16 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Hi All,
Please find attached the Weekly Automotive Industry Report covering April 3April 8.
This week’s report includes articles on:
Toyota partnering with Microsoft on a new cloud-based division led by the CIO,
that builds chips for self-driving cars,
Hyundai unveiling its connected vehicle “roadmap,” and,
Toyota planning to open a new autonomous vehicle research center in Michigan.
You can find past reports on site.
Please let me know if you have any questions. Have a great weekend.
Josh
Auto-ISACMonthly Community Call
11 July 2018
Audio: 1-877-885-1087 Code: 9972152385
Skype link: https://autoisac.adobeconnect.com/communitycall/
TLP Green: May be shared within Auto-ISAC Community.
26 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Agenda
Time (ET) Topic
10:00
Welcome
Why we’re here
Expectations for this community
10:10
Auto-ISAC Update
Auto-ISAC overview
Heard around the community
10:20
Featured Speakers
Justin Cappos, Professor at New York University
Sebastien Awwad, Lead Developer for Uptane
10:45Around the Room
Sharing around the virtual room
10:55 Closing Remarks
36 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Welcome to our community!
Welcome
Purpose: These monthly Auto-ISAC Community Meetings are an opportunity for you,
our Members and connected vehicle ecosystem stakeholders, to:
Stay informed of Auto-ISAC activities
Share information on key vehicle cybersecurity topics
Participants: Auto-ISAC Members, Potential Members, Partners, Academia, Industry
Stakeholders, and Government Agencies
Classification Level: TLP Green, and “off the record”
Agenda: Each meeting will have three core segments: 1) Auto-ISAC Update: Our operations team will overview key activities, outcomes, and intel trends
2) Featured Speaker: We will invite an industry leader to share relevant topics of interest. Content
featured on the Auto-ISAC Community Call is not considered an endorsement. Speakers are
selected based on their relevant content and experience for the broader community.
3) Closing Remarks: An Auto-ISAC leader will open up for comments and sum up key takeaways
How to Connect: For further info, questions, or to add other POCs to the invite, please
contact Auto-ISAC Membership Engagement Lead Kim Kalinyak
46 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Expectations for this community
Share – “If you see something, say something!”
Submit threat intelligence
Send us information on potential vulnerabilities
Contribute incident reports and lessons learned
Provide best practices around mitigation techniques
Participate
Participate in monthly virtual conference calls (1st Wednesday)
If you have a topic of interest, connect with our Membership Engagement
Lead, Kim Kalinyak – [email protected], to apply for a
speaking opportunity at one of these calls
Join
If your organization is eligible, apply for Auto-ISAC membership
If you aren’t eligible for membership, connect with us as a partner
Welcome
56 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Our 2018 BoD Leadership
Jeff Massimilla
Auto-ISAC
Chairman
General Motors
Tom Stricker
Auto-ISAC Vice
Chairman
Toyota
Mark Chernoby
Auto-ISAC
Treasurer
FCA
Steve Center
Auto-ISAC
Secretary
Honda
Jeff Stewart
Affiliate Advisory
Board Chairman
AT&T
Jeff Stewart
Affiliate Advisory
Board Chair
AT&T
Geoff Wood
Affiliate Advisory
Board Vice Chair
Harman
Bob Kaster
Supplier Affinity Group
Chair
Bosch
2018 AAB
Leadership
66 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC Program Operations Team
Faye Francy, Executive Director
Josh Poster, Program Operations
Manager
Jessica Etts, Senior Intel
Coordinator
Kim Kalinyak, Membership
Engagement Lead
Candice Burke, Business and
Executive Administrator
E:
Heather Rosenker,
Communications (Auto-Alliance)
Julie Kirk, Finance
Auto-ISAC Staff
Staff Updates
76 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC Support Staff
Auto-ISAC Support Team
Denis Cosgrove,
Senior Associate, BAH
Meredith Shaw,
Program Manager
Pat Ruff, System Admin,
BAH
Michele David, Intel Lead, BAH
Linda Rhodes, Legal
Council, Mayer Brown
Sudharson Sundararajan, Best
Practices Lead, BAH
Rob Geist, Accountant, Tate
and Tryon
Sarah Kelch, Portal Lead
Support Updates
86 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC overview
Mission Scope
Serve as an unbiased information broker to
provide a central point of coordination and
communication for the global automotive
industry through the analysis and sharing of
trusted and timely cyber threat information.
Light- and heavy-duty vehicles, commercial
vehicle fleets and carriers. Currently, we are
focused on vehicle cyber security, and
anticipate expanding into manufacturing
and IT cyber related to the vehicle.
900+community members
Membership represents 99%of cars on the road in North America
200+active users
Members from 7 countries
on 3 continents
19 OEM members
Coordination with 23critical infrastructure ISACs
through the National ISAC Council
160+intel reports
200+media mentions
6+ partners
50+speaking
engagements
4 Best Practice
Guides complete,3 more planned
28 supplier &
commercial vehicle members
Auto-ISAC Update
96 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Recent activities
Auto-ISAC Update
What we do
Highlights of key activities in June
Auto- ISAC hired a Business and Executive Administrator, Candice Burke. Welcome
Candice!
Auto-ISAC and BPWG started developing the Best Practice Guide #6 on Threat
Detection and Analysis.
Auto-ISAC continued planning our Annual Summit happening in September 2018
Auto-ISAC attended the TU Automotive Summit in Detroit, MI.
106 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Auto-ISAC Update
Heard around the community
CyberTruck Challenge
June 11-15, 2018 • Hosted at Macomb Community College in
Warren, MI.
• Event had two-phases including:
• Hands on training for engineering
and computer science students
understand practical aspects of
heavy vehicle networks,
telematics, and diagnostic
systems.
• Cybersecurity analysis
assessments on available
devices and assets that provided
sponsors with great value
through observing and
interacting with assessment
teams.
• Students attending the challenge came
from various universities including:
Colorado State University, Arizona State
University, and Virginia Tech.
TU Automotive
June 6-7, 2018
• World’s largest conference and expo for future
automotive technology with 4000 attendees.
• Executive Director, Faye Francy monitored a
panel with representatives from GM, Harman,
and Continental that highlighted:
• The mission of Auto- ISAC
• How Auto-ISAC operates
• The different engagement opportunities
available.
ITS America
June 5-7, 2018
• Executive Director, Faye Francy was a participant
in the Cyber Security and Risk Management Panel
along with representatives from the State of
Michigan and New York City Department of
Transportation.
116 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Information Sharing
Activity of Interest– what’s
happening around the industry
Topic Description
Fault injection as a technique to
bypass the security of diagnosis
protocol implementations
Reseachers from Riscure prove that it is possible for an attacker to inject
faults and bypass the UDS authentication, obtaining access to the internal
Flash and SRAM memories of the targets. By analyzing the dumped
firmware, the keys and algorithm that protect the UDS are extracted, giving
full access to the diagnosis services without requiring the use of fault
injection techniques. Riscure shared their research findings for the first time
at Escar 2018 on June 20-21. To read Riscures entire findings, visit
https://www.riscure.com/publication/fault-injection-automotive-diagnostic-
protocols/#jump-to
TLBleed: When Protecting Your
CPU Caches is not Enough
Security Researchers from VU University will present findings at DEF CON
2018 regarding TLBleed, a novel side-channel attack that leaks information
out of Translation Lookaside Buffers (TLBs). The exploit successfully leaks a
256-bit EdDSA key from cryptographic signing code, which would be safe
from cache attacks with cache isolation turned on, but would no longer be
safe with TLBleed. Further, they will show how another exploit based on
TLBleed can leak bits from a side-channel resistant RSA implementation.
This talk contains details about the architecture and complex behavior of
modern, multilevel TLB's on several modern Intel microarchitectures that is
undocumented, and will be publically presented for the first time.
https://www.blackhat.com/us-18/briefings/schedule/#tlbleed-when-protecting-
your-cpu-caches-is-not-enough-10149
Blackhat & DEF CON
Blackhat and DEF CON will take place on August 4-9 and 9-12 respectively.
Both are general cybersecurity/information security conferences, they will
feature talks related to the automotive industry.
https://defcon.org/html/defcon-26/dc-26-index.html,
https://www.blackhat.com/us-18/
126 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Connect with us at upcoming events:
Nuit du Hack June 30- July 1, Paris, France
Auto-ISAC Community Call *** July 11, Virtual Telecon
Auto- ISAC Member Analyst Workshop*** July 17-18, Plano, TX
Auto-ISAC Board of Directors Meeting *** July 19, Plano, TX
SAE CyberAuto Challenge™ July 22- 27, Detroit, MI
Event outlook
Auto-ISAC Update
For full 2018 calendar, visit www.automotiveisac.com
136 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Speaker series overview
Featured Speaker
Why do we feature speakers?
These calls are an opportunity for information exchange
Our goal is to help the vehicle cyber community mature
What does it mean to be featured?
We try to balance perspectives across our ecosystem—including
government, academia, research, industry associations, security solutions
providers—to showcase a rich, balanced variety of topics and viewpoints
throughout the year
Featured speakers are not endorsed by Auto-ISAC
Featured speakers do not speak on behalf of Auto-ISAC
How can I be featured?
If you have a topic of interest you would like to share with the
broader Auto-ISAC Community, then we encourage you to contact
our Membership Engagement Lead, Kim Kalinyak
146 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Welcome to today’s speakers
Featured Speaker
Abstract: Uptane is the first compromise-resilient software update security system for the automotive industry. Unlike
other software update security systems (e.g., OMA-DM, SSL / TLS, signing updates with a single offline GPG / RSA key,
etc.), it addresses a comprehensive threat model. It is designed to make it extremely difficult for attackers to be able to
install malware on all vehicles maintained by a manufacturer, even if attackers have compromised some keys used to sign
updates. At the same time, Uptane has been designed to be extremely flexible, so as to accommodate a wide variety of
deployment scenarios, and allows on-demand customization of updates installed on vehicles.
Justin Cappos is a professor in the Computer Science and Engineering department
at New York University. His research advances are adopted into production use by
Docker, git, Python, VMware, automobiles, Cloudflare, Digital Ocean, and most Linux
distributions. His Uptane project is integrated into Automotive Grade Linux and
is being deployed for secure over-the-air updates by major automakers. His TUF
project, which focuses on secure software distribution, was recently adopted by the
Linux foundation and was the first cloud security technique standardized. Due to the
practical impact of his work, Justin was named to Popular Science's Brilliant 10 list in
2013.
Sebastien Awwad is the lead developer for Uptane and a developer for The Update
Framework. He has spent the past several years working on the security of software
update systems. In the past, he's worked on real-time experimental systems, banking
software, and computational neuroscience.
UptaneSecuring Over-the-Air Updates
Justin Cappos
New York University
What do these companies have in
common?
What do these companies have in
common?
Users attacked via software
updater!
Software repository compromise
impact
• SourceForge mirror distributed malware.• Attackers impersonate Microsoft
Windows Update to spread Flame malware.
• Attacks on software updaters have massive impact• E.g. South Korea faced 765 million dollars in
damages.• NotPetya spread via software updates!
The modern automobile
Ex
ha
ust
Engine Control Unit
TCU
Transmission
Brake LineABS
Airbag Control Unit
Body ControllerLocks/Lights/Etc
Radio
Telematics _
Internet/PSTN
HVAC
Keyless Entry
Anti-Theft
19
◼ Researchers have made some scary attacks against vehicles
▪ remotely controlling a car's brakes and steering while it's driving
▪ spontaneously applying the parking brake at speed
▪ turning off the transmission
▪ locking driver in the car
Cars are multi-ton, fast-moving weapons
People will die
Cars Are Dangerous
Updates Are Inevitable
◼ Millions of lines of code means bugs◼ Regulations change -> firmware must change◼ Maps change◼ Add new features◼ Close security holes◼ Cars move across borders…
Updates Must Be Practical
◼ Updating software/firmware has often meant recalls.
◼ Recalls are extremely expensive
▪ GM spent $4.1 billion on recalls in 2014
▪ GM's net income for 2014 was < $4 billion
▪ People do not like recalls.
◼ Updates must be over the air.
◼ Update -> Control
Updates Are Dangerous
◼ Nation-state actors pull off complex attacks
▪ Must not have a single point of failure
Secure Updates
What to do?
Must update to fix security issues
Insecure update mechanism is a new security problem
“...No one Can Hack My Mind”:
Comparing Expert and Non-
Expert Security Practices
Ion, et al. SOUPS 2015
What are some of the attacks?
Attacks
Arbitrary software attack
Repository
Is there an update?
Here is an update...
ECU-1
v.10ECU-1
v.12
27
ECU-1
v.Evil
Freeze attack
Is there an update?
Same old, same old!
ECU-1
v10ECU-1
v12
Repository
28
ECU-1
v10
Rollback attack
Is there an update?
Here is an update
ECU-1
v10
ECU-1
v1
ECU-1
v12
Repository
29
Slow retrieval attack
Is there an update?
Y … e … a … h … …
ECU-1
v10ECU-1
v12
Repository
30
Mix and Match attacks
Is there an update?
Here is an update
ECU-1
v10
ECU-2
v10
Bundle-2
ECU-1
v12
ECU-2
v12
Repository
31
ECU-2
v12
ECU-1
v11
Partial Freeze attack
Is there an update?
Here is an update
ECU-1
v10
ECU-2
v10
Bundle-2
ECU-1
v12
ECU-2
v12
Repository
32
ECU-2
v12
ECU-1
v12
So how do people try to prevent these
attacks?
Update Basics
Repository
Clientxyz.tgz, pls
xyz.tgz
Inadequate Update Security 1: TLS/SSL
Repository
Clientxyz.tgz, pls
xyz.tgz
Traditional solution 1:
Authenticate the repository (TLS, SSL, etc)
Certificate
Authority
Key XYZ
speaks for
domain
repo.net
XYZ
Inadequate Update Security 2: TLS/SSL
Repository
Clientxyz.tgz, pls
xyz.tgz
Transport Layer Security: Problem 1
Certificate
Authority
Key XYZ
speaks for
domain
repo.net
XYZClient has to trust all of these
Certificate Authorities
Inadequate Update Security 3: TLS/SSL
Repository
Clientxyz.tgz, pls
xyz.tgz
Transport Layer Security: Problem 2
Certificate
Authority
Key XYZ
speaks for
domain
repo.net
XYZ
Client has to trust this key.
… which HAS to exist ON the repository, to
sign communications continuously.
Client has to trust this key
Inadequate Update Security 4: Just Sign!
Repository
Clientxyz.tgz, pls
xyz.tgz
Traditional Solution 2:
Sign your update package with a
specific key.
Updater ships with corresponding
public key. XYZ
… used for every update to the repository.
… key ends up on repo or build farm.
If an attacker gains the use of this key, they
can install arbitrary code on any client.
Update Security
Repository
Clientxyz.tgz, pls
xyz.tgz
We need:
● To survive server compromise with the
minimum possible damage.
○ Avoid arbitrary package attacks
● Minimize damage of a single key being
exposed
● Be able to revoke keys, maintaining trust
● Guarantee freshness to avoid freeze attacks
● Prevent mix and match attacks
● Prevent rollback attacks
● Prevent slow retrieval attacks
● ...
Must not have single point of failure!
TUF goal “Compromise Resilience”
● TUF secures software update files
● TUF emerges from a serious threat model:
○ We do NOT assume that your servers are perfectly secure
○ Servers will be compromised
○ Keys will be stolen or used by attackers
○ TUF tries to minimize the impact of every compromise
The Update Framework (TUF)
Linux Foundation CNCF project
CII Best Practices Silver Badge
Responsibility Separation
timeliness
Root of trust
content consistency
41
The Update Framework (TUF)
TUF Roles Overview
Timestamps
(timeliness)
Root
(root of trust)
Snapshot
(consistency)
Targets
(integrity)
42
The Update Framework (TUF)
Repository
Clientxyz.tgz, pls
xyz.tgz
The Update Framework (TUF)
Role metadata (root, targets, timestamp, snapshot)
The modern automobile
Ex
ha
ust
Engine Control Unit
TCU
Transmission
Brake LineABS
Airbag Control Unit
Body ControllerLocks/Lights/Etc
Radio
Telematics _
Internet/PSTN
HVAC
Keyless Entry
Anti-Theft
44
Automobiles present particular difficulties.
● Timeserver
● Multiple Repositories: Director and Image Repository
● Manifests
● Primary and Secondary clients
● Full and Partial verification
Uptane builds on The Update Framework (TUF)
Uptane: Client-side Basics
Primary
Client
SecondarySecondary
SecondarySecondary
Secondary
Secondary
Secondary
Secondary
Secondary
Secondary
Secondary
Secondary
Cell Network
Uptane: High level view
Image
Repository
(Section 5)
Director
Repository
(Section 6)
Director
Full Verification
(FV)
Secondary
Partial
Verification
(PV)
SecondaryPrimary
ECU
Time Server
(Section 7)
Inventory
Database
Vehicle
(Section 8)
FV
Secondary
PV
Secondary
metadata
& images
…
vehicle
manifests
…
Time server
48
Time server
● A primary sends a list of
tokens, one for each ECU, to
the time server.
● An automated process on the
time server returns a signed
message containing: (1) the
list of tokens, and (2) the
current time.
Automated
process
time
server
vehicle
Primary
(1)
sends
list of
tokens
(2)
receives
signed current time
& list of tokens
49
Image repository
50
The image repository
targets
A
snapshottimestamp
root
OEM-managed supplier-managed
Metadata
B
CD
E
B*.img
signs metadata for
signs root keys for
delegates images to
signs for images
● When possible, OEM
delegates updates for
ECUs to suppliers.
● Delegations are flexible,
and accommodate a
variety of arrangements.
A1.img
B3.img
CA5.img
CB2.img
51
Director repository
52
Director repository
● Records vehicle version
manifests.
● Determines which ECUs
install which images.
● Produces different
metadata for different
vehicles.
● May encrypt images per
ECU.
● Has access to an
inventory database.
Automated
process
Inventory
database
timestamp
metadata(3)
w
r
i
t
e
s(2) reads & writes
encrypted
image
snapshot
metadata
targets
metadata
repository
vehicle
Primary
(1)
sends
vehicle
version
manifest
(4)
receives
link to
timestamp
metadata
53
Big picture
54
Image
Repository
(Section 5)
Director
Repository
(Section 6)
Director
Full Verification
(FV)
Secondary
Partial
Verification
(PV)
SecondaryPrimary
ECU
Time Server
(Section 7)
Inventory
Database
Vehicle
(Section 8)
FV
Secondary
PV
Secondary
metadata
& images
…
vehicle
manifests
…
Uptane workflow
on vehicle
55
Downloading updates (1)
● Primary receives an ECU Version
Manifest and a nonce from each
Secondary.
● Primary produces Vehicle Version
Manifest, a signed record of what
is installed on Secondaries
● Primary sends VVM to Director
● Primary sends nonces to
Timeserver
56
Downloading updates (2)
● Timeserver returns the signed [time
and nonces] to the Primary.
57
Downloading updates (3)
● The primary downloads metadata
from both the Director and Image
repositories on behalf of all ECUs
● The primary performs full
verification of metadata on behalf of
all secondaries.
58
Full verification
1. Load the latest downloaded time from the time server.
2. Verify metadata from the director repository.a. Check the root metadata file.
b. Check the timestamp metadata file.
c. Check the snapshot metadata file.
d. Check the targets metadata file.
3. Download and verify metadata from the image repository.a. Check the root metadata file.
b. Check the timestamp metadata file.
c. Check the snapshot metadata file, especially for rollback attacks.
d. Check the targets metadata file.
e. For every image A in the director targets metadata file, perform a preorder depth-first search
for the same image B in the targets metadata from the image repository, and check that A = B.
4. Return an error code indicating a security attack, if any. 59
Partial verification
1. Load the latest downloaded time from the time server.
2. Load the latest top-level targets metadata file from the director
repository.a. Check for an arbitrary software attack. This metadata file must have been signed by a
threshold of keys specified in the previous root metadata file.
b. Check for a rollback attack.
c. Check for a freeze attack. The latest downloaded time should be < the expiration timestamp in
this metadata file.
d. Check that there are no delegations.
e. Check that every ECU identifier has been represented at most once.
3. Return an error code indicating a security attack, if any.
60
Uptane status / wrap up
61
Uptane “Reference” Implementation
● Goal: Assist other implementers
○ Code readability is a primary goal
● Not the most popular implementation in practice (by design)
○ Readability > performance / implementation size
■ Most TUF deployments do not use the reference implementation
○ Useful as a reference, conformance testing, etc.
● Open source, free to use (MIT License)
○ Other groups are free to contribute!
62
Security Reviews
Reviews of implementations and design:
○ Cure53 audited ATS's Uptane implementation
○ NCC Group audited Uptane's reference implementation
(pre-TUF fork)
○ SWRI finalizing Uptane reference implementation /
specification audit
○ ...
63
Work closely with vendors, OEMs, etc.
● Security reps from 78% of cars
● Many top suppliers / vendors
○ ~12-35% of cars on US roads
● Automotive Grade Linux
● OEM integrations
○ Easy to integrate!
Uptane Integration
Press
○ Dozens of articles
○ TV / Radio / Newspapers / Magazines
65
Get Involved With Uptane!
● Workshops
● Technology demonstration
● Compliance tests
● Standardization ( IEEE / ISTO )
● Join our community! (email: [email protected] or go to the Uptane forum)
https://uptane.github.io/
66
67
For more details, please see the
Implementation Specification and other
documentation at uptane.github.io
686 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Open discussion
Around the Room
What questions or topics would you like to address?
696 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Closing Remarks
If you are an OEM, supplier or commercial vehicle company,
now is a great time to join Auto-ISAC. Key benefits this year include:
How to get involved: Membership
To learn more about Auto-ISAC Membership or Partnership,
please contact Kim Kalinyak ([email protected]).
• Real-time Intelligence Sharing
• Intelligence Summaries
• Crisis Notifications
• Member Contact Directory
• Development of Best Practice Guides
• Exchanges and Workshops
• Webinars and Presentations
• Annual Auto-ISAC Summit Event
706 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Strategic Partnership Programs
NAVIGATORSupport Partnership
- Provides guidance and
support
- Annual definition of
activity commitments
and expected outcomes
- Provides guidance on
key topics / activities
INNOVATORPaid Partnership
- Annual investment
and agreement
- Specific commitment
to engage with ISAC
- In-kind contributions
allowed
COLLABORATORCoordination
Partnership- “See something, say
something”
- May not require a formal
agreement
- Information exchanges-
coordination activities
BENEFACTORSponsorship
Partnership - Participate in monthly
community calls
- Sponsor Summit
- Network with Auto
Community
- Webinar / Events
Solutions
Providers
For-profit companies that
sell connected vehicle
cybersecurity products &
services.
Examples: Hacker ONE,
SANS, IOActive
Affiliations
Government, academia,
research, non-profit orgs
with complementary
missions to Auto-ISAC.
Examples: NCI, A-ISAC,
DHS, NHTSA
Community
Companies interested in
engaging the automotive
ecosystem and supporting
- educating the community.
Examples: Summit
sponsorship –
key events
Associations
Industry associations and
others who want to
support and invest in the
Auto-ISAC activities.
Examples: Auto Alliance,
Global Auto, ATA
Strategic Partners
This document is Auto-ISAC Sensitive and Confidential. 716 July 2018
Strategic Partnership Programs
Research
Some partners share white papers and research
projects—on threats & vulnerabilities—with our members.
Webinars
We are open to partners presenting at our Community
Town Halls, with audience including members & beyond.
Branding on the Auto-ISAC Website
Partner names and/or logos will be featured on the Auto-ISAC public-facing website.
Community Town Halls
We invite you to monthly calls featuring experts across the
connected vehicle ecosystem.Member Discounts
Some partners promote discounts or special offers for
services (e.g. conferences, software licenses).
Other
We are open to other types of in-kind support (e.g.
training, infrastructure support) based on your expertise.
Intel Sharing
Some partners submit relevant data, insights and papers
addressing threats against the automotive industry.
Annual Executive Call
Our executives will host a call once a year for all Members
and partners to present our strategic goals and priorities.
Summit Booth Priority
Partners will receive priority booth selection at future
Auto-ISAC Summits.
Access to Auto-ISAC Reports
Our partners receive Auto-ISAC TLP Green/White reports and special reports at Auto-ISAC’s discretion.
Ac
tivit
ies
Be
ne
fitsFuture Plans
726 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Our contact info
Faye FrancyExecutive Director
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20003
703-861-5417
Kim KalinyakMembership Engagement
Lead
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20003
240-422-9008
Josh PosterProgram Operations
Manager
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20003
736 July 2018TLP Green: May be shared within the Auto-ISAC Community.
Our contact info
Meredith ShawTransition Support
Booz Allen Hamilton Inc.
901 15th Street Northwest
Washington, DC 20005
703-377-9853
M Michele DavidIntel Coordinator
Booz Allen Hamilton Inc.
901 15th Street Northwest
Washington, DC 20005
Jessica EttsSenior Intel Coordinator
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20003
Candice BurkeBusiness and Executive
Administrator
Booz Allen Hamilton Inc.
20 M Street SE
Washington, DC 20003
m