Hi All, Please find attached the Weekly Automotive Industry Report covering April 3April 8. Auto-ISAC ThisMonthly week’s report Community includes articles Call on: Toyota partnering with Microsoft on a new cloud-based division led by the CIO, that builds chips for self-driving cars, Hyundai11 July unveiling 2018 its connected vehicle “roadmap,” and, Toyota planning to open a new autonomous vehicle research center in Michigan. Audio: 1-877-885-1087 Code: 9972152385 You Skypecan find link: past https://autoisac.adobeconnect.com/communitycall reports on site. / Please let me know if you have any questions. Have a great weekend. TLP Green: May be shared within Auto-ISAC Community. Josh TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 1 Agenda Time (ET) Topic Welcome 10:00 Why we’re here Expectations for this community Auto-ISAC Update 10:10 Auto-ISAC overview Heard around the community Featured Speakers 10:20 Justin Cappos, Professor at New York University Sebastien Awwad, Lead Developer for Uptane Around the Room 10:45 Sharing around the virtual room 10:55 Closing Remarks TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 2 Welcome Welcome to our community! Purpose: These monthly Auto-ISAC Community Meetings are an opportunity for you, our Members and connected vehicle ecosystem stakeholders, to: Stay informed of Auto-ISAC activities Share information on key vehicle cybersecurity topics Participants: Auto-ISAC Members, Potential Members, Partners, Academia, Industry Stakeholders, and Government Agencies Classification Level: TLP Green, and “off the record” Agenda: Each meeting will have three core segments: 1) Auto-ISAC Update: Our operations team will overview key activities, outcomes, and intel trends 2) Featured Speaker: We will invite an industry leader to share relevant topics of interest. Content featured on the Auto-ISAC Community Call is not considered an endorsement. Speakers are selected based on their relevant content and experience for the broader community. 3) Closing Remarks: An Auto-ISAC leader will open up for comments and sum up key takeaways How to Connect: For further info, questions, or to add other POCs to the invite, please contact Auto-ISAC Membership Engagement Lead Kim Kalinyak ([email protected]) TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 3 Welcome Expectations for this community Share – “If you see something, say something!” Submit threat intelligence Send us information on potential vulnerabilities Contribute incident reports and lessons learned Provide best practices around mitigation techniques Participate Participate in monthly virtual conference calls (1st Wednesday) If you have a topic of interest, connect with our Membership Engagement Lead, Kim Kalinyak – [email protected], to apply for a speaking opportunity at one of these calls Join If your organization is eligible, apply for Auto-ISAC membership If you aren’t eligible for membership, connect with us as a partner TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 4 Our 2018 BoD Leadership Jeff Massimilla Tom Stricker Mark Chernoby Steve Center Jeff Stewart Auto-ISAC Auto-ISAC Vice Auto-ISAC Auto-ISAC Affiliate Advisory Chairman Chairman Treasurer Secretary Board Chairman General Motors Toyota FCA Honda AT&T 2018 AAB Leadership Jeff Stewart Geoff Wood Bob Kaster Affiliate Advisory Affiliate Advisory Supplier Affinity Group Board Chair Board Vice Chair Chair AT&T Harman Bosch TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 5 Staff Updates Auto-ISAC Staff Auto-ISAC Program Operations Team Josh Poster, Program Operations Faye Francy, Executive Director Manager E: [email protected] E: [email protected] Kim Kalinyak, Membership Jessica Etts, Senior Intel Engagement Lead Coordinator E: [email protected] E: [email protected] Candice Burke, Business and Heather Rosenker, Executive Administrator Communications (Auto-Alliance) E: E:heatherrosenker@automotiveisac. [email protected] com Julie Kirk, Finance E: [email protected] TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 6 Support Updates Auto-ISAC Support Staff Auto-ISAC Support Team Denis Cosgrove, Senior Associate, BAH Meredith Shaw, Program Manager [email protected] [email protected] Pat Ruff, System Admin, Michele David, Intel Lead, BAH BAH [email protected] [email protected] Linda Rhodes, Legal Sudharson Sundararajan, Best Council, Mayer Brown Practices Lead, BAH [email protected] [email protected] Rob Geist, Accountant, Tate and Tryon Sarah Kelch, Portal Lead [email protected] [email protected] TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 7 Auto-ISAC Update Auto-ISAC overview Mission Scope Serve as an unbiased information broker to Light- and heavy-duty vehicles, commercial provide a central point of coordination and vehicle fleets and carriers. Currently, we are communication for the global automotive focused on vehicle cyber security, and industry through the analysis and sharing of anticipate expanding into manufacturing trusted and timely cyber threat information. and IT cyber related to the vehicle. Membership represents 99% Members from 7 countries 4 Best Practice of cars on the road in North America on 3 continents Guides complete, 3 more planned 19 OEM members 28 supplier & commercial vehicle 160+ 200+ members intel reports media mentions 6+ partners 50+ Coordination with 23 200+ 900+ speaking critical infrastructure ISACs active users community members engagements through the National ISAC Council TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 8 Auto-ISAC Update Recent activities What we do Highlights of key activities in June Auto- ISAC hired a Business and Executive Administrator, Candice Burke. Welcome Candice! Auto-ISAC and BPWG started developing the Best Practice Guide #6 on Threat Detection and Analysis. Auto-ISAC continued planning our Annual Summit happening in September 2018 Auto-ISAC attended the TU Automotive Summit in Detroit, MI. TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 9 Auto-ISAC Update Heard around the community CyberTruck Challenge TU Automotive June 11-15, 2018 June 6-7, 2018 • Hosted at Macomb Community College in Warren, MI. • World’s largest conference and expo for future automotive technology with 4000 attendees. • Event had two-phases including: • Hands on training for engineering • Executive Director, Faye Francy monitored a and computer science students panel with representatives from GM, Harman, understand practical aspects of and Continental that highlighted: heavy vehicle networks, • The mission of Auto- ISAC telematics, and diagnostic • How Auto-ISAC operates systems. • The different engagement opportunities • Cybersecurity analysis available. assessments on available devices and assets that provided ITS America sponsors with great value through observing and June 5-7, 2018 interacting with assessment teams. • Executive Director, Faye Francy was a participant in the Cyber Security and Risk Management Panel • Students attending the challenge came along with representatives from the State of from various universities including: Michigan and New York City Department of Colorado State University, Arizona State Transportation. University, and Virginia Tech. TLP Green: May be shared within the Auto-ISAC Community. 6 July 2018 10 Activity of Interest– what’s happening around the industry Information Sharing Topic Description Reseachers from Riscure prove that it is possible for an attacker to inject faults and bypass the UDS authentication, obtaining access to the internal Flash and SRAM memories of the targets. By analyzing the dumped Fault injection as a technique to firmware, the keys and algorithm that protect the UDS are extracted, giving bypass the security of diagnosis full access to the diagnosis services without requiring the use of fault protocol implementations injection techniques. Riscure shared their research findings for the first time at Escar 2018 on June 20-21. To read Riscures entire findings, visit https://www.riscure.com/publication/fault-injection-automotive-diagnostic- protocols/#jump-to Security Researchers from VU University will present findings at DEF CON 2018 regarding TLBleed, a novel side-channel attack that leaks information out of Translation Lookaside Buffers (TLBs). The exploit successfully leaks a 256-bit EdDSA key from cryptographic signing code, which would be safe from cache attacks with cache isolation turned on, but would no longer be TLBleed: When Protecting Your safe with TLBleed. Further, they will show how another exploit based on CPU Caches is not Enough TLBleed can leak bits from a side-channel resistant RSA implementation. This talk contains details about the architecture and complex behavior of modern, multilevel TLB's on several modern Intel microarchitectures that is undocumented, and will be publically presented for the first time. https://www.blackhat.com/us-18/briefings/schedule/#tlbleed-when-protecting- your-cpu-caches-is-not-enough-10149 Blackhat and DEF CON will take place on August 4-9 and 9-12 respectively. Both are general cybersecurity/information security conferences, they will Blackhat & DEF CON feature talks related to the automotive industry. https://defcon.org/html/defcon-26/dc-26-index.html, https://www.blackhat.com/us-18/ TLP Green: May be