1 Gene Carter Director of Product Management Security Innovation Peter Samson Vice President and General Manager Security Innovation Larry Ponemon Chairman Ponemon Institute Walter Capitani Product Manager Rogue Wave Software Car cybersecurity: What do the automakers really think?
52
Embed
Car Cybersecurity: What do Automakers Really Think?
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
Gene CarterDirector of Product ManagementSecurity Innovation
Peter SamsonVice President and General ManagerSecurity Innovation
Larry PonemonChairmanPonemon Institute
Walter CapitaniProduct ManagerRogue Wave Software
Car cybersecurity:What do the automakers really think?
2
First, a few things…
• The webcast recording link and the slides will be sent to all registrants tomorrow
• Please type all questions in the Questions dialogue box to the right
• The Ponemon white paper can be downloaded here:http://web.securityinnovation.com/car-security-what-automakers-think
3
The Current State of Automotive Cyber Security
Peter SamsonVice President and General ManagerSecurity Innovation
4
Source: IHS Automotive
Connected Car Market
5
$152 billion by 2020
$141 billion by 2020
$132 billion by 2020
$128 billion by 2020
$98 billion by 2018
Economic Value
6
1.7 MillionLines of Code
6.5M MillionLines of Code
100 MillionLines of Code
100 ECUs5 Networks
2 miles of cable10+ Operating Systems
50% of total cost
The Complexity Challenge
7
What’s the Risk?
Extortion
Theft
Terrorism
Revenge
Mischief
Insurance fraudCorporate espionage
Stalking and spying
Feature activation
Identity theft Counterfeiting
8
Where’s the Risk?Ex
tern
alInternal
Bluetooth
Internet
V2X
Key fob
LiDAR
TPMS
Wi-Fi
Tail light
Diagnostics
OBDII
USB
SD card
Aux input
DVD
CAN Bus
Touchscreen
Ethernet
Mobile phone
9
SecurityUpdates
Segmentation and Isolation
Evidence Capture
Third PartyCollaboration
Secure ByDesign
Early Pressure
10
Collaborations
11
Government Shows Interest – February 2015
12
Government Asks Questions – May 2015
13
Government Asks Questions – May 20151. Who in your organization is
responsible for evaluating, testing, and monitoring potential cyber vulnerabilities?
2. How does your organization incorporate cybersecurity best practices into your products?
3. What policies, procedures, and practices do you employ to evaluate potential cyber vulnerabilities?
4. Who in your organization is responsible for addressing potential vulnerabilities in the products of your suppliers
5. How do you work with suppliers to minimize potential vulnerabilities?
6. How do you track or evaluate potential vulnerabilities once a product is in the field?
7. How do you, or how do you intend to, remediate vulnerabilities after a vehicle has entered the market?
8. Do you intend to use over -the -air (OTA) updates to upgrade vehicle systems or technology?
9. To what extent do existing vehicle systems and technologies utilize public key infrastructure
10. What steps have you taken to evaluate how connected elements interact with vehicle safety systems?
11. Because vehicles interact with technologies outside the vehicle, what steps are you taking to evaluate potential vulnerabilities?
12. How do you interact with the security research community to identify potential threats and/or vulnerabilities?
13. What are the greatest challenges to cybersecurity in the industry?
14. How is the automobile industry working with the government to address the challenge of cybersecurity