automotive cyber security monique lance, marketing ......supply chain october 2017 argus cyber...
TRANSCRIPT
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
Automotive Cyber Security
Monique Lance, Marketing Director
October, 2017
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
2
YouTube
Car Hacked on 60 Minutes
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
Just Two Years Away – 100s Millions Connected Cars
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
4
Cyber Ransom − WannaCry for Cars
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
5
The Threats − Possible Scenarios
• Unlock doors
• Bypass immobilizer
Car theft
• Eavesdrop
• Track GPS location
• Steal personal data
Invasion of privacy
• Pranks- blinking leds, sounds, adjusting mirrors
• False readings –speedometer, fuel gauge, GPS navigation
• Cyber ransom
Minor crimes Compromise Safety
• Kill engines
• Accelerate
• Disable brakes
• Tighten seat belts
• Take control of steering wheels
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
6
Multiple Penetration Vectors
Telematics & Cellular Devices
Bluetooth V2X OBD II WiFi
Infotainment
Supply Chain
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
7
We Have Only Just Begun
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
8
Preventing a Fleet-Wide Hack Top Priority, July 2017
“My top concern from a security standpoint at Tesla is making sure
that a fleet wide hack or any vehicle specific hack can’t occur.”
“…hack all the autonomous
Teslas, …that would be the
end of Tesla”
Source: https://electrek.co/2017/07/17/tesla-fleet-hack-elon-musk/
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
9
Avg. Life of a Car Much Longer than Mobile or PC
PRODUCTIONCONCEPT/DESIGN FREEZE ON THE ROAD
AUTOMOTIVE CYBER SECURITY SOLUTIONS NEED TO EXTEND BEYOND 20 YEARS
Source:https://www.statista.com
11 YEARS3.4 YEARS2.7 YEARS
TIME IN USE:
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
10
Autonomous Cars Bring Even Greater Risks
OEM & MOBILITY PROVIDERS LIABLE!!
INCREASE RISK TO MOTORIST & PUBLIC SAFETYCONSUMER ADOPTION
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
11
Make it as hard as
possible to attack
Prevent
Know you are
being hacked and
how, in real time
Understand
Mitigate the
damage and
immunize the
fleet in hours
Respond
Automotive Cyber Security – End-to-End Approach
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
12
Prevent
ECU Protection
In-Vehicle Network Protection
Infotainment & Telematics Protection
In-Vehicle
Out-of-Vehicle
Lifespan Protection
Aftermarket Protection
PreventMaximum Prevention – Security in Depth
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
Understand
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
14
OEM SOC
Ongoing Over The Air Security Updates
OEM SOC
OEM SOC
OEM SOC
SOC
Respond
Ongoing Monitoring & Mitigation
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
15
CONCEPT
Threat analysis
PRODUCTION
Code review Penetration testing
Vulnerability analysis
DESIGN & DEVELOPMENT
RequirementsRisk assessment
ON THE ROAD
Cyber Health ManagementIncident Response
SOC
Cyber Security Management System
Cyber Threat Intelligence
Training
Holistic Approach
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
16
In-Vehicle Solutions
Cloud Management Console Offline analysis in the cloud
Forensics
New configuration
Update the fleet
Collection of
information from the vehicle
Secure communication –encrypted and authenticated
Initial Config
Dynamic Protection
NVIDIA DRIVE PX
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
17
Work with Automotive Cyber Security Experts
↘ Think like hackers
↘ Benefit from experience in cyber security across multiple disciplines and regions
↘ Fluent in multiple automotive architectures, protocols, standards and use cases
↘ Making a cyber safer design
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
18
US Government
UK Government
Japanese government
European Commission
Industry best practices
“When…new…systems…[are deployed],
ensuring “security as a quality feature” is a
prerequisite…the Government
will…establish comprehensive guidelines and
standards for IoT…security, including
[for]…automotive… and other relevant
industries.”
Government and Industry Become Proactive
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
19
Argus - The Global Leader in Automotive Cyber Security
5 Offices Worldwide
ONE STOP SHOP
AUTOMOTIVE & CYBER EXCELLENCE
Prevent | Understand | Respond
WORLDWIDE PRESENCE
TRUSTED ADVISORY SERVICES50,000 Research Hours
35 Granted & Pending Patents
WORKING WITH WORLD’S MAJOR OEMS & TIER 1s
Embedded software, Mobile communication, Critical infrastructure, IT & Networks
Senior executives: GM, FCA, DaimlerOver 3 decades in automotive, Electrical engineering
Cyber:
Automotive:
PARTNERING WITH INDUSTRY LEADERS
Continental, Elektrobit, Magna, Qualcomm, Infineon, Intel, Check Point, NXP, ST Micro, Wind River
Ranked 1st in Third-Party Evaluations!
MULTI-LAYERED SOLUTIONS
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
20
↘ The threat is real today and will be greater in the future
↘ Major impact on: passenger and public safety, brand name, management liability and shareholders
↘ Automotive industry faced with new challenges far beyond traditional core competences
↘ Affects most work processes across the organization
↘ Legislation imminent
Summary
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
Automotive Industry Gears Up for Battle
“It’s not a question of if our industry will see aserious cyber incident but when”
Jeff Massimilla, VP Vehicle Safety and Product Cybersecurity, General Motors
October 2017 Argus Cyber Security Ltd. Proprietary and Confidential
www.argus-sec.com
THANK YOU!