cybersecurity challenges at volvo group · volvo group trucks technologyvolvo group daniel...
TRANSCRIPT
Cybersecurity challenges at Volvo GroupAutosec FFI conference 2019-10-10
Daniel Karlsson
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
2
Vehic
le s
ophis
tication
EE
arc
hitectu
re c
om
ple
xity
Att
ack b
en
efits
Att
ack s
urf
ace
s
Autosec FFI conference, 2019-10-10
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
3
Mechanics
Battery, cables, switches, light bulbs, radio
Insignificant
Cable cut
Tampered radio signal
Vehic
le s
ophis
tication
EE
arc
hitectu
re c
om
ple
xity
Att
ack b
en
efits
Att
ack s
urf
ace
s
Autosec FFI conference, 2019-10-10
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
4
Electronics
Buses
ECUs
SW controlled sensing
and actuation
Cable cut
Tampered radio signal
CAN buses
OBD port
Data on wireless interfaces
Vehic
le s
ophis
tication
EE
arc
hitectu
re c
om
ple
xity
Att
ack b
en
efits
Att
ack s
urf
ace
s
Master/Gateway
ECU ECU ECU
Sub-ECU
Sub-ECU
Master/Gateway
Master/Gateway
Master/Gateway
Subsystem/subnet
manipulation and control
Access to confidential
subsystem data
Autosec FFI conference, 2019-10-10
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
5
Data centric
Networks
Centralised
computation
Vehicle manipulation and
control
Access to confidential
vehicle data
Cable cut
Tampered radio signal
CAN buses
OBD port
Data on wireless interfaces
Ethernet networks,
Vehicle control on wireless
interfaces
Vehic
le s
ophis
tication
EE
arc
hitectu
re c
om
ple
xity
Att
ack b
en
efits
Att
ack s
urf
ace
s
a
ss
a i/o node i/o node
i/o node
connectivity
node
switch
switch
i/o nodecomp
node
comp
node
a
ss
a
a
ss
a
a
ss
a
Autosec FFI conference, 2019-10-10
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
6
Service centric
Dynamically deployable
vehicle services
Cloud as part of the
vehicle
Fleet manipulation and control
Access to confidential fleet data
Cable cut
Tampered radio signal
CAN buses
OBD port
Data on wireless interfaces
Ethernet networks,
Vehicle control on wireless interfaces
Cloud infrastructure
Vehic
le s
ophis
tication
EE
arc
hitectu
re c
om
ple
xity
Att
ack b
en
efits
Att
ack s
urf
ace
s
a
ss
a i/o node i/o node
i/o node
connectivity node
switch
switch
i/o nodecomp node
comp node
a
ss
a
a
ss
a
a
ss
a
Autosec FFI conference, 2019-10-10
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
7
Phase 1: Mechanics
Phase 2: Electronics
Master/Gateway
ECU ECU ECU
Sub-ECU
Sub-ECU
Master/Gateway
Master/Gateway
Master/Gateway
Phase 3: Data
Phase 4: Services
a
ss
ai/o
nodei/o
node
i/o
node
connectivity
node
switch
switch
i/o
nodea
ss
a
a
ss
a
a
ss
a
a
ss
a
a
ss
a
a
ss
a
a
ss
a
Autosec FFI conference, 2019-10-10
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
8
UNECE cyber security principles, effective ~2021-2022, requires the industry to deal with cyberresilience puts requirements on cybersecurity for type approval
Autosec FFI conference, 2019-10-10
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
9
Challenges
ahead!
Autosec FFI conference, 2019-10-10
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
10 Autosec FFI conference, 2019-10-10
Lifecycle Technology
Organisation
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
11 Autosec FFI conference, 2019-10-10
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
12 Autosec FFI conference, 2019-10-10
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
13 Autosec FFI conference, 2019-10-10
Process, methods and tools
Intrusion detection
Protection mechanisms
Recovery mechanisms
Post-event analysis
Impact on functional safety
Secure cloud functionality
• How can we work with and manage cybersecurity
more efficiently, especially in the context of
connectivity and automation?
• How can we apply ISO21434 more efficiently and
better integrate it in the existing development process
based on agile and CI/CD?
• How can we comply with the type approval recommendations
from UNECE?
• How do we find the right design trade-offs between
security and safety?
• How can we still maintain safety in the presence of an attack?
• How can we build inherent support for
protection and detection in the EE architecture?
• How can we efficiently detect attacks?
• How can we recover from an attack, maximising uptime?
• How can we provide faster security updates to large fleets?
• How can we better and faster learn from attacks, and feedback
the insights into the development of future products?
• How do we ensure a secure (and safe) operation
as dependency on the cloud increases?
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
14 Autosec FFI conference, 2019-10-10
• How do we keep up with the competence?
• How can we find competent people?
• How do we spread cybersecurity knowledge
in the organisation?
• How do we increase awareness of cybersecurity
to developers?
• How do we manage cybersecurity in the
organisation in the best way?
• How do we build efficient incident management?
Competence development
Recruitment
Communication
Organisation
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
15
Challenges
ahead!Let’s embrace them together.
Autosec FFI conference, 2019-10-10
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
16
Process, methods and tools
Intrusion detection
Protection mechanisms
Recovery mechanisms
Post-event analysis
Impact on functional safetyHEAVENS
HoliSec
CyReV
CASUSAutoSec
Com
munity
build
ing
Project XSecure cloud functionality
Autosec FFI conference, 2019-10-10
Volvo Group Trucks TechnologyVolvo Group
Daniel Karlsson, Cybersecurity challenges in the Volvo Group
17
Process, methods and tools
Intrusion detection
Protection mechanisms
Recovery mechanisms
Post-event analysis
Impact on functional safety
Secure cloud functionality
Autosec FFI conference, 2019-10-10
Competence development
Recruitment
Communication
Organisation