1 24 May 2019 TLP WHITE: May be shared within the Auto-ISAC Community. Auto-ISAC Monthly Community Call 5 June 2019
124 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Auto-ISAC
Monthly Community Call
5 June 2019
224 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Agenda
Time (ET) Topic
11:00
Welcome
➢ Why we’re here
➢ Expectations for this community
11:10
Auto-ISAC Update
➢ Auto-ISAC overview
➢ Heard around the community
➢ What’s Trending
11:20Featured Speakers
➢ Dan Sahar, Vice President of Product, Upstream
11:45Around the Room
➢ Sharing around the virtual room
11:55 Closing Remarks
Welcome
324 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Welcome - Auto-ISAC Community Call!
Welcome
Purpose: These monthly Auto-ISAC Community Meetings are an
opportunity for you, our Members & connected vehicle ecosystem
partners, to:
✓ Stay informed of Auto-ISAC activities
✓ Share information on key vehicle cybersecurity topics
✓ Learn about exciting initiatives within the automotive
community from our featured speakers
Participants: Auto-ISAC Members, Potential Members, Partners,
Academia, Industry Stakeholders, and Government Agencies
Classification Level: TLP GREEN: may be shared within the Auto-
ISAC Community, and “off the record”
How to Connect: For further info, questions, or to add other POCs to
the invite, please contact Auto-ISAC Membership Engagement Lead Kim
Kalinyak ([email protected])
424 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Engaging in the Auto-ISAC Community
❖ Join❖ If your organization is eligible, apply for Auto-ISAC membership
❖ If you aren’t eligible for membership, connect with us as a partner
❖ Get engaged – “Cybersecurity is everyone’s responsibility!”
❖ Participate❖ Participate in monthly virtual conference calls (1st Wednesday of month)
❖ If you have a topic of interest, connect our Membership Engagement
Lead, Kim Kalinyak – [email protected]
❖ Engage & ask questions!
❖ Share – “If you see something, say something!”❖ Submit threat intelligence or other relevant information
❖ Send us information on potential vulnerabilities
❖ Contribute incident reports and lessons learned
❖ Provide best practices around mitigation techniques
Welcome
4Innovator Partners
19Navigator Partners
Coordination with 23critical infrastructure ISACs through the National ISAC
Council
Membership represents 99%of cars on the road in North
America
19OEM Members
30 Supplier &Commercial
Vehicle Members
524 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Community Speaker Series
Featured Speaker
Why Do We Feature Speakers?❖ These calls are an opportunity for information exchange & learning
❖ Goal is to educate & provide awareness around cybersecurity for the connected
vehicle
What Does it Mean to Be Featured?❖ Perspectives across our ecosystem are shared from members,
government, academia, researchers, industry, associations and
others.
❖ Goal is to showcase a rich & balanced variety of topics and viewpoints
❖ Featured speakers are not endorsed by Auto-ISAC nor do the speakers
speak on behalf of Auto-ISAC
How Can I Be Featured?❖ If you have a topic of interest you would like to share with
the broader Auto-ISAC Community, then we encourage you
to contact our Membership Engagement Lead, Kim Kalinyak
1700+Community Participants
18Featured Speakers to date
Membership represents 99%of cars on the road in North
America
Coordination with 23critical infrastructure ISACs
through the National ISAC Council
624 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Auto-ISAC Mission
Mission ScopeServe as an unbiased information
broker to provide a central point of
coordination and communication for
the global automotive industry through
the analysis and sharing of trusted and
timely cyber threat information..
Light- and heavy-duty vehicles,
suppliers, commercial vehicle fleets and
carriers. Currently, we are focused on
vehicle cyber security, and anticipate
expanding into manufacturing and IT
security related to the vehicle.
What We Do
Community Development
Workshops, exercises, all hands, summits and town halls
Intel Sharing
Data curation across
intel feeds, submissions
and research
Analysis
Validation,
context and
recommendations
Best Practices
Development,
dissemination and
maintenance
Partnerships
Industry, academia,
vendors, researchers
and government
Community Development
Workshops, exercises, all hands, summits and town halls
ISAC Overview
724 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Our 2019 Board of Directors
Executive Committee (ExCom) Leadership
Jeff Massimilla
Auto-ISAC
Chairman
General Motors
Tom Stricker
Auto-ISAC Vice
Chairman
Toyota
Mark Chernoby
Auto-ISAC
Treasurer
FCA
Jenny Gilger
Auto-ISAC
Secretary
Honda
Geoff Wood
Affiliate Advisory
Board Chair
Harman
Geoff Wood
Affiliate Advisory
Board Chair
Harman
Todd Lawless
Affiliate Advisory
Board Vice Chair
Continental
Bob Kaster
Supplier Affinity
Group Chair
Bosch
Larry Hilkene
Commercial Vehicle
Affinity Group Chair
Cummins
2019 Affiliate
Advisory
Board (AAB)
Leadership
Auto-ISAC Leadership
824 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Auto-ISAC Team and Support Staff
Faye Francy, Executive Director
Josh Poster, Program Operations
Manager
Jessica Etts, Senior Intel Coordinator
Kim Kalinyak, Membership
Engagement Lead
Steve Elliott, Business Administrator
Jake Walker, Cyber Intel Analyst
Julie Kirk, Finance
Heather Rosenker, Communications
(Auto-Alliance)
Linda Rhodes, Legal Counsel, Mayer
Brown
JJ Moss, Intel Lead, BAH
Auto-ISAC Staff
Auto-ISAC Staff
924 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Recent Activities
Auto-ISAC Update
Highlights of Key Activities in May
➢ Auto-ISAC and Summit Task Force continued planning our Third Annual Automotive
Cybersecurity Summit
➢ Auto-ISAC attended
➢ Auto-ISAC European Region Event in Munich, Germany
➢ Cisco Annual Technology Event (ITX 2019) in Austin, TX
➢ Auto-ISAC Members Only Quarterly Face to Face Board of Directors and
Affiliate Advisory Board Meetings in Columbus, IN
Looking Ahead to June
➢ Auto-ISAC will be attending
➢ TU Automotive in Detroit, MI
➢ NCI Quarterly Face to Face Meeting in Washington, DC
➢ ESCAR in Ann Arbor, MI
➢ CyberTruck Challenge in Warren, MI
1024 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Auto-ISAC UpdateOverview of Quarterly Face to Face
meeting of BoD, AAB, and AWG
Affiliate Advisory Board and Board of
Directors Meeting
New Secretary of the Board➢ Steven Center, Honda, has taken on a new role
and has stepped down as Secretary of the
Board of Directors
➢ Jenny Gilger, Honda, was nominated and
approved to replace Steven Center, Honda, as
Secretary of the Board of Directors
Approval of Best Practice Guide
Release➢ BPG 4, 5, 6 approved for TLP White Release in
July 2019
➢ BPG 7 approved for TLP Amber Release in May
2019
Review of European Region Event ➢ Hosted by BMW on May 3rd in Munich, Germany
➢ 94 attendees, 13 OEMs and 12 Suppliers
➢ Presentations from Auto-ISAC, BMW, NXP, and
Mayer Brown
Analyst Working Group Workshop
Overview➢ Two Day Analyst Workshop
➢ 40 attendees from 25 member companies
Member Presentations ➢ Risk Assessment Methodology
➢ Vulnerability Management
➢ Cyberstorm 2020
Partner Presentations➢ Pen Test Partners on Aftermarket Car Alarm
Research
➢ FEV on an Introduction to Cryptography
1124 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
• New tools and tech developed by researchers, government, and industry which can be used to find vulnerabilities in vehicles before threat actors.
‒ Researchers Develop Cybersecurity System to Test for Vulnerabilities in Technologies That Use GPS : Southwest Research Institute has developed a cybersecurity system to test for vulnerabilities in automated vehicles and other technologies that use GPS receivers for positioning, navigation and timing. (Link)
‒ Researchers Have a New Method to Detect Malware Hidden in Hardware: Even though malware developers have gotten even sneakier by implanting malicious code into embedded firmware, researchers from North Carolina State University and the University
of Texas at Austin have developed a reliable method of identifying such intrusions. (Link)
‒ NIST Tool Boosts Chances of Finding Dangerous Software Flaws: After more than 20 years of steady improvement, the US National Institute of Standards and Technology (NIST) thinks it has reached an important milestone with something called Combinatorial Coverage Measurement (CCM). (Link)
‒ UK Minister Unveils Plans for Test Facility for Self-driving Vehicles: A government minister has announced plans to develop a cyber testing facility for self-driving vehicles. The security facility would create an area where researchers, start-ups and big manufactures could push their vehicles’ software to the limits. (Link)
‒ New Morpheus Chip Makes the Computer an Unsolvable Puzzle: A new computer processor architecture has been developed at the University of Michigan that could usher in a future where computers proactively defend against threats, rendering the current electronic security model of bugs and patches obsolete. (Link)
Auto-ISAC Intelligence
What’s Trending?
Trending
For more information or questions please contact [email protected]
1224 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Community Speakers
➢ Karl Heimer – CyberAuto/Truck Challenge
➢ Urban Johnson, NMFTA – Heavy Vehicle Cybersecurity Working Group
➢ Ross Froat, American Trucking Association on the ATA Cyberwatch Program
➢ Adnan Baykal, Global Cyber Alliance, Overview of Global Cyber Alliance
➢ Chris Ballinger, CEO and Founder of MOBI, the Mobility Open Blockchain Initiative
Example of Previous Community Speakers
Past Community Call Slides are located at: www.automotiveisac.com/communitycalls/
Featured Speakers
1324 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Welcome to Today’s Speaker
Featured Speaker
Abstract: Overview of Upstream’s 2019 Automotive Cybersecurity Report
Dan Sahar- drives product management and go-to-
market activities for Upstream, bringing more than
eighteen years of marketing and product management
experience at high technology companies. Prior to
Upstream, Dan was Co-founder and VP of Marketing for
Qwilt, an Accel and Bessemer funded startup, from
inception to becoming the market leader in Edge Content
Delivery. Earlier in his career, Dan held a variety of
product and marketing roles in leading vendors such as
Crescendo Networks (acquired by F5 Networks), Juniper
Networks and Kagoor Networks (acquired by Juniper) as
well as engineering management positions at Kagoor
Networks and Seabridge (Nokia Siemens Networks). Dan
holds a Bachelor's degree in Computer Science and
Business from Tel Aviv University Magna Cum Laude and
an MBA (Marketing) from the Leon Recanati School in Tel
Aviv University.
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
© 2019 Upstream Security Ltd. All Rights Reserved.
MAKING CONNECTED CARS SAFE AND SECURE. FOR EVERYONE.
Dan Sahar | VP Product
ⓒ 2019 Upstream Security Ltd. All Rights Reserved.
ⓒ 2019 Upstream Security Ltd. All Rights Reserved.
THE STATE OF AUTOMOTIVE CYBER-ATTACKS
2019
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
RAPID GROWTH OF CYBER-ATTACKS ON THECONNECTED AUTOMOTIVE INDUSTRY / 2010-2018
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
THE TABLES HAVE TURNED BLACKHAT ATTACKS EXCEED WHITE HAT IN 2018
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
INCIDENTS264
[updated May 2019]
2018
71
2019
69May
?
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
Q1 2019 REPORT
Q1’18 Q1’19
300%
2019 Upstream Security Ltd. All Rights Reserved. Confidential.
Q1 2019 REPORT
Q1’18 Q1’19
300%
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
CHICAGO CAR2GO APP HACKED - 100 CARS ARE MISSING
April 19, 2019. Chicago, USA
Sources: https://www.autoblog.com/2019/04/17/car2go-app-hacked-chicago-100-cars-stolen https://www.theverge.com/2019/4/17/18412750/daimler-car2go-share-now-app-chicago-car-fraud-theft-arrests-stolen-benz
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
TENCENT KEEN SECURITY LAB: REMOTELY CONTROL TESLA’S STEERING SYSTEM
Keen Security
INTERNET
INFOTAINMENT GATEWAY APE
MITMWIFI/3G/4G
CAN BUS / ETHERNET
CONTROL STEERING SYSTEM
March 2019
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
April 2019
Remote stop engine commands
7,000ACCOUNTS
Reference: https://www.vice.com/en_us/article/zmpx4x/hacker-monitor-cars-kill-engine-gps-tracking-apps
GoTrack
20,000ACCOUNTS
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
WIRELESS ATTACKS ARE BECOMING MORE POPULAR THAN PHYSICAL ONES.
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
THE RISE OF LONG-RANGE ATTACKS
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
THE TOP IMPACTS OF CYBERATTACKSON AUTOMOTIVE
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
CO
MPA
NIE
S IM
PAC
TED
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
TELEMATICSCONNECTED CARS
VEHICLE SOC ARCHITECTURE
AUTOMOTIVE CLOUD
MOBILITYSIEM
AUTOMOTIVECYBERSECURITY
DETECTION
SECURITYOPERATIONS
CENTER
ENTERPRISESIEM
ENTERPRISEWORKFLOW
OT NETWORK IT NETWORK
ENTERPRISE CYBERSECURITY DETECTION
ENDPOINTS NETWORK SERVERS MOBILEMOBILITYSERVICES
VEHICLE APIs AND SENSORS
OT IT
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
TELEMATICSCONNECTED CARS
MULTI-VEHICLE (FLEET-WIDE) ATTACK
AUTOMOTIVE CLOUD
MOBILITYSIEM
AUTOMOTIVECYBERSECURITY
DETECTION
SECURITYOPERATIONS
CENTER
ENTERPRISESIEM
ENTERPRISEWORKFLOW
OT NETWORK IT NETWORK
ENTERPRISE CYBERSECURITY DETECTION
ENDPOINTS NETWORK SERVERS MOBILE
OT
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
TELEMATICSCONNECTED CARS
UPSTREAM DETECTION AND SENDS ALERT TO SOC
AUTOMOTIVE CLOUD
MOBILITYSIEM
AUTOMOTIVECYBERSECURITY
DETECTION
SECURITYOPERATIONS
CENTER
ENTERPRISEWORKFLOW
OT NETWORK IT NETWORK
ENTERPRISE CYBERSECURITY DETECTION
ENDPOINTS NETWORK SERVERS MOBILE
OT
ENTERPRISESIEM
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
TELEMATICSCONNECTED CARS
ENTERPRISE SIEM ACTIVATE WORKFLOW TO MITIGATE THE RISK
AUTOMOTIVE CLOUD
MOBILITYSIEM
AUTOMOTIVECYBERSECURITY
DETECTION
SECURITYOPERATIONS
CENTER
OT NETWORK IT NETWORK
ENTERPRISE CYBERSECURITY DETECTION
ENDPOINTS NETWORK SERVERS MOBILE
OT
ENTERPRISESIEM
ENTERPRISEWORKFLOW
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
TELEMATICSCONNECTED CARS
ATTACK MITIGATED
AUTOMOTIVE CLOUD
MOBILITYSIEM
AUTOMOTIVECYBERSECURITY
DETECTION
SECURITYOPERATIONS
CENTER
ENTERPRISESIEM
ENTERPRISEWORKFLOW
OT NETWORK IT NETWORK
ENTERPRISE CYBERSECURITY DETECTION
ENDPOINTS NETWORK SERVERS MOBILEMOBILITYSERVICES
VEHICLE APIs AND SENSORS
OT IT
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
VISIT OUR ONLINE REPORTED CYBER INCIDENTS REPOSITORY www.upstream.auto/research/automotive-cybersecurity
ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.
THANK YOU !
3624 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Open Discussion
Around the Room
Any questions about the
Auto-ISAC or future topics
for discussion?
3724 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Connect with us at upcoming events:
TU Automotive*** June 4-6, Detroit, MI
TU Automotive E-Mobility Detroit June 5- June 6, Detroit, MI
Auto-ISAC Community Call*** June 5, Telecon
NHTSA 26th ESV 2019June 10- 13, Eindhoven,
Netherlands
NCI Quarterly Face to Face Meeting*** June 12, Washington, DC
ESCAR USA 2019*** June 12-13, Detroit, MI
SANSFIRE 2019June 15-22, Washington
DC
Cyber Truck Challenge*** June 23-28, Warren, MI
Event Outlook
**For full 2018 calendar, visit www.automotiveisac.com
Closing Remarks
3824 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Closing Remarks
If you are an OEM, supplier or commercial
vehicle company, now is a great time to join
Auto-ISAC!
How to Get Involved: Membership
To learn more about Auto-ISAC Membership or Partnership,
please contact Kim Kalinyak ([email protected]).
➢ Real-time Intelligence
Sharing
➢ Development of Best Practice
Guides
➢ Intelligence Summaries ➢ Exchanges and Workshops
➢ Regular intelligence
meetings
➢ Tabletop exercises
➢ Crisis Notifications ➢ Webinars and Presentations
➢ Member Contact Directory ➢ Annual Auto-ISAC Summit Event
3924 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Strategic Partnership Programs
NAVIGATORSupport Partnership
- Provides guidance and
support
- Annual definition of
activity commitments
and expected outcomes
- Provides guidance on
key topics / activities
INNOVATORPaid Partnership
- Annual investment
and agreement
- Specific commitment
to engage with ISAC
- In-kind contributions
allowed
COLLABORATORCoordination
Partnership- “See something, say
something”
- May not require a formal
agreement
- Information exchanges-
coordination activities
BENEFACTORSponsorship
Partnership - Participate in monthly
community calls
- Sponsor Summit
- Network with Auto
Community
- Webinar / Events
Solutions
Providers
For-profit companies
that sell connected
vehicle cybersecurity
products & services.
Examples: Hacker ONE,
SANS, IOActive
Affiliations
Government,
academia, research,
non-profit orgs with
complementary
missions to Auto-ISAC.
Examples: NCI, DHS,
NHTSA
Community
Companies interested
in engaging the
automotive ecosystem
and supporting -
educating the
community.
Examples: Summit
sponsorship –
key events
Associations
Industry associations
and others who want
to support and invest
in the Auto-ISAC
activities.
Examples: Auto Alliance,
Global Auto, ATA
Closing Remarks
4024 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
➢Focused Intelligence Information/Briefings
➢Cybersecurity intelligence sharing
➢Vulnerability resolution
➢Member to Member Sharing
➢Distribute Information Gathering Costs across the Sector
➢Non-attribution and Anonymity of Submissions
➢Information source for the entire organization
➢Risk mitigation for automotive industry
➢Comparative advantage in risk mitigation
➢Security and Resiliency
Auto-ISAC Benefits
Securing Across the Auto Industry
Closing Remarks
4124 May 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Our contact info
Faye FrancyExecutive Director
20 F Street NW, Suite 700Washington, DC 20001
703-861-5417
Kim KalinyakMembership Engagement
Lead
20 F Street NW, Suite 700Washington, DC 20001
240-422-9008
Josh PosterProgram Operations
Manager
20 F Street NW, Suite 700Washington, DC 20001
Jessica EttsSenior Intel Coordinator
20 F Street NW, Suite 700
Washington, DC 20001