1 October 2, 2015 CSC Proprietary and Confidential 1 October 2, 2015 CSC Proprietary and Confidential FROM CONNECTED TO SELF-DRIVING — SECURING THE AUTOMOTIVE REVOLUTION Dr. Alexander Schellong General Manager, Cybersecurity Division Central & Eastern Europe, Italy and Turkey
23
Embed
From Connected To Self-Driving - Securing the Automotive Revolution
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1 October 2, 2015 CSC Proprietary and Confidential 1 October 2, 2015 CSC Proprietary and Confidential
FROM CONNECTED TO SELF-DRIVING— SECURING THE AUTOMOTIVE
REVOLUTION Dr. Alexander Schellong
General Manager, Cybersecurity Division Central & Eastern Europe, Italy and Turkey
2 October 2, 2015 CSC Proprietary and Confidential
TRAVEL AND TRANSPORTATION
INSURANCE
MANUFACTURING
BANKING AND CAPITAL MARKETS
HEALTHCARE
ENERGY AND NATURAL RESOURCES PUBLIC
SECTOR
TECHNOLOGY AND CONSUMER SERVICES
About CSC
CONSULTING
BIG DATA AND ANALYTICS
BUSINESS PROCESS SERVICES AND OUTSOURCING
INFRASTRUCTURE SERVICES
APPLICATIONS SERVICES SOFTWARE AND IP
CYBERSECURITY CLOUD
NEXT-GEN OFFERINGS
3 October 2, 2015 CSC Proprietary and Confidential
CSC Cybersecurity
CYBER CONSULTING
SERVICES
CLOUD INTERNET OF
THINGS
MOBILITY
SOCIAL
MANUFACTURING
TRAVEL AND TRANSPORTATION
MANAGED SECURITY SERVICES
BIG DATA
HEALTHCARE
RISK MANAGEMENT CENTERS TECHNOLOGY
AND CONSUMER SERVICES
PUBLIC SECTOR
INSURANCE
APPLICATIONS BUSINESS
OUTSIDE-IN
BANKING AND CAPITAL MARKETS
ENERGY AND NATURAL
RESOURCES
BUSINESS CONTINUITY/
DISASTER RECOVERY
Third Platform, Consumerization
of IT
4 October 2, 2015 CSC Proprietary and Confidential
Global Cybersecurity Service Portfolio 09/2015 BUSINESS CONTINUITY &
DISASTER RECOVERY (BC/DR) SERVICES
IDENTITY MANAGEMENT CONSULTING
MANAGED SECURITY SERVICES (MSS)
APPLICATION & SOFTWARE SECURITY
Static/Dynamic/Mobile Scans (HP Fortify)
Compliance / Security Support (Account Security Managers)
Risk / Security Assessment
Strategy & Information Security & Risk Management
STRATEGIC & TECHNICAL SECURITY
CONSULTING
APT / Penetration tests Social Engineering Physical Security
Red Team
Data Protection
Network, Mobile & Cloud Security
BSI / ISO / PCI Audits & Audit Preparation
SOC Planning & Setup
FW / IDS / SIEM Implementation
Industrial Control Systems
Data Loss Prevention
Trainings
RFI / RFP Support
Common Criteria
FIPS
24x7x365 Global IAM Operations & Support
Application Security
Device & Endpoint Security
Network Security
Cloud Security
Mobile Security
Global Cyberthreat Intelligence
Risk Management Center Security Operations Center
Risk & Business Impact Analysis
BC/DR Plans, Reviews & Tests
Crisis Management
Global Incident Response / 24x7 Forensics
Training & Simulation
Mergers & Acquisition (M&A) security due diligence
Secure Code Reviews
SAP
CERTIFICATION SERVICE (LAB)
SECURITY HARDWARE & SOFTWARE RESELLING
(Next-Generation) Firewalls
Antivirus / SIEM / IDS / IPS / DLP
Mobile / Endpoint Security
20+ Product partners Cryptography
BSI Grundschutz / IS-Revision
Secure Software Development Lifecycle
IAM Consulting & Solution Architecture
Identity and Access Governance
RFI / RFP Support
IAM Implementation & Customization
Cloud SSO & Federation
IAM Solution Engineering
Provisioning Solutions
5 October 2, 2015 CSC Proprietary and Confidential
GLOBAL CYBERSECURITY PROFESSIONALS
1,700+
INTEGRATED GLOBAL RISK MANAGEMENT
CENTERS
5+
YEARS PROVIDING CYBERSECURITY
SERVICES
40+
GLOBAL ALLIANCE PARTNERS
PROVIDING SECURITY EXPERTISE
15+
PUBLIC & PRIVATE SECTOR
EXPERTISE
UK
Noida
Kuala Lumpur
Sydney
Newark
Global Scalability
6 October 2, 2015 CSC Proprietary and Confidential
MOBILE SECURITY
CLOUD SECURITY
NETWORK SECURITY
ENDPOINT SECURITY
APPLICATION SECURITY
IDENTITY AND ACCESS MANAGEMENT Our deep industry knowledge,
security specialists, and end-to-end solutions for
traditional and next-generation technologies enable you to
securely adapt as your business and risks change.
End-to-End Managed Security Services
7 October 2, 2015 CSC Proprietary and Confidential
Six decades of safety development to protect us from the biggest risk factor in car mobility
8 October 2, 2015 CSC Proprietary and Confidential
Not this one
Volkswagen
9 October 2, 2015 CSC Proprietary and Confidential
That one
10 October 2, 2015 CSC Proprietary and Confidential
Who is the biggest risk in the future?
Ex Machina / Universal Studios (2015)
11 October 2, 2015 CSC Proprietary and Confidential
Known automotive attack vectors
• ODB-II Direct connector, USB, WiFi
• Controller Area Network (CAN) (broadcast nature, DoS vulnerability, network segregation) • Electronic Control Unit (ECU)
– Engine Control Unit (ECU) (access, reflashing while driving, deviation from standards – Body Control Unit (BCM) – Elctronic Break Control Module (ECBM) – Telematics unit (access) – Radio / Entertainment system (malicious music files) – Bluetooth (pass through vulnerabilities) – Tire Pressure Monitoring Systems (TPMS)
• Suppliers, OEM and Dealers
12 October 2, 2015 CSC Proprietary and Confidential
Spoofing the LIDAR
13 October 2, 2015 CSC Proprietary and Confidential
GPS jamming and spoofing
14 October 2, 2015 CSC Proprietary and Confidential
Volkswagen’s Automotive Cybercrime: Emission control
Daily use
ECU/ECM
Test
15 October 2, 2015 CSC Proprietary and Confidential
Human error speaks against precautionary approach
- Level of automation +
- hu
man
err
or ri
sks
+
16 October 2, 2015 CSC Proprietary and Confidential
From 1 billion to 2 billion cars
Infographic Wired Magazine 2012
2050 2 billion cars
9 billion people
2030 200+ million
connected cars
2018 20+ million
connected cars
100 million lines of code per car & 17 Petabyte of data p.a.
17 October 2, 2015 CSC Proprietary and Confidential
OEM VM vs. IT market entrant approach
SW
Car
Car
SW
- Level of automation +
- Le
vel o
f cap
abili
ties
+
- Level of automation +
- Le
vel o
f cap
abili
ties
+
18 October 2, 2015 CSC Proprietary and Confidential