auto-isac community call...2018/05/02 · tlp green: may be shared within the auto-isac community....
TRANSCRIPT
11 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Hi All,
Please find attached the Weekly Automotive Industry Report covering April 3April 8.
This week’s report includes articles on:
Toyota partnering with Microsoft on a new cloud-based division led by the CIO,
that builds chips for self-driving cars,
Hyundai unveiling its connected vehicle “roadmap,” and,
Toyota planning to open a new autonomous vehicle research center in Michigan.
You can find past reports on site.
Please let me know if you have any questions. Have a great weekend.
Josh
Auto-ISAC
Monthly Community Call
7 February 2018
1-877-885-1087 Code: 9972152385
TLP Green: May be shared within Auto-ISAC Community.
21 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Agenda
Time (ET) Topic
10:00
Welcome
➢ Why we’re here
➢ Expectations for this community
10:10
Auto-ISAC Update
➢ Auto-ISAC overview
➢ Heard around the community
10:20
Featured Speakers
➢ Dirk Schlimm, Executive Vice President, and Mike Branch, Vice
President of Business Intelligence, Geotab Inc.
10:45Around the Room
➢ Sharing around the virtual room
10:55 Closing Remarks
31 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Welcome to our community!
Welcome
Purpose: These monthly Auto-ISAC Community Meetings are an opportunity for you,
our Members and connected vehicle ecosystem stakeholders, to:
✓ Stay informed of Auto-ISAC activities
✓ Share information on key vehicle cybersecurity topics
Participants: Auto-ISAC Members, Potential Members, Partners, Academia, Industry
Stakeholders, and Government Agencies
Classification Level: TLP Green, and “off the record”
Agenda: Each meeting will have three core segments: 1) Auto-ISAC Update: Our operations team will overview key activities, outcomes, and intel trends
2) Featured Speaker: We will invite an industry leader to share relevant topics of interest. Content
featured on the Auto-ISAC Community Call is not considered an endorsement. Speakers are
selected based on their relevant content and experience for the broader community.
3) Closing Remarks: An Auto-ISAC leader will open up for comments and sum up key takeaways
How to Connect: For further info, questions, or to add other POCs to the invite, please
contact Auto-ISAC Membership Engagement Lead Kim Kalinyak
41 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Expectations for this community
Share
❖ Submit threat intelligence
❖ Send us information on potential vulnerabilities
❖ Contribute incident reports and lessons learned
❖ Provide best practices around mitigation techniques
Participate
❖ Participate in monthly virtual conference calls (1st Wednesday)
❖ If you have a topic of interest, connect with our Program Manager to apply
for a speaking opportunity at one of these calls
Join
❖ If your organization is eligible, apply for Auto-ISAC membership
❖ If you aren’t eligible for membership, connect with us as a partner
Welcome
51 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Our 2018 BoD Leadership
Jeff Massimilla
Auto-ISAC
Chairman
General Motors
Tom Stricker
Auto-ISAC Vice
Chairman
Toyota
Mark Chernoby
Auto-ISAC
Treasurer
FCA
Steve Center
Auto-ISAC
Secretary
Honda
Jeff Stewart
Affiliate Advisory
Board Chairman
AT&T
Business Updates
Jeff Stewart
Affiliate Advisory
Board Chair
AT&T
Geoff Wood
Affiliate Advisory
Board Vice Chair
Harman
Bob Kaster
Supplier Affinity Group
Chair
Bosch
2018 AAB
Leadership
This document is Auto-ISAC Sensitive and Confidential. 61 February 2018
Staff
Auto-ISAC Program Team
Faye Francy, Executive
Director
m
Denis Cosgrove, Senior
Associate
Michele David, Intel Lead
Keri Barber, Operations
Manager and Transition
Support
Tim Lin, Best Practices Lead
Meredith Shaw, Program
Manager and Transition
Support
Jacqueline Bress, Business
Administrator
E.
jacquelinebress@automotiveisa
c.com
Pat Ruff, System Admin
Linda Rhodes, Legal Council
Kim Kalinyak,, Membership
Engagement Lead
E:
m
Heather Rosenker, Marketing
E:
Julie Kirk, Finance
Business Updates
71 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC overview
Mission Scope
Serve as an unbiased information broker to
provide a central point of coordination and
communication for the global automotive
industry through the analysis and sharing of
trusted and timely cyber threat information.
Light- and heavy-duty vehicles, commercial
vehicle fleets and carriers. Currently, we are
focused on vehicle cyber security, and
anticipate expanding into manufacturing
and IT cyber related to the vehicle.
900+community members
Membership represents 99%of cars on the road in North America
200+active users
Members from 7 countries
on 3 continents
16 OEM members
Coordination with 23critical infrastructure ISACs
through the National ISAC Council
160+intel reports
200+media mentions
6+ partners
50+speaking
engagements
4 Best Practice
Guides complete,3 more planned
24 supplier &
commercial vehicle members
Auto-ISAC Update
81 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Recent activities
Auto-ISAC Update
What we do
Highlights of key activities in January
✓ Auto-ISAC Board of Directors moved to approve Best Practice Guide #4 on Risk
Management for TLP Amber Release; Working on TLP White release of first 2 guides
✓ Auto-ISAC and BPWG planned for execution of Best Practice Guide #5 on Security by
Design
✓ Held an in-person Auto-ISAC Member Analyst Workshop and our first 2018 Board of
Directors Meeting in Detroit, MI
✓ Held a Auto-ISAC member-driven panel discussion at CES in Las Vegas, NV
This document is Auto-ISAC Sensitive and Confidential. 91 February 2018
Auto-ISAC at CES
Business Updates
On January 11, members of Auto-ISAC held a panel discussion at CES in Las Vegas, NV on
cybersecurity and the automotive industry. The panel participants provided an overview of
Auto-ISAC and discussed cybersecurity threats and how
the automotive industry is working to detect and prevent such attacks.
SPEAKERS
Kevin Baltes, GM
Geoff Wood, Harman
Adam Pranter, FBI
Matan Scharf, cycuro, Ltd
This panel was part of a Vehicle Technology Track for which CES participants
paid $400 to attend three sessions. Over 245 people attended and the event was
live streamed through the CES website. Great feedback and potential members!
101 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC at SAE
Vehicle Cybersecurity Workshop SAE Government – Industry Meeting
Auto-ISAC Update
Auto 2050: Hosted by Auto-Alliance. Technology Innovation and People Talks and Jeff
Massimilla, GM, Denis Cosgrove, BAH and Faye Francy did a panel discussion on Auto-ISAC.
• Over 300 Attendees
• Brought together experts from critical
infrastructure sectors and government
agencies responsible for cyber physical
systems (CPS), including leading CPS
thinkers from:
• Information Technology
• Industrial Control Systems
• Internet of Things
• Platform Information Technology
• Embedded systems
Cybersecurity Session led by Art Carter,
NHTSA and Faye Francy which discussed
• the way OEMs work to thwart the threat
from GM’s approach,
• Auto-ISAC Best Practices
• NIST and National Cybersecurity Center
of Excellence (NCCoE)
• Johns Hopkins Applied Physics Lab to
the American Center for Mobility.
111 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Connect with us at upcoming events:
Auto-ISAC Community Call Feb. 7 Virtual Telecon
RVIA Conference Feb. 12-15 Palm Desert, CA
Advanced Autonomous Drive Conference Feb. 13- 14 San Francisco, CA
Munich Security Conference Feb. 16- 18 Munich, Germany
nullcon Feb. 27- Mar. 3 Goa, India
VDA Technischer Kongress 2018 Feb. 27-28 Berlin, Germany
CyberStorm Final Planning Meeting Feb. 28- Mar. 1 Washington, DC
Auto-ISAC Community Call Mar. 7 Virtual Telcon
Event outlook
Auto-ISAC Update
For full 2018 calendar, see attached industry and Auto ISAC calendar.
121 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Speaker series overview
Featured Speaker
Why do we feature speakers?
❖ These calls are an opportunity for information exchange
❖ Our goal is to help the vehicle cyber community mature
What does it mean to be featured?
❖ We try to balance perspectives across our ecosystem—including
government, academia, research, industry associations, security solutions
providers—to showcase a rich, balanced variety of topics and viewpoints
throughout the year
❖ Featured speakers are not endorsed by Auto-ISAC
❖ Featured speakers do not speak on behalf of Auto-ISAC
How can I be featured?
❖ If you have a topic of interest you would like to share with the
broader Auto-ISAC Community, then we encourage you to contact
our Membership Engagement Lead, Kim Kalinyak
131 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Welcome to today’s speakers
Featured Speaker
Abstract: This presentation will introduce an approach for security governance underpinning such an
ecosystem, the *neutral vehicle*, and provide a preview of how transportation data analytics will become
the essential building block of smart communities.
For more information on our speakers, please see the attached document.
Dirk Schlimm is EVP and member of the Advisory Board at Geotab Inc.
Dirk oversees legal and policy frameworks for data privacy, data usage and
data access as a source of innovation and value in the connected car
ecosystem, has responsibility for business development in Europe, and chairs
the Neutral Vehicle Working Group. He is the author of the white
paper Keeping the Connected Car Connected.
Mike Branch is the Vice President of Business Intelligence at Geotab and
leads the charge for developing solutions that enable insight from the over 2
billion telematics records that Geotab processes on a daily basis. Mike joined
the Geotab team in 2016, and prior to that was the CEO of Inovex Inc. -- a
software development company he founded in 2003 with expertise in the
healthcare and energy sectors. Branch has been honoured with the University
of Toronto Arbor Award and Early Career Award, Professional Engineers of
Ontario Engineering Medal, Engineers Canada Young Engineer Award, and has
been inducted into Hillfield Strathallan College's Hall of Excellence.
Keeping the Connected Car Connected-
Dirk SchlimmGeotab
A Multi-Stakeholder Approach toConnectivity, Security, and Innovation
14
Visit www.neutralvehicle.com
Why Are We Talking About This?
Photo: books.google.ca
“Just because you're paranoid,
doesn’t mean they are not
out to get you.”
Joseph Heller
15
Visit www.neutralvehicle.com
Plenty of Reason to Be Paranoid About the Future of Transportation in the Digital Economy!
1. Data is the new “everything”.
2. Data-driven business models and innovation are the future.
3. In the commercial space, the “connected car” is a reality (and has been for the past 15+ years).
16
Visit www.neutralvehicle.com
In the Commercial Space, the Connected Vehicle via OBD Data Link is a Reality.
1. Geotab alone connects 950,000+
comm/leasing/gov vehicles from
small to global mega-fleets
2. Essential for fleet safety and
operations, deeply integrated
into the business.
3. ELD, gov, smart communities are
the next wave
4. Increasingly global: US, EU ++
Fleet Safety
Operations
Productivity
Compliance
Air Quality
Road Safety
Traffic
And more
17
Visit www.neutralvehicle.com
Commercial + “Next Wave” Customers Demand:
1. Mixed fleet capability
2. Real time data
3. High quality, rich data sets - *efficiently* delivered (in-vehicle processing)
4. Integration of a host of services
5. Innovative use cases
6. Competitive offerings
7. Security
8. Privacy features (EU - GDPR)
Today’s interoperable (“open”) OBD data link adds economic, innovative and social value. 18
Visit www.neutralvehicle.com
*Actively* engaged with security community to advance security and optimize value
for all stakeholders (avoid unintended consequences of security approaches).19
Visit www.neutralvehicle.com
The Idea of “Disconnecting”/Isolating* the Car Has Created Huge Concern
1. Challenges entrenched notion of car “ownership”.
2. Would disable current, advanced fleet management practice
3. Impedes competition, innovation, and consumer choice
4. AND: Would affect the data economy as a whole - not just vehicle owners - e.g. smart communities and *public use cases*
EU regulators have become especially active (transportation, digital, competition, SME, … touches all departments!). Latest “Type Approval” revision (in draft) calls for real time data access via OBD.
*i.e. Single brand connected car, ”extended vehicle” w/o in-vehicle processing in the name of security, privacy, or for other reasons.
20
Visit www.neutralvehicle.com
Data AND Collaboration Is the Future
1. Commercial vehicle space shows today what “smart” customers, government and communities will demand (mixed fleet, in-vehicle processing).
2. When competing with new entrants, an “open” transportation ecosystem/sector leverages the installed base and existing auto-industry expertise as a whole (vs single brand only).
3. Collaboration among ALL transportation stakeholders will enable/strengthen security practices and governance (and root out substandard products)
Requires vehicle “design for” interoperability and security.
21
Visit www.neutralvehicle.com
Getting to Work: www.neutralvehicle.com
1. Multi-stakeholder initiative for open & secure connected vehicles.
2. Well received by security community, fleets, leasing, government & others.
3. *Concrete* but not married to a single approach/solution - allows for competing solutions.
4. To include security certification to a public standard and open to independent security/privacy governance.
22
Visit www.neutralvehicle.com
One Final Thought.
“The most ambitious goals can only
be achieved through teamwork.”
Jon Katzenbach
Photo: strategy& - Katzenbach Center
23
The Building Blocks of Smart Communities
Mike BranchGeotab
Innovation in Transportation Data Analytics that Power Today’s Communities
24
Visit www.neutralvehicle.com
The Time is Now Communities are Reinventing Themselves
25
Smart City Initiatives Across the
Globe are building from the
“Internet Up”
Visit www.neutralvehicle.com
Transportation Data can Impact the WholeCommunity
26Environment Operations Public Safety Infrastructure Mobility
Visit www.neutralvehicle.com
What types of Decisions are Enabled?
27
Edge
Decisions
Cloud
Decisions
Instantaneous Reaction Needed
Am I following too closely?
Should I slam on the brakes?
Is there a pedestrian about to cross the street?
Near Real-time is Sufficient
Is there poor visibility up ahead?
Should I re-route due to an accident ahead?
Should I ride-share in 5 km?
Do I have an air quality issue?
Visit www.neutralvehicle.com
28
The Data Already Exists.
At Scale. Beyond “The Car”.
Visit www.neutralvehicle.com
Environment
29
Data and analytics to monitor
and act on community air
quality issues.
Visit www.neutralvehicle.com
Infrastructure
30
Data and analytics to help
communities design more
liveable cities and adapt to
changing mobility patterns.
Visit www.neutralvehicle.com
Public Safety
31
Data and analytics to help
identify persistent and
spontaneous road safety
issues.
Visit www.neutralvehicle.com
Operations
32
Data and analytics to help
communities prioritize
operational activity throughout
the city.
Visit www.neutralvehicle.com
Mobility
33
Data and analytics to allow
effective movement of
vehicles in communities.
Visit www.neutralvehicle.com
Data Challenges for Smart Communities
34
1. Thriving communities will be built on data. Communities will
be handcuffed to innovate and provide essential services if
data isn’t open.
2. Maintaining strong privacy standards whilst still enabling
smart community innovation.
3. Enabling ubiquitous insight for communities through strong
partnerships. The whole is better than the sum if its parts.
351 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Open discussion
Around the Room
What questions or topics would you like to address?
361 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Closing Remarks
If you are an OEM, supplier or commercial vehicle company,
now is a great time to join Auto-ISAC. Key benefits this year include:
How to get involved: Membership
To learn more about Auto-ISAC Membership,
please contact Kim Kalinyak ([email protected]).
• Real-time Intelligence Sharing
• Intelligence Summaries
• Crisis Notifications
• Member Contact Directory
• Development of Best Practice Guides
• Exchanges and Workshops
• Webinars and Presentations
• Annual Auto-ISAC Summit Event
371 February 2018TLP Green: May be shared within the Auto-ISAC Community.
How to get involved: Partners
“Strategic Partner”Paid Partnership
- Contractual agreement
- Commitment to engage in at least
one activity (see next slide)
and/or 15K investment
“Navigator”Support Partnership
- Mutually-supportive agreement
- Annual definition of activity
commitments and expected
outcomes (see next slide)
If you are not currently eligible for Auto-ISAC Membership, we encourage you
to consider getting involved in Auto-ISAC as a Strategic Partner.
Vendors
For-profit companies that sell
cybersecurity-related connected
vehicle products & services.
Examples: Kaspersky, SANS
Associations
Industry associations related to the
connected vehicle ecosystem.
Examples: Auto Alliance, NAFA
“Collaborator”Coordination Partnership
- May not require a formal
agreement
- Information exchanges and
coordination activities
Other
Government, academia, research,
non-profit orgs with complementary
missions to Auto-ISAC.
Examples: UMTRI, NHTSA
Closing Remarks
381 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Strategic Partnership Programs
INNOVATOR
Paid Partnership
- Annual investment and
contractual agreement
- Commitment to engage in Auto-
ISAC activities (see next slide)
NAVIGATOR
Support Partnership
- Provides guidance and support
- Annual definition of activity
commitments and expected
outcomes (see next slide)
Solutions Providers
For-profit companies that sell
cybersecurity-related connected
vehicle products & services.
Examples: Hacker ONE, SANS
Associations+
Industry associations and others who
want to support and invest in the
Auto-ISAC activities.
Examples: Auto Alliance, ATA
COLLABORATOR
Coordination Partnership
- May not require a formal
agreement
- Information exchanges and
coordination activities
Others
Government, academia, research,
non-profit orgs with complementary
missions to Auto-ISAC.
Examples: NCI, DHS, NHTSA
Partnership
Not eligible for membership?
Auto-ISAC encourages individuals / organizations to participate on monthly Community Calls and
contribute demos, research, white papers, etc. We are also formalizing three partnership programs:
This document is Auto-ISAC Sensitive and Confidential. 391 February 2018
Strategic Partnership Programs
Research
Some partners share white papers and research
projects—on threats & vulnerabilities—with our members.
Webinars
We are open to partners presenting at our Community
Town Halls, with audience including members & beyond.
Branding on the Auto-ISAC Website
Partner names and/or logos will be featured on the Auto-ISAC public-facing website.
Community Town Halls
We invite you to monthly calls featuring experts across the
connected vehicle ecosystem.Member Discounts
Some partners promote discounts or special offers for
services (e.g. conferences, software licenses).
Other
We are open to other types of in-kind support (e.g.
training, infrastructure support) based on your expertise.
Intel Sharing
Some partners submit relevant data, insights and papers
addressing threats against the automotive industry.
Annual Executive Call
Our executives will host a call once a year for all Members
and partners to present our strategic goals and priorities.
Summit Booth Priority
Partners will receive priority booth selection at future
Auto-ISAC Summits.
Access to Auto-ISAC Reports
Our partners receive Auto-ISAC TLP Green/White reports and special reports at Auto-ISAC’s discretion.
Ac
tivitie
sB
en
efits
Future Plans
401 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Our contact info
Faye FrancyExecutive Director
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20001
703-861-5417
Jacqueline BressBusiness Administrator
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20001
404-966-8510
jacquelinebress@automotiveisac.
com
Kim KalinyakMembership Engagement
Lead
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20001
240-422-9008
411 February 2018TLP Green: May be shared within the Auto-ISAC Community.
Our contact info
Meredith ShawProgram Manager
Booz Allen Hamilton Inc.
901 15th Street Northwest
Washington, DC 20005
703-377-9853
Shaw_MeredithKeri Barber
Operations Manager
Booz Allen Hamilton Inc.
901 15th Street Northwest
Washington, DC 20005
202-340-8308
M Michele DavidIntel Coordinator
Booz Allen Hamilton Inc.
901 15th Street Northwest
Washington, DC 20005