Post on 03-Jun-2020
transcript
126 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Auto-ISAC
Monthly Community Call
1 May 2019
226 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Agenda
Time (ET) Topic
11:00
Welcome
➢ Why we’re here
➢ Expectations for this community
11:10
Auto-ISAC Update
➢ Auto-ISAC overview
➢ Heard around the community
➢ What’s Trending
11:20
Featured Speakers
➢ Amy Smith, Manager of Pre-College Education, SAE
International
11:45Around the Room
➢ Sharing around the virtual room
11:55 Closing Remarks
Welcome
326 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Welcome - Auto-ISAC Community Call!
Welcome
Purpose: These monthly Auto-ISAC Community Meetings are an
opportunity for you, our Members & connected vehicle ecosystem
partners, to:
✓ Stay informed of Auto-ISAC activities
✓ Share information on key vehicle cybersecurity topics
✓ Learn about exciting initiatives within the automotive
community from our featured speakers
Participants: Auto-ISAC Members, Potential Members, Partners,
Academia, Industry Stakeholders, and Government Agencies
Classification Level: TLP GREEN: may be shared within the Auto-
ISAC Community, and “off the record”
How to Connect: For further info, questions, or to add other POCs to
the invite, please contact Auto-ISAC Membership Engagement Lead Kim
Kalinyak (kimkalinyak@automotiveisac.com)
426 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Engaging in the Auto-ISAC Community
❖ Join❖ If your organization is eligible, apply for Auto-ISAC membership
❖ If you aren’t eligible for membership, connect with us as a partner
❖ Get engaged – “Cybersecurity is everyone’s responsibility!”
❖ Participate❖ Participate in monthly virtual conference calls (1st Wednesday of month)
❖ If you have a topic of interest, connect our Membership Engagement
Lead, Kim Kalinyak – kimkalinyak@automotiveisac.com
❖ Engage & ask questions!
❖ Share – “If you see something, say something!”❖ Submit threat intelligence or other relevant information
❖ Send us information on potential vulnerabilities
❖ Contribute incident reports and lessons learned
❖ Provide best practices around mitigation techniques
Welcome
4Innovator Partners
19Navigator Partners
Coordination with 23critical infrastructure ISACs through the National ISAC
Council
Membership represents 99%of cars on the road in North
America
19OEM Members
30 Supplier &Commercial
Vehicle Members
526 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Community Speaker Series
Featured Speaker
Why Do We Feature Speakers?❖ These calls are an opportunity for information exchange & learning
❖ Goal is to educate & provide awareness around cybersecurity for the connected
vehicle
What Does it Mean to Be Featured?❖ Perspectives across our ecosystem are shared from members,
government, academia, researchers, industry, associations and
others.
❖ Goal is to showcase a rich & balanced variety of topics and viewpoints
❖ Featured speakers are not endorsed by Auto-ISAC nor do the speakers
speak on behalf of Auto-ISAC
How Can I Be Featured?❖ If you have a topic of interest you would like to share with
the broader Auto-ISAC Community, then we encourage you
to contact our Membership Engagement Lead, Kim Kalinyak
(kimkalinyak@automotiveisac.com)
1700+Community Participants
17Featured Speakers to date
Membership represents 99%of cars on the road in North
America
Coordination with 23critical infrastructure ISACs
through the National ISAC Council
626 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Auto-ISAC Mission
Mission ScopeServe as an unbiased information
broker to provide a central point of
coordination and communication for
the global automotive industry through
the analysis and sharing of trusted and
timely cyber threat information..
Light- and heavy-duty vehicles,
suppliers, commercial vehicle fleets and
carriers. Currently, we are focused on
vehicle cyber security, and anticipate
expanding into manufacturing and IT
security related to the vehicle.
What We Do
Community Development
Workshops, exercises, all hands, summits and town halls
Intel Sharing
Data curation across
intel feeds, submissions
and research
Analysis
Validation,
context and
recommendations
Best Practices
Development,
dissemination and
maintenance
Partnerships
Industry, academia,
vendors, researchers
and government
Community Development
Workshops, exercises, all hands, summits and town halls
ISAC Overview
726 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Our 2019 Board of Directors
Executive Committee (ExCom) Leadership
Jeff Massimilla
Auto-ISAC
Chairman
General Motors
Tom Stricker
Auto-ISAC Vice
Chairman
Toyota
Mark Chernoby
Auto-ISAC
Treasurer
FCA
Steve Center
Auto-ISAC
Secretary
Honda
Geoff Wood
Affiliate Advisory
Board Chair
Harman
Geoff Wood
Affiliate Advisory
Board Chair
Harman
Todd Lawless
Affiliate Advisory
Board Vice Chair
Continental
Bob Kaster
Supplier Affinity
Group Chair
Bosch
Larry Hilkene
Commercial Vehicle
Affinity Group Chair
Cummins
2019 Affiliate
Advisory
Board (AAB)
Leadership
Auto-ISAC Leadership
826 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Auto-ISAC Team and Support Staff
Faye Francy, Executive Director
fayefrancy@automotiveisac.com
Josh Poster, Program Operations
Manager
joshposter@automotiveisac.com
Jessica Etts, Senior Intel Coordinator
jessicaetts@automotiveisac.com
Kim Kalinyak, Membership
Engagement Lead
kimkalinyak@automotiveisac.com
Steve Elliott, Business Administrator
stevenelliott@automotiveisac.com
Heather Rosenker, Communications
(Auto-Alliance)
heatherrosenker@automotiveisac.com
Julie Kirk, Finance
juliekirk@automotiveisac.com
JJ Moss, Intel Lead, BAH
analyst@automotiveisac.com
Linda Rhodes, Legal Council, Mayer
Brown
lrhodes@mayerbown.com
Rob Geist, Accountant,
Tate and Tryon
RGeist@tatetryon.com
Auto-ISAC Staff
Auto-ISAC Staff
926 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Recent Activities
Auto-ISAC Update
Highlights of Key Activities in April
➢ Auto-ISAC and Summit Task Force began planning our Third Annual Automotive
Cybersecurity Summit
➢ Auto-ISAC attended
➢ SAE/ Government Industry Meeting in Washington, DC
➢ CIRI Symposium on Resilience in Urbana, IL
➢ NAFA Annual Meeting in Louisville, KY
Looking Ahead to May
➢ Auto-ISAC will be attending
➢ Auto-ISAC European Region Event in Munich, Germany
➢ Cisco Annual Technology Event (ITX 2019) in Austin, TX
➢ Auto-ISAC Members Only Quarterly Face to Face Board of Directors and
Affiliate Advisory Board Meetings in Columbus, IN
1026 April 2019TLP Green: May be shared within the Auto-ISAC Community.
• Various automotive related cyber events over the last 30 days; including new security research and the identification of vulnerabilities.
‒ Hacker Can Remotely Kill Car Engines After Breaking into GPS Tracking Apps: A hacker broke into thousands of accounts belonging to users of two GPS tracker apps, giving him the ability to monitor the locations of tens of thousands of vehicles and even turn off the engines for some of them while they were in motion, Motherboard has learned. (Link)
‒ Car Key Fobs Are Being Rendered Useless by Apple Pencils' Wireless Charging Frequencies: Apple updated its support site to warn second-generation Apple Pencil owners of a new bug that prevents automotive key fobs from working when in the vicinity
of the writing utensil being charged. (Link)
‒ 100 Car2Go Mercedes Hijacked in Chicago Crime Spree: Car2go, the free-floating car-sharing service owned by Daimler, temporarily shut down its service in Chicago on Wednesday after dozens of Mercedes-Benz vehicles were stolen using the app. (Link)
‒ Tens of Thousands of Cars were Left Exposed to Thieves Due to a Hardcoded Password: The maker of a popular vehicle telematics system has left hardcoded credentials inside its mobile apps, leaving tens of thousands of cars vulnerable to hackers. The vulnerability, tracked as CVE-2019-9493, impacts the MyCar telematics system sold by Quebec-based Automobility Distribution. (Link)
‒ Tesla Cars Keep More Data Than You Think, Including This Video of a Crash That Totaled a Model 3: If you crash your Tesla, when it goes to the junk yard, it could carry a bunch of your history with it. That's because the computers on Tesla vehicles keep everything that drivers have voluntarily stored on their cars. (Link)
Auto-ISAC Intelligence
What’s Trending?
Trending
For more information or questions please contact analyst@automotiveisac.com
1126 April 2019TLP Green: May be shared within the Auto-ISAC Community.
Community Speakers
➢ Karl Heimer – CyberAuto/Truck Challenge
➢ Urban Johnson, NMFTA – Heavy Vehicle Cybersecurity Working Group
➢ Ross Froat, American Trucking Association on the ATA Cyberwatch Program
➢ Adnan Baykal, Global Cyber Alliance, Overview of Global Cyber Alliance
➢ Chris Ballinger, CEO and Founder of MOBI, the Mobility Open Blockchain Initiative
Example of Previous Community Speakers
Past Community Call Slides are located at: www.automotiveisac.com/communitycalls/
Featured Speakers
1226 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Welcome to Today’s Speaker
Featured Speaker
Abstract: As we know, we must prepare today’s students to be tomorrow’s workforce, which will
include careers in Cybersecurity. SAE International’s A World in Motion® (AWIM) has recently developed a
middle school program, Cybersecurity: Keeping Our Networks Secure Challenge, as part of their K16
continuum of innovative STEM learning experiences. Through industry engagement with companies
around the world, SAE programs are raising students’ awareness and preparedness for cybersecurity and
other STEM career opportunities. An overview of the Challenge will demonstrate how the AWIM program is
implemented with ease yet yields a high impact.
Amy Smith - the Manager of Pre-College Educational
Programming at SAE International. She oversees the strategic
direction, development, management and delivery of SAE’s PreK-12
formal education programs, including the National Science Board
Award winning A World In Motion® (AWIM) program. Amy leads
numerous initiatives designed to increase STEM engagement and
achievement at the PreK-12 level. These initiatives include,
Cybersecurity, software development, automated technologies and
other integrated workforce development themes. In addition, Amy is
proud to manage a staff whose purpose and passion is to increase the
number of students who pursue educational and career paths in
STEM-related fields, provide critical age-appropriate skill
development, and enhance teacher professional development.
SAE Foundation’s
A World In Motion®
Cybersecurity: Keeping Our
Networks Secure Challenge
What is STEM?
• Much more than
an acronym
• Enables students
to use
conceptual
knowledge to
develop solutions
to real world
problems in a
practical matter
SAE Foundation’s
mission is to inspire
every student, to
spark curiosity, to
create a world where
STEM education can
nourish minds and
awaken dreams.
SAE is committed to
helping students
succeed, educators
excel and
corporations achieve
their business goals.
WHY STEM EDUCATION?
By the time these students are in 4th grade, 1/3 have “lost an interest in science”
X X X X X X X X
X X X X X X X X X X X X
By the 8th grade, “50% of students have deemed science irrelevant to their
education or future plans”
X X X X X X X X X X X X X X X X XBy the time they graduate high school, “only 32% are qualified to attend 4-year colleges”
Let’s start the conversation considering a Kindergarten class of 24 students…
SAE’s Programs:
• Excite and engage students Pre-K through college
• Connect students with professionals
• Make students aware of and prepared for global careers
• Fulfill the growing demand for skilled science and
engineering professionals
Building the Next-Generation Workforce
Why STEM Education Matters
• Nearly 3.7 million U.S. jobs in STEM fields unfulfilled
• Compared to other developed countries (World
Economic Forum), the U.S. ranks:
o 28th in Educational System Quality;
o 38th in Primary Education Quality; and
o 47th in Math & Science Education Quality
SAE's Educational Programs
TRUE educational reform through A World In Motion…
Building
Community
Through
Education
Company/
Corporation
School
District(s)
Community Reform for Workforce Development
SAE’S ROLE IN OUR PARTNERSHIP
Educational Initiatives
STEM Volunteers
School Administration
• Curriculum & Program
Development
• Curriculum Standards Alignment
• Program Support
• Professional Training
• Materials (Orders/Shipping)
• Relationship Building
• Building Local Community Events
Teachers/Staff
Company/Corporation School District(s)
Critical
Thinking
Engineering
Design
ExperienceTeamwork &
Collaboration
Inquiry & Analysis Project
Management
Communication
A World In Motion (AWIM)
Set Goals
Build Knowledge
Design
Test
Present
The Engineering Design Experience
AWIM Series at a Glance
Primary Series (K-3)
• Rolling Things
• Pinball Designers
• Engineering Inspired By Nature
• Straw Rockets
Elementary Series
(4 – 6)• Skimmer
• JetToy
• Gravity Cruiser
• Programming Each Other*
Middle School Series
(6 – 8)
• Gravity Cruiser
• Glider
• Motorized Toy Car
• Fuel Cell
• Cybersecurity: Keeping Our Networks Secure
*Currently under development
WHAT HAS AWIM ENABLED IN LOCAL COMMUNITIES?
More than a “fun experience”… TRUE performance results.
The A World In Motion Program delivers results that help build a qualified STEM workforce.
Teachers Report:
94%
91% 88
%
84% 84
%
81%
Increased
interest in
exploring
math and/or
science
concepts
Increased
awareness
of the
engineering
profession
Understanding
of the
engineering
profession
Interest in
an
engineering
career
Increased
excitement
or
decreased
intimidation
toward
learning
science
Change of
attitude
toward math
and/or
science
72%
Significant
increase in
the math
and/or
science
scores
• First of its kind IT/Cybersecurity curriculum• Developed through cutting-edge classroom-based research• Designed to create opportunities to help change the course of IT
education in the United States, making it easy for educators to integrate IT content into their teaching at the elementary and middle school levels
• Aligned explicitly to:• CSTA K–12 Computer Science Standards • Next Generation Science Standards• Common Core Math and ELA Standards
Why Cybersecurity?
• Development completed at end of 2017• Released end of 2017, implemented within multiple GM communities spring 2018• Releasing within additional communities fall 2018
• Throughout this challenge, students deepen their understanding of the architecture of the internet and how it was designed to withstand both physical and electronic attacks as they:
• Explore physical models that simulate the movement of information through the internet
• Identify problems with each model and test different enhancements to help make the network operate more efficiently
• Investigate the two basic components of securing data and systems: encryption and authentication
• After learning about these key attributes of cybersecurity, students create marketing materials to inform purchasers of self-driving cars about the important steps implemented by a fictional car company, Jupiter Motors, to keep its car systems safe and secure.
Cybersecurity: Keeping Our Networks Secure
Cybersecurity: Keeping Our Networks Secure – Introducing the Challenge
❑ How information flows through the internet❑ How the internet keeps information flowing in case of failure❑ How information is kept secure—both where it is stored and while it is being transmitted❑ How systems know what information and data can be trusted
Cybersecurity: Keeping Our Networks Secure – Students Model the Internet
• TCP (TRANSMISSION CONTROL PROTOCOL) and IP (INTERNET PROTOCOL)
• Hands-on simulations using physical classroom models help students better
understand how messages are addressed and routed on the internet and how
the internet is able to overcome system failures.
Cybersecurity: Keeping Our Networks Secure – Students Develop a Map
• Students develop a map that represents how messages are sent via the Internet,
while considering its architecture and how this understanding impacts their work on
the Jupiter Motors marketing project.
Cybersecurity: Keeping Our Networks
Secure – Deciphering Messages
• One way that ancient people secured their messages was by using cryptography, the
art of writing and then deciphering codes.
Scytale (Transposition Cipher)
Cipher Wheel (Substitution Cipher)
David Schutt’s Response
• “Every new advance and innovation in technology comes with the opportunity to
benefit of society, but so often the threat of malicious misuses,” David L. Schutt, PhD,
Chief Executive Officer of SAE International, said.
• “SAE is committed to helping improve society and as a part of that is educating
students on the secure use of today’s advancing and ever-evolving technologies. The
entire nation is relying on cybersecurity education to secure our precious
infrastructure and to protect our privacy. This education starts with the youngest
learners and is possible through the support of our industry partners, like GM.”
Teacher Quotes and Reflections
• “The students really enjoyed the scytale and cipher wheel activities for encrypting and
decrypting a message. We do a similar (but simpler) activity in our gifted curriculum
when they are younger, so it was easy to make connections. I personally really
appreciated the Public Key Cryptography video and its explanation of how the public
key and private key work together using the analogy of mixing colors – I was having a
hard time seeing how the private key could be sent and stay private, but that video
really clarified the concept!”
• “The students jumped into this assignment whole heartedly and here is an example of
some of their work http://jupitermotors.strikingly.com/. This student created website
was part of their marketing campaign. This team also included a flyer and newspaper
advertisements where they discussed 256 bit encryption, security updates, and how
the vehicle could save thousands of lives by eliminating human error. Overall it was
an excellent experience for the students. Thank you!”
Student Quotes and Reflections
• Learning about Cybersecurity was pretty fun, including learning about the internet and
trying to convince Jupiter Motors to use our plan, but the best part was learning about
the scytales! That part was awesome! We got to encrypt and decrypt messages and
use the cipher wheel, it was awesome!
• This unit was really cool because I always saw the internet as a giant mystery and
now I know so much about it and it will help me a lot in my future.
• I learned what the internet is, how it processes information, and who owns it (no
one/everyone). We also learned how to decode using different ways.
• I like how it explains something so complicated in a simple way.
• It was cool, especially the scytale and cipher wheel part when we deciphered each
other’s messages. I liked learning about the internet because I never thought it
worked like that, especially the public and private key. I loved this lesson although I
was a bit nervous about presenting our ideas.
Student Photos
SAE’s STEM Programs:
• Reach ALL students
• Innate curiosity
• Establish a foundation for
future engagement
WHY PARTNER WITH SAE FOUNDATION?
Please contact us at:
sae.org/learn/education
1.800.457.2946
www.SAEFoundation.org
724-814-2411
Interested in Learning More or Starting an AWIM
Program?
3926 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Open Discussion
Around the Room
Any questions about the
Auto-ISAC or future topics
for discussion?
4026 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Connect with us at upcoming events:SANS Cloud Security Summit & Training April 29- May 6, San Jose, CA
Auto-ISAC Community Call*** May 1, Telecon
Global Privacy Summit May 2-3, Washington, DC
Integrated Cyber May 2-3, Laurel, MD
Auto-ISAC European Region Event*** May 3, Munich, Germany
THOTCON May 3-4, Chicago, IL
ATA Mid-Year Management Session May 5-8, Scottsdale, AZ
SANS Security West May 7-14, San Diego, CA
IoT World 2019 May 13-16, Santa Clara, CA
Internet Technology Exchange (ITX) 2019*** May 13-15, Austin, TX
Converge Conference 2019 May 16-17, Detroit, MI
NMFTA Heavy Vehicle Cybersecurity Meeting*** May 19-21, Alexandria, VA
IEEE Symposium May 20-22, San Francisco, CA
Automotive News Europe Congress May 21-22, Gothenburg, Sweden
Autonomous Vehicle World Expo May 21-23, Stuttgart, Germany
Event Outlook
**For full 2018 calendar, visit www.automotiveisac.com
Closing Remarks
4126 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Closing Remarks
If you are an OEM, supplier or commercial
vehicle company, now is a great time to join
Auto-ISAC!
How to Get Involved: Membership
To learn more about Auto-ISAC Membership or Partnership,
please contact Kim Kalinyak (kimkalinyak@automotiveisac.com).
➢ Real-time Intelligence
Sharing
➢ Development of Best Practice
Guides
➢ Intelligence Summaries ➢ Exchanges and Workshops
➢ Regular intelligence
meetings
➢ Tabletop exercises
➢ Crisis Notifications ➢ Webinars and Presentations
➢ Member Contact Directory ➢ Annual Auto-ISAC Summit Event
4226 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Strategic Partnership Programs
NAVIGATORSupport Partnership
- Provides guidance and
support
- Annual definition of
activity commitments
and expected outcomes
- Provides guidance on
key topics / activities
INNOVATORPaid Partnership
- Annual investment
and agreement
- Specific commitment
to engage with ISAC
- In-kind contributions
allowed
COLLABORATORCoordination
Partnership- “See something, say
something”
- May not require a formal
agreement
- Information exchanges-
coordination activities
BENEFACTORSponsorship
Partnership - Participate in monthly
community calls
- Sponsor Summit
- Network with Auto
Community
- Webinar / Events
Solutions
Providers
For-profit companies
that sell connected
vehicle cybersecurity
products & services.
Examples: Hacker ONE,
SANS, IOActive
Affiliations
Government,
academia, research,
non-profit orgs with
complementary
missions to Auto-ISAC.
Examples: NCI, DHS,
NHTSA
Community
Companies interested
in engaging the
automotive ecosystem
and supporting -
educating the
community.
Examples: Summit
sponsorship –
key events
Associations
Industry associations
and others who want
to support and invest
in the Auto-ISAC
activities.
Examples: Auto Alliance,
Global Auto, ATA
Closing Remarks
4326 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
➢Focused Intelligence Information/Briefings
➢Cybersecurity intelligence sharing
➢Vulnerability resolution
➢Member to Member Sharing
➢Distribute Information Gathering Costs across the Sector
➢Non-attribution and Anonymity of Submissions
➢Information source for the entire organization
➢Risk mitigation for automotive industry
➢Comparative advantage in risk mitigation
➢Security and Resiliency
Auto-ISAC Benefits
Securing Across the Auto Industry
Closing Remarks
4426 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Our contact info
Faye FrancyExecutive Director
20 F Street NW, Suite 700Washington, DC 20001
703-861-5417
fayefrancy@automotiveisac.com
Kim KalinyakMembership Engagement
Lead
20 F Street NW, Suite 700Washington, DC 20001
240-422-9008
kimkalinyak@automotiveisac.com
Josh PosterProgram Operations
Manager
20 F Street NW, Suite 700Washington, DC 20001
joshposter@automotiveisac.com
Jessica EttsSenior Intel Coordinator
20 F Street NW, Suite 700
Washington, DC 20001
jessicaetts@automotiveisac.com