auto-isac community call€¦ · and building, cyber incident response, scenario design, modeling...
TRANSCRIPT
15 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Hi All,
Please find attached the Weekly Automotive Industry Report covering April 3April 8.
This week’s report includes articles on:
Toyota partnering with Microsoft on a new cloud-based division led by the CIO,
that builds chips for self-driving cars,
Hyundai unveiling its connected vehicle “roadmap,” and,
Toyota planning to open a new autonomous vehicle research center in Michigan.
You can find past reports on site.
Please let me know if you have any questions. Have a great weekend.
Josh
Auto-ISACMonthly Community Call
6 June 2018
Audio: 1-877-885-1087 Code: 9972152385
Skype link: https://meet.ne.bah.com/kalinyak_kim/LC6CPLKH
TLP Green: May be shared within Auto-ISAC Community.
25 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Agenda
Time (ET) Topic
10:00
Welcome
Why we’re here
Expectations for this community
10:10
Auto-ISAC Update
Auto-ISAC overview
Heard around the community
10:20
Featured Speakers
John Foti, Cyber Storm Program Manager
Katie Phillips, Cyber Strom Transportation Lead
Joshua Poster, Program Operations Manager, Automotive ISAC
10:45Around the Room
Sharing around the virtual room
10:55 Closing Remarks
35 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Welcome to our community!
Welcome
Purpose: These monthly Auto-ISAC Community Meetings are an opportunity for you,
our Members and connected vehicle ecosystem stakeholders, to:
Stay informed of Auto-ISAC activities
Share information on key vehicle cybersecurity topics
Participants: Auto-ISAC Members, Potential Members, Partners, Academia, Industry
Stakeholders, and Government Agencies
Classification Level: TLP Green, and “off the record”
Agenda: Each meeting will have three core segments: 1) Auto-ISAC Update: Our operations team will overview key activities, outcomes, and intel trends
2) Featured Speaker: We will invite an industry leader to share relevant topics of interest. Content
featured on the Auto-ISAC Community Call is not considered an endorsement. Speakers are
selected based on their relevant content and experience for the broader community.
3) Closing Remarks: An Auto-ISAC leader will open up for comments and sum up key takeaways
How to Connect: For further info, questions, or to add other POCs to the invite, please
contact Auto-ISAC Membership Engagement Lead Kim Kalinyak
45 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Expectations for this community
Share – “If you see something, say something!”
Submit threat intelligence
Send us information on potential vulnerabilities
Contribute incident reports and lessons learned
Provide best practices around mitigation techniques
Participate
Participate in monthly virtual conference calls (1st Wednesday)
If you have a topic of interest, connect with our Membership Engagement
Lead, Kim Kalinyak – [email protected], to apply for a
speaking opportunity at one of these calls
Join
If your organization is eligible, apply for Auto-ISAC membership
If you aren’t eligible for membership, connect with us as a partner
Welcome
55 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Our 2018 BoD Leadership
Jeff Massimilla
Auto-ISAC
Chairman
General Motors
Tom Stricker
Auto-ISAC Vice
Chairman
Toyota
Mark Chernoby
Auto-ISAC
Treasurer
FCA
Steve Center
Auto-ISAC
Secretary
Honda
Jeff Stewart
Affiliate Advisory
Board Chairman
AT&T
Jeff Stewart
Affiliate Advisory
Board Chair
AT&T
Geoff Wood
Affiliate Advisory
Board Vice Chair
Harman
Bob Kaster
Supplier Affinity Group
Chair
Bosch
2018 AAB
Leadership
65 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC Staff
Auto-ISAC Program Team
Faye Francy, Executive
Director
E:
Josh Poster, Program
Operations Manager
E:
m
Kim Kalinyak, Membership
Engagement Lead
E:
om
Jessica Etts, Senior Intel
Coordinator
E:
m
Julie Kirk, Finance
E:
Heather Rosenker,
Communications
75 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC Counsel
Auto-ISAC Program Team
Denis Cosgrove, Senior
Associate
Meredith Shaw, Transition
Support
Michele David, Intel Lead
[email protected] Tim Lin, Best Practices Lead
Linda Rhodes, Legal Council
[email protected] Ruff, System Admin
85 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC overview
Mission Scope
Serve as an unbiased information broker to
provide a central point of coordination and
communication for the global automotive
industry through the analysis and sharing of
trusted and timely cyber threat information.
Light- and heavy-duty vehicles, commercial
vehicle fleets and carriers. Currently, we are
focused on vehicle cyber security, and
anticipate expanding into manufacturing
and IT cyber related to the vehicle.
900+community members
Membership represents 99%of cars on the road in North America
200+active users
Members from 7 countries
on 3 continents
18 OEM members
Coordination with 23critical infrastructure ISACs
through the National ISAC Council
160+intel reports
200+media mentions
6+ partners
50+speaking
engagements
4 Best Practice
Guides complete,3 more planned
27 supplier &
commercial vehicle members
Auto-ISAC Update
95 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Recent activities
Auto-ISAC Update
What we do
Highlights of key activities in May
Auto-ISAC and BPWG continued developing the Best Practice Guide #5 on Security by
Design
Auto- ISAC launched our new website at AutomotiveISAC.com
Auto-ISAC continued planning our Annual Summit happening in September 2018
Auto-ISAC attended the SANS Automotive Summit in Chicago, IL
105 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC Update
Heard around the community
NMFTA Heavy Vehicle Cyber
Security Workshop
Alexandria, VA (May 21-22)
• Opportunity for Heavy Vehicle
community to understand and
collaborate on connected vehicle cyber
security topics
• Full house of attendees representing all
aspects of the industry
OEMs, Tier 1s, telematics providers
Government agencies,
cybersecurity experts, and leading
academic researchers.
• Topics of discussion included:
Telematics
Electric Vehicle and Charging
Infrastructure cybersecurity
Academic research, projects, and
higher education program initiatives
Auto-ISAC BPWG: Threat Detection &
Protection Guide Kickoff (June 4)
Best Practices for Threat Detection & Protection
include:
• Assess risk and disposition of identified threats
and vulnerabilities using a defined process
consistent with overall risk management
procedures
• Inform risk-based decisions with threat monitoring
to reduce enterprise risk by understanding and
anticipating current and emerging threats
• Identify threats and vulnerabilities through various
means, including routine scanning and testing of
the highest risk areas
• Support anomaly detection for vehicle operations
systems, vehicle services, and other connected
functions, with considerations for privacy
• Outline how the organization manages
vulnerability disclosure from external parties
• Report threats and vulnerabilities to appropriate
third parties based on internal processes
115 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Connect with us at upcoming events:
Autonomous Vehicle World Expo June 5- 7 Stuttgart, Germany
Auto-ISAC Community Call *** June 6 Virtual Telecon
TU-Automotive Cybersecurity Detroit*** June 6- 7 Novi, MI
CyberTruck Challenge *** June 11- 15 Warren, MI
Toor Camp June 20- 24 San Juan Islands, CA
Embedded Security in Cars (ESCAR) June 21- 22 Detroit, MI
Nuit du Hack June 30- July 1 Paris, France
Event outlook
Auto-ISAC Update
For full 2018 calendar, see attached industry and Auto ISAC calendar.
125 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Speaker series overview
Featured Speaker
Why do we feature speakers?
These calls are an opportunity for information exchange
Our goal is to help the vehicle cyber community mature
What does it mean to be featured?
We try to balance perspectives across our ecosystem—including
government, academia, research, industry associations, security solutions
providers—to showcase a rich, balanced variety of topics and viewpoints
throughout the year
Featured speakers are not endorsed by Auto-ISAC
Featured speakers do not speak on behalf of Auto-ISAC
How can I be featured?
If you have a topic of interest you would like to share with the
broader Auto-ISAC Community, then we encourage you to contact
our Membership Engagement Lead, Kim Kalinyak
PRE-DECISIONAL DRAFT – NOT FOR PUBLIC DISSEMINATION
CS VI Presenter Bios
Mr. John Foti
Senior Associate on Booz Allen’s Wargame and
Exercise Team with more than 16 years of
wargaming experience
Supported DHS National Cyber Exercises since
Cyber Storm I in 2006; specializing in all aspects of
exercise design and execution, including facilitation
and program management
Managed exercise engagements for a wide variety
of Booz Allen’s commercial, civil, and defense
clients. Support has spanned the full range of small
seminars to full-scale distributed wargames and
exercises
Expertise includes recruiting, relationship creation
and building, cyber incident response, scenario
design, modeling and simulation, facilitation,
evaluation, analysis, improvement planning, and
implementation
Ms. Katie Phillips
Lead Associate on Booz Allen’s Wargame and
Exercise Team with more than 11 years of
wargaming experience
Supported DHS National Cyber Exercises since
Cyber Storm II in 2008; specializing in overall project
management, exercise design, critical infrastructure
integration, and exercise evaluation
Led Transportation Community for CS VI
Supported and led exercise engagements for a broad
range of Booz Allen’s Federal Government and
commercial clients, spanning from exercise program
design and stand-up, large-scale multi-organization
events, and individual organizational exercises from
operator-level drills to executive-level simulations
National Cyber Security Division
National Cyber Exercise:
Cyber Storm VI (CS VI)
CS VI Exercise RecapAutomotive ISAC Meeting
John Foti – Cyber Storm Program Manager
Katie Phillips – CS VI Transportation Lead
June 6, 2018
TLP:GREENThis document is marked TLP:GREEN. Limited disclosure, restricted to the community. Sources may use TLP:GREEN when information is useful for the
awareness of all participating organizations as well as with peers within the broader community or sector. Recipients may share TLP:GREEN information with
peers and partner organizations within their sector or community, but not via publicly accessible channels. Information in this category can be circulated widely
within a particular community. TLP:GREEN information may not be released outside of the community. For more information on the Traffic Light Protocol, see
http://www.us-cert.gov/tlp.
155 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Cyber Storm Exercise Series Overview
15
The Department of Homeland Security’s (DHS) biennial capstone cyber exercise.
Each CS exercise includes the participation of 1,000+ distributed players and takes
place over the course of a week (3+ live days of exercise play)
Builds upon the outcomes of
previous exercises and
changes to the cybersecurity
landscape
Continually evaluates and
improves the capabilities of
the cyber response
community
Promotes public-private
partnerships and
strengthens relationships
between the Federal
Government and partners
Integrates new critical
infrastructure partners into
each iteration to promote
maturation and integration
The exercise series:
2006
CYBER STORM I CYBER STORM II CYBER STORM III CYBER STORM IV CYBER STORM V
2008 2010 2011-13 2016
CYBER STORM VI
2018
165 June 2018TLP Green: May be shared within the Auto-ISAC Community.
CS VI Goal and Objectives
16
Goal: Strengthen cybersecurity preparedness and response capabilities by
exercising policies, processes, and procedures for identifying and responding to a
multi-sector cyber attack targeting critical infrastructure
Exercise Objectives
Exercise the coordination
mechanisms and evaluate
the effectiveness of the
National Cyber Incident
Response Plan (NCIRP) in
guiding response
Assess information sharing
to include thresholds, paths,
timeliness, usefulness of
information shared, and
barriers to sharing both
internally and externally
within the cyber incident
response community
Continue to examine the role,
functions, and capabilities of
DHS as the Department
coordinates with impacted
entities during a cyber event
Provide a forum for exercise
participants to exercise,
evaluate, and improve the
processes, procedures,
interactions, and information
sharing mechanisms within
their organization or
community of interest
175 June 2018TLP Green: May be shared within the Auto-ISAC Community.
CS VI Highlights
Between April 10 – April 12, 2018, thousands of globally-distributed players simulated live play response to a significant cyber incident
• Nearly 100 Controllers participated from Exercise Control (ExCon);
• ExCon distributed over 1,400 pre-scripted injects in addition to hundreds of dynamic injects developed during live play; and
• Looking Glass, the exercise website and simulated media environment, tallied more than 48,000 page views during play.
The exercise assessed cybersecurity preparedness; examined incident response processes, procedures, and information sharing; and identified areas for improvement
Participants found that the exercise scenario and mechanics generated robust play and allowed participants to achieve objectives
17
185 June 2018TLP Green: May be shared within the Auto-ISAC Community.
CS VI Automotive Participants
Federal
Components of the Department of Transportation (DOT) and the National Highway Traffic Safety Administration (NHTSA)
Private Industry
Six full-playing and one
observing Light- and
Heavy-Duty Vehicle
OEMs
Two observing Light-
and Heavy-Duty Vehicle
Suppliers
Coordination Bodies
Automotive ISAC
Within organizations, exercise players represented communications/ public affairs,
customer care/call centers, cyber threat intelligence, product cybersecurity, leadership,
legal counsel, incident response, regulatory/compliance, and security operations center
functions
195 June 2018TLP Green: May be shared within the Auto-ISAC Community.
CS VI Scenario and Play
19
The CS VI core scenario
resulted from a vulnerability
in an embedded
microprocessor used in a
wide variety of traditional and
non-traditional IT devices.
A microprocessor is a
computer “brain” on a
microchip and they are
pervasive across all types of
technologies and products.
The attack against the
underlying processor
technology allowed for
compromises to firmware
and software running on
these devices.
Multiple adversary groups
used the common
vulnerability to develop
and deliver exploits
targeting exercise
participants.
These attacks and
exploits caused
widespread impacts
across multiple
industries, and rapidly
rose to a level of national
significance.
Automotive participants
played response to
issues caused by a
common compromised
third party device.
205 June 2018TLP Green: May be shared within the Auto-ISAC Community.
CS VI Dynamic Media Simulation
CS VI integrated a simulated and dynamically-updated traditional media and social media platform (Looking Glass) to replicate the customer and public components of an incident
The platform also hosted simulated “adversary sites” that supported threat intelligence and investigatory objectives
It provided a no-fault learning environment to practice strategies that support this aspect of response
20
Social Media
Traditional Media
Adversary Activities
215 June 2018TLP Green: May be shared within the Auto-ISAC Community.
DRAFT High-Level Exercise Findings
21
The cyber attack landscape continues to expand. Attacks that impacted non-traditional IT devices, such as operational technology (OT), highlighted gaps inpeople, process, and technology; altered the nature of the cyber incidentresponse lifecycle; and emphasized the need for specialized planning andresponse considerations that support a more comprehensive view of threats.
Traditional and social media continue to drive awareness of cyber incidents,and are also becoming an increasingly significant component of response. Theability to quickly and effectively engage with customers, stakeholders, and thepublic; promote accurate information over rumor or misinformation; andsupport efforts to minimize negative brand impact contribute to overallresponse
The National Cyber Incident Response Plan provides a framework for federalcoordination but provides for limited linkages to critical infrastructure and theprivate sector in the early phases of response. This gap creates uncertaintyamong and within critical infrastructure sectors and may lead to delays orinconsistencies in response.
Trusted and established information sharing paths proved to be the mosteffective during exercise play. Participants who understood their availableresources both internally and externally could verify and share data moreeffectively.
225 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Automotive-Specific Insights
22
CS VI highlighted the importance of continuing to promote cyber awareness and improve cyber sophistication across
the industry and within individual organizations
Organizations found that communications requirements are immediate and brand impact is a key component throughout
cyber incident response efforts
CS VI promoted public-private interaction and improved awareness and familiarity. It also highlighted communication gaps, and
perhaps opportunities for cyber-specific information sharing and improvement
Planning and execution strengthened relationships among automotive
participants who discussed opportunities for further collaboration and additional exercises (to expand participant set,
exercise long-term recovery, etc.)
General Takeaways
235 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Questions or Comments
23
245 June 2018TLP Green: May be shared within the Auto-ISAC Community.
CS VI Points of Contact
24
Cyber Storm Support to National Cyber
Exercise and Planning Program (NCEPP)
703-902-5865
John Foti
Chief, National Cyber Exercise and
Planning Program (NCEPP)
703-235-5271
Jennine Gilbeau
Cyber Storm VI Lead, National Cyber
Exercise and Planning Program (NCEPP)
703-235-5020
Gary Benedict
Cyber Storm Mailbox: [email protected]
Cyber Storm Support to National Cyber
Exercise and Planning Program (NCEPP)
817-845-8183
Katie Phillips
255 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Open discussion
Around the Room
What questions or topics would you like to address?
265 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Closing Remarks
If you are an OEM, supplier or commercial vehicle company,
now is a great time to join Auto-ISAC. Key benefits this year include:
How to get involved: Membership
To learn more about Auto-ISAC Membership,
please contact Kim Kalinyak ([email protected]).
• Real-time Intelligence Sharing
• Intelligence Summaries
• Crisis Notifications
• Member Contact Directory
• Development of Best Practice Guides
• Exchanges and Workshops
• Webinars and Presentations
• Annual Auto-ISAC Summit Event
275 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Strategic Partnership Programs
NAVIGATORSupport Partnership
- Provides guidance and
support
- Annual definition of
activity commitments
and expected outcomes
- Provides guidance on
key topics / activities
INNOVATORPaid Partnership
- Annual investment
and agreement
- Specific commitment
to engage with ISAC
- In-kind contributions
allowed
COLLABORATORCoordination
Partnership- “See something, say
something”
- May not require a formal
agreement
- Information exchanges-
coordination activities
BENEFACTORSponsorship
Partnership - Participate in monthly
community calls
- Sponsor Summit
- Network with Auto
Community
- Webinar / Events
Solutions
Providers
For-profit companies that
sell connected vehicle
cybersecurity products &
services.
Examples: Hacker ONE,
SANS, IOActive
Affiliations
Government, academia,
research, non-profit orgs
with complementary
missions to Auto-ISAC.
Examples: NCI, A-ISAC,
DHS, NHTSA
Community
Companies interested in
engaging the automotive
ecosystem and supporting
- educating the community.
Examples: Summit
sponsorship –
key events
Associations
Industry associations and
others who want to
support and invest in the
Auto-ISAC activities.
Examples: Auto Alliance,
Global Auto, ATA
Strategic Partners
This document is Auto-ISAC Sensitive and Confidential. 285 June 2018
Strategic Partnership Programs
Research
Some partners share white papers and research
projects—on threats & vulnerabilities—with our members.
Webinars
We are open to partners presenting at our Community
Town Halls, with audience including members & beyond.
Branding on the Auto-ISAC Website
Partner names and/or logos will be featured on the Auto-ISAC public-facing website.
Community Town Halls
We invite you to monthly calls featuring experts across the
connected vehicle ecosystem.Member Discounts
Some partners promote discounts or special offers for
services (e.g. conferences, software licenses).
Other
We are open to other types of in-kind support (e.g.
training, infrastructure support) based on your expertise.
Intel Sharing
Some partners submit relevant data, insights and papers
addressing threats against the automotive industry.
Annual Executive Call
Our executives will host a call once a year for all Members
and partners to present our strategic goals and priorities.
Summit Booth Priority
Partners will receive priority booth selection at future
Auto-ISAC Summits.
Access to Auto-ISAC Reports
Our partners receive Auto-ISAC TLP Green/White reports and special reports at Auto-ISAC’s discretion.
Ac
tivit
ies
Be
ne
fitsFuture Plans
295 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Our contact info
Faye FrancyExecutive Director
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20003
703-861-5417
Kim KalinyakMembership Engagement
Lead
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20003
240-422-9008
Josh PosterProgram Operations
Manager
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20003
305 June 2018TLP Green: May be shared within the Auto-ISAC Community.
Our contact info
Meredith ShawTransition Support
Booz Allen Hamilton Inc.
901 15th Street Northwest
Washington, DC 20005
703-377-9853
M Michele DavidIntel Coordinator
Booz Allen Hamilton Inc.
901 15th Street Northwest
Washington, DC 20005
Jessica EttsSenior Intel Coordinator
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20003