auto-isac community call · 2018-10-26 · tlp green: may be shared within the auto-isac community....
TRANSCRIPT
129 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Hi All,
Please find attached the Weekly Automotive Industry Report covering April 3April 8.
This week’s report includes articles on:
Toyota partnering with Microsoft on a new cloud-based division led by the CIO,
that builds chips for self-driving cars,
Hyundai unveiling its connected vehicle “roadmap,” and,
Toyota planning to open a new autonomous vehicle research center in Michigan.
You can find past reports on site.
Please let me know if you have any questions. Have a great weekend.
Josh
Auto-ISACMonthly Community Call
4 April 2018
Audio: 1-877-885-1087 Code: 9972152385
Skype link: https://meet.ne.bah.com/kalinyak_kim/LC6CPLKH
TLP Green: May be shared within Auto-ISAC Community.
229 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Agenda
Time (ET) Topic
10:00
Welcome
Why we’re here
Expectations for this community
10:10
Auto-ISAC Update
Auto-ISAC overview
Heard around the community
10:20
Featured Speaker
Urban Jonson, Chief Technology Officer for National Motor Freight
Traffic Association, Inc.
10:45Around the Room
Sharing around the virtual room
10:55 Closing Remarks
329 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Welcome to our community!
Welcome
Purpose: These monthly Auto-ISAC Community Meetings are an opportunity for you,
our Members and connected vehicle ecosystem stakeholders, to:
Stay informed of Auto-ISAC activities
Share information on key vehicle cybersecurity topics
Participants: Auto-ISAC Members, Potential Members, Partners, Academia, Industry
Stakeholders, and Government Agencies
Classification Level: TLP Green, and “off the record”
Agenda: Each meeting will have three core segments: 1) Auto-ISAC Update: Our operations team will overview key activities, outcomes, and intel trends
2) Featured Speaker: We will invite an industry leader to share relevant topics of interest. Content
featured on the Auto-ISAC Community Call is not considered an endorsement. Speakers are
selected based on their relevant content and experience for the broader community.
3) Closing Remarks: An Auto-ISAC leader will open up for comments and sum up key takeaways
How to Connect: For further info, questions, or to add other POCs to the invite, please
contact Auto-ISAC Membership Engagement Lead Kim Kalinyak
429 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Expectations for this community
Share – “If you see something, say something!”
Submit threat intelligence
Send us information on potential vulnerabilities
Contribute incident reports and lessons learned
Provide best practices around mitigation techniques
Participate
Participate in monthly virtual conference calls (1st Wednesday)
If you have a topic of interest, connect with our Membership Engagement
Lead, Kim Kalinyak – [email protected], to apply for a
speaking opportunity at one of these calls
Join
If your organization is eligible, apply for Auto-ISAC membership
If you aren’t eligible for membership, connect with us as a partner
Welcome
529 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Our 2018 BoD Leadership
Jeff Massimilla
Auto-ISAC
Chairman
General Motors
Tom Stricker
Auto-ISAC Vice
Chairman
Toyota
Mark Chernoby
Auto-ISAC
Treasurer
FCA
Steve Center
Auto-ISAC
Secretary
Honda
Jeff Stewart
Affiliate Advisory
Board Chairman
AT&T
Business Updates
Jeff Stewart
Affiliate Advisory
Board Chair
AT&T
Geoff Wood
Affiliate Advisory
Board Vice Chair
Harman
Bob Kaster
Supplier Affinity Group
Chair
Bosch
2018 AAB
Leadership
629 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC Staff
Auto-ISAC Program Team
Faye Francy, Executive
Director
E:
Josh Poster, Program
Operations Manager
E:
m
Kim Kalinyak, Membership
Engagement Lead
E:
om
Jacqueline Bress, Business
Administrator
E.
jacquelinebress@automotiveis
ac.com
Jessica Etts, Senior Intel
Coordinator
E:
m
Heather Rosenker, Marketing
Julie Kirk, Finance
E:
Wrap Up
729 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC Counsel
Auto-ISAC Program Team
Denis Cosgrove, Senior
Associate
Meredith Shaw, Transition
Support
Michele David, Intel Lead
[email protected] Tim Lin, Best Practices Lead
Linda Rhodes, Legal Council
[email protected] Ruff, System Admin
Wrap Up
829 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC overview
Mission Scope
Serve as an unbiased information broker to
provide a central point of coordination and
communication for the global automotive
industry through the analysis and sharing of
trusted and timely cyber threat information.
Light- and heavy-duty vehicles, commercial
vehicle fleets and carriers. Currently, we are
focused on vehicle cyber security, and
anticipate expanding into manufacturing
and IT cyber related to the vehicle.
900+community members
Membership represents 99%of cars on the road in North America
200+active users
Members from 7 countries
on 3 continents
17 OEM members
Coordination with 23critical infrastructure ISACs
through the National ISAC Council
160+intel reports
200+media mentions
6+ partners
50+speaking
engagements
4 Best Practice
Guides complete,3 more planned
27 supplier &
commercial vehicle members
Auto-ISAC Update
929 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Recent activities
Auto-ISAC Update
What we do
Highlights of key activities in March
Auto-ISAC completed the TLP White release of first 2 Best Practice Guides
Auto-ISAC and BPWG executed the plan for Best Practice Guide #5 on Security by
Design
Auto-ISAC started planning our Annual Summit happening in September 2018
Auto-ISAC hosted the National Council of ISACs Meeting in Washington, DC
Auto ISAC attended the 7th IQPC Annual Cyber Security Summit in Detroit, MI
1029 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC Update
Heard around the community
National Council of ISACs
Meeting
Washington, DC (March 14)
• Automotive ISAC hosted quarterly face
to face meeting of the National Council
of ISACs where over 40
representatives from member ISACs
and Partner Organizations attended
• The National Council of ISACs (NCI)
celebrated it’s 15th Anniversary
• Topics of discussion included:
• The challenge of legal impedance to
sharing was raised, so this seems to
continue to plague information
exchange
• More training and sharing of the
protocols were discussed
• DHS provided presentations around
the reorganization of the NCCIC and
services for private industry
Office of Director of National
Intelligence (ODNI) Meeting
Washington, DC (March 15)
• Overall theme was around Supply Chain Risk
Management
• Speakers included:
• Jason Herring, Dep Assistant Director of
National Intel for Partner Engagement
(ODNI)
• Joyce Correll, Assistant Director, National
Counterintelligence & Security Center
• Jeff Haas, Global Head of Agriculture, Food
and Beverage Thompson Reuters/Supply
Chain & Commodities
• Israel Martinez, Chairman and Chief
Executive Officer Axon Global Services
• Jane Holl Lute, President and Chief
Executive Officer SICPA North America
1129 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Connect with us at upcoming events:
Auto-ISAC Community Call April 4 Virtual Telcon
SAE World Congress *** Apr. 10- 12 Detroit, MI
Connect2Car at SAE World Congress Apr. 10- 12 Detroit, MI
Bsides San Francisco April 15- 16 San Francisco, CA
RSA Conference Apr. 16- 20 San Francisco, CA
IoT Tech Expo Global Apr. 18- 19 London, UK
NMFTA Training Apr. 23- 27 Sparta, Michigan
Auto- ISAC Member Analyst Workshop*** April 24- 25 Washington, DC
Auto- ISAC Board of Directors Meeting *** April 26 Washington, DC
Event outlook
Auto-ISAC Update
For full 2018 calendar, see attached industry and Auto ISAC calendar.
Smart Vehicles. Smart Infrastructures.May 7-8 | Chicago
Featured Presentation:
Connecting the Community:
Auto-ISAC’s Support Role
in the Industry
Presented by Faye Francy
Executive Director, Auto-ISAC
TRAININGMay 1-6
SUMMITMay 7-8
sans.org/AutoSummit
• SEC401 – Security Essentials Bootcamp
• SEC504 – Hacker Tools, Techniques,
Exploits, & Incident Handling
• SEC560 – Network Penetration Testing
& Ethical Hacking
• FOR508 – Advanced Digital Forensics,
Incident Response, & Threat Hunting
1329 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Speaker series overview
Featured Speaker
Why do we feature speakers?
These calls are an opportunity for information exchange
Our goal is to help the vehicle cyber community mature
What does it mean to be featured?
We try to balance perspectives across our ecosystem—including
government, academia, research, industry associations, security solutions
providers—to showcase a rich, balanced variety of topics and viewpoints
throughout the year
Featured speakers are not endorsed by Auto-ISAC
Featured speakers do not speak on behalf of Auto-ISAC
How can I be featured?
If you have a topic of interest you would like to share with the
broader Auto-ISAC Community, then we encourage you to contact
our Membership Engagement Lead, Kim Kalinyak
1429 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Welcome to today’s speakers
Featured Speaker
Abstract:. Urban Jonson will provide an update on the NMFTA Heavy Vehicle Cyber
Security program’s on-going research projects and activities including an upcoming white
paper on electric vehicles and charging infrastructure, firewall for diagnostic port based
telematics products, J1939 data.
Urban Jonson is the Chief Technology Officer and
the Program Manager of the Heavy Vehicle Cyber
Security (HVCS) program for National Motor Freight
Traffic Association, Inc., (NMFTA). Urban has over
30 years of experience in information technology,
complex systems analysis, and information
technology security. NMFTA is nonprofit
membership organization headquartered in
Alexandria, Virginia who represents over 500
carriers who collectively operate close to 200,000
power units generating $100 billion in freight
revenue.
Right now, Urban’s main area of interest is in heavy
vehicle cyber security, cybersecurity talent
development, and autonomous cyber defense of
complex systems.
Heavy Vehicle Cybersecurity Program
Automotive ISAC Community Call
April 4th 2018
About NMFTA
• Industry non-profit representing more than 500 companies operating in interstate, intrastate, and foreign commerce in both US and Canada representing over $100 billion in freight revenue
• Our members operate close to 200,000 trucks on the road
• National Motor Freight Classification (NMFC)
• Standard Carrier Alpha Code (SCAC)
• Standard Point Location Code (SPLC)
• Other activities to the benefit of the transportation industry
HVCS Program
“Bringing together private industry, government, trade associations, and academia to work on the
transportation cyber security problem on a shortened time table”
NMFTA HVCS Activities
• Sponsoring ongoing industry workshops
• Sponsoring and conducting industry research
• Student research programs
• Scholarship program
• NMFTA & DOT Volpe collaboration• Research
• Information dissemination
• Overlapping DOT/Volpe support for DHS
• An other industry activities
NMFTA HVCS Research
White papers/Bulletins• Heavy vehicle cyber security - September 2015
• Heavy Vehicle cyber security bulletin – September 2016
• Electronic Logging Device cyber security bulletin – August 2017
• Heavy Electric Vehicle and Vehicle Charging Infrastructure Cyber
Security – Tentative May 2018
• Other event or issue based bulletins and notices
DOT/Volpe Project - US fleet composition
Other activities
NMFTA Heavy Vehicle Portfolio Survey
• Of the 3.6 million class 7 and 8 vehicles in operation manufactured in or after the year 2000, 25% are from the years 2005-2007, and 34% are from the years 2012-2016. The popularity of vehicles from these model years makes them a high priority for cybersecurity research, potentially including analysis of common ECUs shared across OEMs
• This means 59% of all vehicles come from 7 model years. Model year is noteworthy from a cybersecurity perspective because vehicles across brands manufactured during the same manufacturing cycle often share electronic components manufactured by the same supplier, or new industry standard technologies, such as wireless connectivity, which increase the cybersecurity risk regardless of manufacturer
• Our studies indicate that there may be as much as 60% commonality in CAN network traffic between OEMs due to J1939 interoperability
Student Education
• University of Tulsa Cyber Truck Experience (CyTeX)
• Partial Student Scholarships
• Support for Cyber Truck Challenge
… building the engineers of tomorrow
University of Tulsa Student Cyber Truck Research Experience Program
CyberTruck Challenge
CyberTruck Challenge
• Includes Teams from the following schools• The University of Tulsa
• U.S. Military Academy (West Point)
• Penn State
• Virginia Tech
• Univ. of Michigan – Dearborn
• Eastern Michigan
• University of Cincinnati
• Walsh College
• Colorado State University
A 32 GB SD card could hold about 189
hours or just under 8 days’ worth of 100%
bus load data. Since a truck is not always
on and is not at 100% busload, it is likely a
truck could go for 2 weeks with a 32GB card
https://github.com/heavy-Vehicle-Networking-at-U-Tulsa/NMFTA-CAN-Logger
CAN Data Collection Project
CAN Data Collection Project
• Complete bus data collection from diagnostic port via motor freight carrier members of NMFTA and other researchers
• Not sample data but complete data sets from normal commercial operations
• Examples include short runs, deliveries, long haul as well as attack data
• 3rd party analysis environment for research and product development
Collected Data Metrics
• 44 batches of data collected
• 4,335 hours of CAN run time data
• Approximately 2.4 million messages per hour
• Approximately 600 messages per second
• Approximately 10.2 billion CAN messages in total
27
NSF GOALI Grant
SaTC: CORE: Small: Collaborative: GOALI: Detecting and Reconstructing Network Anomalies and Intrusions in Heavy Duty
Vehicles
• Collaboration between The University of Tulsa, Colorado State University (Dr. Indrakshi Ray), and NMFTA.
• GOALI = Grant Opportunities for Academic Liaison with Industry
• Objectives:• Gather data with logging devices.• Make the data available for the broader community• Analyze data to figure out if detection systems will work
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1715409&HistoricalAwards=false
28
Data Diode Project
• A private industry effort to mitigate cyber security issues concerning US DOT mandated Electronic Logging Devices (ELDs)
• A small hardware based CAN one-way firewall suitable for devices plugging directly into CAN diagnostic port or in-line for other applications
• Collaboration between NMFTA, University of Tulsa, and private industry
• Mostly open source and resulting design, code, etc. will be publically available
29
State of the industry
What we are seeing that is going well…
• Engagement by OEMs, Tier 1s, and telematics providers• Risk assessments by all stakeholders across verticals• Fleet owners/operators are starting to get the idea• Building of a community
Things that we see where we need to improve…
• Clear, open, and honest communication• Better coordination• Additional planning (incident response, coordinated
responsible disclosure)• More engagement (not everyone is on board yet)
HVCS List Service
https://hvcslistservice.nmfta.org
• Email distribution system• Bulletins / Notices
• Meeting Notices
• DOT Volpe Bi-Monthly Updates
• Document sharing
• Hosted and supported by NMFTA
HVCS List Service
NMFTA HVCS MEETINGS 2018
• May 21st and 22nd – Alexandria, VA
• November 13th and 14th – Alexandria, VA
3429 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Open discussion
Around the Room
What questions or topics would you like to address?
3529 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Closing Remarks
If you are an OEM, supplier or commercial vehicle company,
now is a great time to join Auto-ISAC. Key benefits this year include:
How to get involved: Membership
To learn more about Auto-ISAC Membership,
please contact Kim Kalinyak ([email protected]).
• Real-time Intelligence Sharing
• Intelligence Summaries
• Crisis Notifications
• Member Contact Directory
• Development of Best Practice Guides
• Exchanges and Workshops
• Webinars and Presentations
• Annual Auto-ISAC Summit Event
3629 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Strategic Partnership Programs
INNOVATORPaid Partnership
- Annual investment and
contractual agreement
- Commitment to engage in Auto-
ISAC activities (see next slide)
NAVIGATORSupport Partnership
- Provides guidance and support
- Annual definition of activity
commitments and expected
outcomes (see next slide)
Solutions Providers
For-profit companies that sell
cybersecurity-related connected
vehicle products & services.
Examples: Hacker ONE, SANS
Associations+
Industry associations and others who
want to support and invest in the
Auto-ISAC activities.
Examples: Auto Alliance, ATA
COLLABORATORCoordination Partnership
- May not require a formal
agreement
- Information exchanges and
coordination activities
Others
Government, academia, research,
non-profit orgs with complementary
missions to Auto-ISAC.
Examples: NCI, DHS, NHTSA
Partnership
Not eligible for membership?
Auto-ISAC encourages individuals / organizations to participate on monthly Community Calls and
contribute demos, research, white papers, etc. We are also formalizing three partnership programs:
This document is Auto-ISAC Sensitive and Confidential. 3729 March 2018
Strategic Partnership Programs
Research
Some partners share white papers and research
projects—on threats & vulnerabilities—with our members.
Webinars
We are open to partners presenting at our Community
Town Halls, with audience including members & beyond.
Branding on the Auto-ISAC Website
Partner names and/or logos will be featured on the Auto-ISAC public-facing website.
Community Town Halls
We invite you to monthly calls featuring experts across the
connected vehicle ecosystem.Member Discounts
Some partners promote discounts or special offers for
services (e.g. conferences, software licenses).
Other
We are open to other types of in-kind support (e.g.
training, infrastructure support) based on your expertise.
Intel Sharing
Some partners submit relevant data, insights and papers
addressing threats against the automotive industry.
Annual Executive Call
Our executives will host a call once a year for all Members
and partners to present our strategic goals and priorities.
Summit Booth Priority
Partners will receive priority booth selection at future
Auto-ISAC Summits.
Access to Auto-ISAC Reports
Our partners receive Auto-ISAC TLP Green/White reports and special reports at Auto-ISAC’s discretion.
Ac
tivit
ies
Be
ne
fitsFuture Plans
3829 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Our contact info
Faye FrancyExecutive Director
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20003
703-861-5417
Jacqueline BressBusiness Administrator
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20003
404-966-8510
jacquelinebress@automotiveisac.
com
Kim KalinyakMembership Engagement
Lead
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20003
240-422-9008
Josh PosterProgram Operations
Manager
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20003
3929 March 2018TLP Green: May be shared within the Auto-ISAC Community.
Our contact info
Meredith ShawTransition Support
Booz Allen Hamilton Inc.
901 15th Street Northwest
Washington, DC 20005
703-377-9853
M Michele DavidIntel Coordinator
Booz Allen Hamilton Inc.
901 15th Street Northwest
Washington, DC 20005
Jessica EttsSenior Intel Coordinator
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20003