Secure Product Design Lifecycle for Connected Vehicles

Lisa BoranVehicle Cybersecurity Manager, Ford Motor CompanySAE J3061 ChairSAE/ISO Cybersecurity Engineering Chair

AGENDA

Cybersecurity Standards Awareness

Vehicle Complexity

Holistic Cybersecurity Approach

External Engagement

2

Widespread Interest In Automotive Cybersecurity Development

Automotive Cybersecurity Activity(Not Exhaustive)

3

Past Vehicle Design Emphasis was on Engine Design, Comfort and Chassis and

Security Primarily Revolved Around Vehicle Theft, Odo Tampering & Chip Tuning

Vehicle was Self Contained

4

Areas of Potential Cybersecurity Vulnerabilities

Roadside Networks

Embedded Computers on Local Vehicle Network

Vehicle to Vehicle (V2V) Vehicle to Infrastructure (V2I)

Vehicle to Grid

Onboard Diagnostic Interface

Brought-In DeviceCommunications

WirelessCommunications

Private Clouds

PublicClouds

Sensors/Cameras/ Microphones

Security Measures In Place That Align With Industry Best Practices

To Help Protect Current and Future Technologies5

Connectivity and Complexity Explosion

3rd Party Connected

Services

OEM Connected

Services

16

15

14

Brought-in

Connectivity

Mobile

9

1

23

45

7

Beamed-in

Connectivity

GNSS Antenna

10

8

Built-in

Connectivity

6

13 12

11

17

Interconnectivity And Increased Hacker Capability

Makes Vehicles Potential Targets for Attack 6

Importance of Designing Security Upfront

Safety And Security Are Important To Our Customers

Loss of function or denial of service impacts Safety

Vehicle theft

Customer dissatisfaction

Loss of privacy Unauthorized personal information obtained

Unauthorized vehicle tracking

Impact to reputation and integrity

Financial loss Warranty

Loss of sales

Unauthorized access to features/functions

Higher insurance costs to the customers

Fraudulent commercial transactions

Theft of intellectual property

7

Secure Vehicle

Design

(e.g. HW, SW, Data,

Networks, Access

Control Security)

Secure Vehicle

Production

(e.g. Supply Chain

Management, Service)

Secure Vehicle

Operation

(e.g. Infrastructure

Vehicle Assembly)

Organization (People, Process,

Technology)

Risk ManagementPolicies & Standards,

Governance

Assess ---- Test ---- Address

Continuous Improvement Of Internal Cyber Security Processes and Tools

Monitor and Report

Cu

sto

me

r E

xp

ec

tati

on

s

Inn

ova

tio

n

Bu

sin

es

s D

rive

rs

New

an

d E

me

rgin

g R

eq

uire

me

nts

Inte

rna

l Req

uire

me

nts

& P

roc

es

ses

Reg

ula

tion

s

Holistic Cybersecurity Approach

8

Secure Design

Proof of Security Due Diligence – Self Attestation

9

Helps Manage Priority And Resource Allocation

Risk Categories

Functional Safety

(F.S.)

Privacy(P.I.I.)

Enterprise Impact

(E.I.)

Connectivity/Access

(C)

10

Security Controls Toolbox(Not Exhaustive)

Security control needs to be a Defense-in-Depth Layered Technique involving a suite of

controls. There are a number of potential tools in the security controls toolbox:

Firewalls

Authorization / Authentication mechanisms

Gateways / Network separation

Secure data storage/ Secure hardware

Intrusion Detection/Prevention

Secure Data Transport

Encryption

Packaging/Tamper Proofing

Access Control

Memory Management

Secure SW Coding/OS

No one is a complete answer, each potential tool has benefits and limitations.

Controls Are Applicable Within Context. Several Different Tools Are

Required To Obtain The Appropriate Controls. 11

Past Vehicle Design Emphasis was on Engine Design, Comfort and Chassis and

Security Primarily Revolved Around Vehicle Theft, Odo Tampering & Chip Tuning

Building A Cybersecurity Culture

Secure Process and Planning Testing

Supply

Chain

Mgmt.

Auditing

Governance

/ Policy /

Business

Comms /

Reporting

Requirements/Specifications

User Notification

Incident Management

Statement of Work

Supplier Audits

Security AttributeMeetings

SecurityBudget

Escalation

Security Governance

Field Monitoring

Product DevelopmentProcess Integration

Cyber Security Training

Threat Modeling &

Analysis

Risk Management

Public Disclosure Program

Security Capability

StudyRegulatory Compliance

BenchmarkingSelf-Attestation

Dealer Awareness

Training

Privacy Governance

NHTSA

Auto ISAC

Threat Intelligence

Bug Bounty Program

External Engagements

PII PolicySecurity

CapabilityStudy

ComplianceTracking

Insurance Witness Testing

Regulatory Witness Testing

Vehicle Assessments

Application/ Infrastructure Code Reviews

Red Team

Static Code Analysis

Design Verification

Plans

Fuzz Testing

Technical Design

Reviews

12

A Well Documented Incident Response Plan

Incident Management

Field Monitoring

Triage Inputs

Determine Validity and Priority

Product Team to Determine Impact, Containment, Recovery &

Remediation

Present to Appropriate Review Board

Communication/Reporting

13

Cybersecurity Workforce

Threat Analysis &

Risk Assessment

In Vehicle Cyber

Security Teams

PD Teams Red Team

Security Governance

Incident Assessment

Team

Data Monitoring

Backend IT Security

Safety Office/ Legal

Gov’t Affairs / Public

Relations

Cyber Intelligence/

Defense

14

External Engagement

Security Supply Base

University Collaborations

Industry Research Consortia

Government Involvement

Information Sharing

Standards Development

15

Questions?