferences, they will Blackhat & DEF CON feature talks related to the automotive industry. https://defcon.org/html/defcon-26/dc-26-index.html, https://www.blackhat.com/us-18/
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 11 Auto-ISAC Update Event outlook
Connect with us at upcoming events:
Nuit du Hack June 30- July 1, Paris, France
Auto-ISAC Community Call *** July 11, Virtual Telecon
Auto- ISAC Member Analyst Workshop*** July 17-18, Plano, TX
Auto-ISAC Board of Directors Meeting *** July 19, Plano, TX
SAE CyberAuto Challenge™ July 22- 27, Detroit, MI
For full 2018 calendar, visit www.automotiveisac.com
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 12 Featured Speaker Speaker series overview
Why do we feature speakers? These calls are an opportunity for information exchange Our goal is to help the vehicle cyber community mature
What does it mean to be featured? We try to balance perspectives across our ecosystem—including government, academia, research, industry associations, security solutions providers—to showcase a rich, balanced variety of topics and viewpoints throughout the year Featured speakers are not endorsed by Auto-ISAC Featured speakers do not speak on behalf of Auto-ISAC
How can I be featured? If you have a topic of interest you would like to share with the broader Auto-ISAC Community, then we encourage you to contact our Membership Engagement Lead, Kim Kalinyak ([email protected])
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 13 Featured Speaker Welcome to today’s speakers
Justin Cappos is a professor in the Computer Science and Engineering department at New York University. His research advances are adopted into production use by Docker, git, Python, VMware, automobiles, Cloudflare, Digital Ocean, and most Linux distributions. His Uptane project is integrated into Automotive Grade Linux and is being deployed for secure over-the-air updates by major automakers. His TUF project, which focuses on secure software distribution, was recently adopted by the Linux foundation and was the first cloud security technique standardized. Due to the practical impact of his work, Justin was named to Popular Science's Brilliant 10 list in 2013.
Sebastien Awwad is the lead developer for Uptane and a developer for The Update Framework. He has spent the past several years working on the security of software update systems. In the past, he's worked on real-time experimental systems, banking software, and computational neuroscience.
Abstract: Uptane is the first compromise-resilient software update security system for the automotive industry. Unlike other software update security systems (e.g., OMA-DM, SSL / TLS, signing updates with a single offline GPG / RSA key, etc.), it addresses a comprehensive threat model. It is designed to make it extremely difficult for attackers to be able to install malware on all vehicles maintained by a manufacturer, even if attackers have compromised some keys used to sign updates. At the same time, Uptane has been designed to be extremely flexible, so as to accommodate a wide variety of deployment scenarios, and allows on-demand customization of updates installed on vehicles.
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 14 Uptane Securing Over-the-Air Updates
Justin Cappos New York University What do these companies have in common? What do these companies have in common?
Users attacked via software updater! Software repository compromise impact • SourceForge mirror distributed malware. • Attackers impersonate Microsoft Windows Update to spread Flame malware. • Attacks on software updaters have massive impact • E.g. South Korea faced 765 million dollars in damages. • NotPetya spread via software updates! The modern automobile Airbag Control Unit Engine Control Unit
Radio HVAC
BrakeABS Line Exhaust TCU
Transmission Keyless Entry Internet/ PSTN Anti-Theft
Body Controller Telematics _ Locks/Lights/Etc 19 Cars Are Dangerous
◼ Researchers have made some scary attacks against vehicles ▪ remotely controlling a car's brakes and steering while it's driving ▪ spontaneously applying the parking brake at speed ▪ turning off the transmission ▪ locking driver in the car
Cars are multi-ton, fast-moving weapons People will die Updates Are Inevitable
◼ Millions of lines of code means bugs ◼ Regulations change -> firmware must change ◼ Maps change ◼ Add new features ◼ Close security holes ◼ Cars move across borders… Updates Must Be Practical
◼ Updating software/firmware has often meant recalls. ◼ Recalls are extremely expensive ▪ GM spent $4.1 billion on recalls in 2014 ▪ GM's net income for 2014 was < $4 billion ▪ People do not like recalls. ◼ Updates must be over the air. Updates Are Dangerous
◼ Update -> Control Secure Updates
◼ Nation-state actors pull off complex attacks ▪ Must not have a single point of failure What to do?
Must update to fix security issues Insecure update mechanism is a new security problem
“...No one Can Hack My Mind”: Comparing Expert and Non- Expert Security Practices Ion, et al. SOUPS 2015 Attacks
What are some of the attacks? Arbitrary software attack
Repository Is there an update?
ECU-1 ECU-1 v.10 v.12 Here is an update...
ECU-1 v.Evil
27 Freeze attack
Repository Is there an update?
ECU-1 ECU-1 v10 v12 Same old, same old! ECU-1 v10
28 Rollback attack
Repository Is there an update?
ECU-1 ECU-1 v10 v12 Here is an update
ECU-1 v1
29 Slow retrieval attack
Repository Is there an update?
ECU-1 ECU-1 v10 v12 Y … e … a … h … …
30 Mix and Match attacks
Repository Is there an update? Bundle-2 ECU-2 ECU-1 v10 ECU-1 ECU-2 v10 v12 v12 Here is an update
ECU-1 v11 ECU-2 v12
31 Partial Freeze attack
Repository Is there an update? Bundle-2 ECU-2 ECU-1 v10 ECU-1 ECU-2 v10 v12 v12 Here is an update
ECU-1 v12 ECU-2 v12
32 So how do people try to prevent these attacks? Update Basics
Repository
xyz.tgz, pls Client
xyz.tgz Inadequate Update Security 1: TLS/SSL
Traditional solution 1:
Authenticate the repository (TLS, SSL, etc) XYZ
Repository Key XYZ speaks for domain repo.net xyz.tgz, pls Client
Certificate Authority xyz.tgz Inadequate Update Security 2: TLS/SSL
Transport Layer Security: Problem 1
XYZ Client has to trust all of these Certificate Authorities Repository Key XYZ speaks for domain repo.net xyz.tgz, pls Client
Certificate Authority xyz.tgz Inadequate Update Security 3: TLS/SSL
Transport Layer Security: Problem 2
Client has to trust this key.
… which HAS to exist ON the repository, to XYZ sign communications continuously. Repository Key XYZ speaks for domain repo.net xyz.tgz, pls Client
Certificate Authority xyz.tgz Inadequate Update Security 4: Just Sign!
Traditional Solution 2: Sign your update package with a specific key. Updater ships with corresponding public key. XYZ Client has to trust this key … used for every update to the repository. Repository … key ends up on repo or build farm.
If an attacker gains the use of this key, they xyz.tgz, pls Client can install arbitrary code on any client.
xyz.tgz Update Security
We need: ● To survive server compromise with the minimum possible damage. ○ Avoid arbitrary package attacks ● Minimize damage of a single key being exposed ● Be able to revoke keys, maintaining trust ● Guarantee freshness to avoid freeze attacks Repository ● Prevent mix and match attacks ● Prevent rollback attacks ● Prevent slow retrieval attacks ● ... xyz.tgz, pls Client
Must not have single point of failure! xyz.tgz The Update Framework (TUF)
Linux Foundation CNCF project
CII Best Practices Silver Badge
TUF goal “Compromise Resilience”
● TUF secures software update files ● TUF emerges from a serious threat model: ○ We do NOT assume that your servers are perfectly secure ○ Servers will be compromised ○ Keys will be stolen or used by attackers ○ TUF tries to minimize the impact of every compromise The Update Framework (TUF)
Responsibility Separation
Root of trust
content consistency
timeliness 41 The Update Framework (TUF)
TUF Roles Overview
Root Timestamps Snapshot Targets
(root of trust) (timeliness) (consistency) (integrity) 42 The Update Framework (TUF)
Repository
Role metadata (root, targets, timestamp, snapshot)
xyz.tgz, pls Client
xyz.tgz Automobiles present particular difficulties.
The modernAirbag Control automobile Unit Engine Control Unit
Radio HVAC
BrakeABS Line Exhaust TCU
Transmission Keyless Entry Internet/ PSTN Anti-Theft
Body Controller Telematics _ Locks/Lights/Etc 44 Uptane builds on The Update Framework (TUF)
● Timeserver ● Multiple Repositories: Director and Image Repository ● Manifests ● Primary and Secondary clients ● Full and Partial verification Uptane: Client-side Basics
Cell Network SecondarySecondary Secondary Secondary Secondary Primary SecondarySecondary Client SecondarySecondary SecondarySecondary Secondary Uptane: High level view
Full Verification Time Server Image Vehicle (FV) (Section 7) (Section 8) Repository Secondary … (Section 5) FV Secondary
Partial Director Verification metadata (PV) & images Primary Repository Secondary (Section 6) ECU … PV vehicle Secondary Inventory manifests Director Database Time server
48 Time server
Primary ● A primary sends a list of tokens, one for each ECU, to the time server.
(1) (2) ● An automated process on the vehicle sends receives time server returns a signed time list of signed current time server tokens & list of tokens message containing: (1) the list of tokens, and (2) the current time.
Automated process
49 Image repository
50 signs metadata for signs root keys for delegates images to The image repository signs for images
OEM-managed supplier-managed
A A1.img root
B*.img timestamp snapshot targets B B3.img
● When possible, OEM delegates updates for D CA5.img ECUs to suppliers. C ● Delegations are flexible, and accommodate a E CB2.img variety of arrangements.
Metadata 51 Director repository
52 Primary Director repository (1) (4) sends receives ● Records vehicle version vehicle vehicle link to manifests. timestamp repository version manifest metadata ● Determines which ECUs timestamp install which images. (3) metadata
● Produces different w metadata for different Automated r snapshot process i metadata vehicles. t ● May encrypt images per e (2) reads & writes s targets ECU. metadata ● Has access to an Inventory database inventory database. encrypted image 53 Big picture
Full Verification Time Server Image Vehicle (FV) (Section 7) (Section 8) Repository Secondary … (Section 5) FV Secondary
Partial Director Verification metadata (PV) & images Primary Repository Secondary (Section 6) ECU … PV vehicle Secondary Inventory manifests Director Database
54 Uptane workflow on vehicle
55 Downloading updates (1)
● Primary receives an ECU Version Manifest and a nonce from each Secondary. ● Primary produces Vehicle Version Manifest, a signed record of what is installed on Secondaries ● Primary sends VVM to Director ● Primary sends nonces to Timeserver
56 Downloading updates (2)
● Timeserver returns the signed [time and nonces] to the Primary.
57 Downloading updates (3)
● The primary downloads metadata from both the Director and Image repositories on behalf of all ECUs ● The primary performs full verification of metadata on behalf of all secondaries.
58 Full verification
1. Load the latest downloaded time from the time server. 2. Verify metadata from the director repository. a. Check the root metadata file. b. Check the timestamp metadata file. c. Check the snapshot metadata file. d. Check the targets metadata file. 3. Download and verify metadata from the image repository. a. Check the root metadata file. b. Check the timestamp metadata file. c. Check the snapshot metadata file, especially for rollback attacks. d. Check the targets metadata file. e. For every image A in the director targets metadata file, perform a preorder depth-first search for the same image B in the targets metadata from the image repository, and check that A = B.
4. Return an error code indicating a security attack, if any. 59 Partial verification
1. Load the latest downloaded time from the time server. 2. Load the latest top-level targets metadata file from the director repository. a. Check for an arbitrary software attack. This metadata file must have been signed by a threshold of keys specified in the previous root metadata file. b. Check for a rollback attack. c. Check for a freeze attack. The latest downloaded time should be < the expiration timestamp in this metadata file. d. Check that there are no delegations. e. Check that every ECU identifier has been represented at most once. 3. Return an error code indicating a security attack, if any.
60 Uptane status / wrap up
61 Uptane “Reference” Implementation
● Goal: Assist other implementers ○ Code readability is a primary goal
● Not the most popular implementation in practice (by design) ○ Readability > performance / implementation size ■ Most TUF deployments do not use the reference implementation ○ Useful as a reference, conformance testing, etc.
● Open source, free to use (MIT License) ○ Other groups are free to contribute!
62 Security Reviews
Reviews of implementations and design:
○ Cure53 audited ATS's Uptane implementation ○ NCC Group audited Uptane's reference implementation (pre-TUF fork) ○ SWRI finalizing Uptane reference implementation / specification audit ○ ...
63 Uptane Integration
Work closely with vendors, OEMs, etc. ● Security reps from 78% of cars ● Many top suppliers / vendors ○ ~12-35% of cars on US roads ● Automotive Grade Linux ● OEM integrations ○ Easy to integrate! Press
○ Dozens of articles ○ TV / Radio / Newspapers / Magazines
65 Get Involved With Uptane!
● Workshops ● Technology demonstration ● Compliance tests ● Standardization ( IEEE / ISTO ) ● Join our community! (email: [email protected] or go to the Uptane forum)
https://uptane.github.io/
66 For more details, please see the Implementation Specification and other documentation at uptane.github.io
67 Around the Room Open discussion
What questions or topics would you like to address?
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 68 Closing Remarks How to get involved: Membership
If you are an OEM, supplier or commercial vehicle company, now is a great time to join Auto-ISAC. Key benefits this year include:
• Real-time Intelligence Sharing • Intelligence Summaries • Crisis Notifications • Member Contact Directory • Development of Best Practice Guides • Exchanges and Workshops • Webinars and Presentations • Annual Auto-ISAC Summit Event
To learn more about Auto-ISAC Membership or Partnership, please contact Kim Kalinyak ([email protected]).
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 69 Strategic Partnership Programs Strategic Partners
Solutions Associations Affiliations Community Providers Industry associations and Companies interested in Government, academia, For-profit companies that others who want to engaging the automotive research, non-profit orgs sell connected vehicle support and invest in the ecosystem and supporting with complementary cybersecurity products & Auto-ISAC activities. - educating the community. services. missions to Auto-ISAC.
Examples: Hacker ONE, Examples: Auto Alliance, Examples: NCI, A-ISAC, Examples: Summit SANS, IOActive Global Auto, ATA DHS, NHTSA sponsorship – key events
INNOVATOR NAVIGATOR COLLABORATOR BENEFACTOR Paid Partnership Support Partnership Coordination Sponsorship Partnership Partnership - Annual investment - Provides guidance and - “See something, say - Participate in monthly and agreement support something” community calls - Specific commitment - Annual definition of - May not require a formal - Sponsor Summit to engage with ISAC activity commitments agreement - Network with Auto - In-kind contributions and expected outcomes - Information exchanges- Community allowed - Provides guidance on coordination activities - Webinar / Events key topics / activities
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 70 Strategic Partnership Programs Future Plans
Intel Sharing Some partners submit relevant data, insights and papers addressing threats against the automotive industry. Access to Auto-ISAC Reports Our partners receive Auto-ISAC TLP Green/White reports Research and special reports at Auto-ISAC’s discretion. Some partners share white papers and research projects—on threats & vulnerabilities—with our members. Branding on the Auto-ISAC Website Partner names and/or logos will be featured on the Auto-
Webinars ISAC public-facing website. Benefits We are open to partners presenting at our Community Town Halls, with audience including members & beyond. Community Town Halls
We invite you to monthly calls featuring experts across the Activities Member Discounts connected vehicle ecosystem. Some partners promote discounts or special offers for services (e.g. conferences, software licenses). Annual Executive Call Our executives will host a call once a year for all Members Other and partners to present our strategic goals and priorities. We are open to other types of in-kind support (e.g. training, infrastructure support) based on your expertise. Summit Booth Priority Partners will receive priority booth selection at future Auto-ISAC Summits.
This document is Auto-ISAC Sensitive and Confidential. 6 July 2018 71 Our contact info
Josh Poster Program Operations Manager
Booz Allen Hamilton Inc. 20 M Street SE Washington, DC 20003 Faye Francy [email protected] Executive Director
Booz Allen Hamilton Inc. Kim Kalinyak 20 M Street SE Membership Engagement Washington, DC 20003 Lead 703-861-5417 [email protected]
Booz Allen Hamilton Inc. 20 M Street SE Washington, DC 20003 240-422-9008 [email protected]
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 72 Our contact info
Jessica Etts Meredith Shaw Senior Intel Coordinator Transition Support
Booz Allen Hamilton Inc. Booz Allen Hamilton Inc. 20 M Street SE 901 15th Street Northwest Washington, DC 20003 Washington, DC 20005 [email protected] 703-377-9853 [email protected]
Candice Burke M Michele David Business and Executive Intel Coordinator Administrator
Booz Allen Hamilton Inc. Booz Allen Hamilton Inc. 901 15th Street Northwest 20 M Street SE Washington, DC 20005 Washington, DC 20003 [email protected] [email protected] m
TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 73