12 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Auto-ISAC
Monthly Community Call
3 April 2019
22 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Agenda
Time (ET) Topic
11:00
Welcome
➢ Why we’re here
➢ Expectations for this community
11:10
Auto-ISAC Update
➢ Auto-ISAC overview
➢ Heard around the community
➢ What’s Trending
11:20
Featured Speakers
➢ Chris Ballinger, CEO and Founder of MOBI, the Mobility
Open Blockchain Initiative
11:45Around the Room
➢ Sharing around the virtual room
11:55 Closing Remarks
Welcome
32 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Welcome - Auto-ISAC Community Call!
Welcome
Purpose: These monthly Auto-ISAC Community Meetings are an
opportunity for you, our Members & connected vehicle ecosystem
partners, to:
✓ Stay informed of Auto-ISAC activities
✓ Share information on key vehicle cybersecurity topics
✓ Learn about exciting initiatives within the automotive
community from our featured speakers
Participants: Auto-ISAC Members, Potential Members, Partners,
Academia, Industry Stakeholders, and Government Agencies
Classification Level: TLP GREEN: may be shared within the Auto-
ISAC Community, and “off the record”
How to Connect: For further info, questions, or to add other POCs to
the invite, please contact Auto-ISAC Membership Engagement Lead Kim
Kalinyak ([email protected])
42 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Engaging in the Auto-ISAC Community
❖ Join❖ If your organization is eligible, apply for Auto-ISAC membership
❖ If you aren’t eligible for membership, connect with us as a partner
❖ Get engaged – “Cybersecurity is everyone’s responsibility!”
❖ Participate❖ Participate in monthly virtual conference calls (1st Wednesday of month)
❖ If you have a topic of interest, connect our Membership Engagement
Lead, Kim Kalinyak – [email protected]
❖ Engage & ask questions!
❖ Share – “If you see something, say something!”❖ Submit threat intelligence or other relevant information
❖ Send us information on potential vulnerabilities
❖ Contribute incident reports and lessons learned
❖ Provide best practices around mitigation techniques
Welcome
4Innovator Partners
19Navigator Partners
Coordination with 23critical infrastructure ISACs through the National ISAC
Council
Membership represents 99%of cars on the road in North
America
19OEM Members
30 Supplier &Commercial
Vehicle Members
52 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Community Speaker Series
Featured Speaker
Why Do We Feature Speakers?❖ These calls are an opportunity for information exchange & learning
❖ Goal is to educate & provide awareness around cybersecurity for the connected
vehicle
What Does it Mean to Be Featured?❖ Perspectives across our ecosystem are shared from members,
government, academia, researchers, industry, associations and
others.
❖ Goal is to showcase a rich & balanced variety of topics and viewpoints
❖ Featured speakers are not endorsed by Auto-ISAC nor do the speakers
speak on behalf of Auto-ISAC
How Can I Be Featured?❖ If you have a topic of interest you would like to share with
the broader Auto-ISAC Community, then we encourage you
to contact our Membership Engagement Lead, Kim Kalinyak
1700+Community Participants
17Featured Speakers to date
Membership represents 99%of cars on the road in North
America
Coordination with 23critical infrastructure ISACs
through the National ISAC Council
62 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
OverviewAuto-ISAC Mission
Mission ScopeServe as an unbiased information
broker to provide a central point of
coordination and communication for
the global automotive industry through
the analysis and sharing of trusted and
timely cyber threat information..
Light- and heavy-duty vehicles,
suppliers, commercial vehicle fleets and
carriers. Currently, we are focused on
vehicle cyber security, and anticipate
expanding into manufacturing and IT
security related to the vehicle.
What We Do
Community Development
Workshops, exercises, all hands, summits and town halls
Intel Sharing
Data curation across
intel feeds, submissions
and research
Analysis
Validation,
context and
recommendations
Best Practices
Development,
dissemination and
maintenance
Partnerships
Industry, academia,
vendors, researchers
and government
Community Development
Workshops, exercises, all hands, summits and town halls
72 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Our 2019 Board of Directors
Executive Committee (ExCom) Leadership
Jeff Massimilla
Auto-ISAC
Chairman
General Motors
Tom Stricker
Auto-ISAC Vice
Chairman
Toyota
Mark Chernoby
Auto-ISAC
Treasurer
FCA
Steve Center
Auto-ISAC
Secretary
Honda
Geoff Wood
Affiliate Advisory
Board Chair
Harman
Geoff Wood
Affiliate Advisory
Board Chair
Harman
Todd Lawless
Affiliate Advisory
Board Vice Chair
Continental
Bob Kaster
Supplier Affinity
Group Chair
Bosch
Larry Hilkene
Commercial Vehicle
Affinity Group Chair
Cummins
2019 Affiliate
Advisory
Board (AAB)
Leadership
Leadership Updates
82 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Auto-ISAC Team and Support Staff
Faye Francy, Executive Director
Josh Poster, Program Operations
Manager
Jessica Etts, Senior Intel Coordinator
Kim Kalinyak, Membership
Engagement Lead
Steve Elliott, Business Administrator
Heather Rosenker, Communications
(Auto-Alliance)
Julie Kirk, Finance
JJ Moss, Intel Lead, BAH
Linda Rhodes, Legal Council, Mayer
Brown
Rob Geist, Accountant,
Tate and Tryon
Auto-ISAC Staff
Staff Updates
92 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Recent Activities
Auto-ISAC Update
Highlights of Key Activities in March
➢ Auto-ISAC and BPWG completed Best Practice Guide #7 on Security by Design
➢ Auto-ISAC attended
➢ SWSX 2019 in Austin, TX
➢ Quarterly Face-to-Face NCI Meeting in Washington, DC
➢ American Trucking Association Annual Meeting in Atlanta, GA
➢ 2019 IQPC Automotive Cybersecurity Summit in Detroit, MI
Looking Ahead to April
➢ Auto-ISAC will be attending
➢ SAE/ Government Industry Meeting in Washington, DC
➢ CIRI Symposium on Resilience in Urbana, IL
➢ NAFA Annual Meeting in Louisville, KY
102 April 2019TLP Green: May be shared within the Auto-ISAC Community.
• Various and unrelated automotive related cyber events over the last 30 days; three cyberattacks, two on-vehicle vulnerabilities, and finally a ransomware attack affecting manufacturing.
‒ Toyota Australia Driven Offline by Cyber Attack: Car maker Toyota suffered what appears to have been a malware attack at its facilities in Melbourne, Australia that knocked out its website and other communications. (Link)
‒ GPS Spoof Hits Geneva Motor Show: At least seven manufacturers at the annual Geneva Motor Show, in Switzerland, have been hit by an attack that left their cars thinking they were somewhere far, far away. (Link)
‒ Vietnam ‘State-Aligned’ Hackers Are Targeting Auto Firms: Vietnamese “state-aligned” hackers are targeting foreign automotive companies in attacks that appear to support the country’s vehicle manufacturing goals, according to cyber-security provider FireEye Inc. (Link)
‒ Smart Car Alarms Ironically Expose Millions of Vehicles to Remote Hijacking: Aftermarket car alarm systems developed by Pandora and Viper have been found to be vulnerable to remote exploitation, enabling potential attackers to hijack the vehicles they're installed on and to spy on their owners. (Link)
‒ Hackers Conquer Tesla’s In-Car Web Browser and Win a Model 3: At Pwn2Own’s spring vulnerability research competition, team Fluoroacetate took home $375,000 in prizes including a Tesla Model 3 — their reward for successfully exposing a vulnerability in the electric vehicle’s infotainment system. (Link)
‒ Cyber Attack Puts a Spotlight on Fragile Global Supply Chain: Following a “severe” cyber-attack on Norsk Hydro ASA’s operations in the U.S. and Europe early on Tuesday, the company has been forced to shut down several automated product lines and is
keeping its smelters running using manual production processes. (Link)
Auto-ISAC Intelligence
What’s Trending?
Trending
For more information or questions please contact [email protected]
112 April 2019TLP Green: May be shared within the Auto-ISAC Community.
Community Speakers
➢ Karl Heimer – CyberAuto/Truck Challenge
➢ Urban Johnson, NMFTA – Heavy Vehicle Cybersecurity Working Group
➢ Ross Froat, American Trucking Association on the ATA Cyberwatch Program
➢ Adnan Baykal, Global Cyber Alliance, Overview of Global Cyber Alliance
➢ Scott Belcher, SFB Consulting, Roadmap to Connectivity
Example of Previous Community Speakers
Past Community Call Slides are located at: www.automotiveisac.com/communitycalls/
Featured Speakers
122 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Welcome to Today’s Speaker
Featured Speaker
Abstract: Long before widespread adoption of level 5 autonomous vehicles, connected
vehicles will be interacting autonomously with other vehicles by sharing identity, buying and
selling data, usage rights, and negotiating routes. Blockchains and distributed ledgers offer a
way for these V2V and V2X interactions to take place securely and reliably. Chris will survey
potential use cases and share how automakers, tech giants and start-ups are exploring this
fascinating new technology.
Chris Ballinger - Chris is the CEO and Co-Founder of
MOBI, the Mobility Open Blockchain Initiative, a consortium
of companies, academic institutions, government agencies
and public organizations exploring blockchain and distributed
ledger technology to improve mobility, transit, and
logistics. Before MOBI, Chris served as CFO and Director of
Mobility and Blockchain Services for Toyota Research
Institute. Chris joined TRI in April 2017 following 14 years at
Toyota Financial Services (TFS), where he served in various
global leadership roles including SVP, CFO, and Chief
Officer of Strategic Innovation. Chris holds a graduate
degree in economics from UC Berkeley and previously
worked at Bank of America as Senior Vice President of
Treasury and Staff Economist at the President’s Council of
Economic Advisors under President Reagan.
January 2018
Chris BallingerMOBI Founder + CEO
Blockchains and Smart MobilityA Ledger of Things for the Mobile Internet of Things
Automotive ISAC WebinarApril 3, 2019
“As disruptive and important as the PC and the Internet”Marc Andreessen
inventor of the internet browser on blockchain technology, 2014
“10% of global GDP will be stored on Blockchains by 2025”World Economic Forum, 2016
Potential Use Cases for BC in Mobility Where can blockchain add value for industry, communities and consumers?
▪ Digital identity and vehicle history
▪ Usage based insurance
▪ Driving and AV data exchange
▪ Supply chain tracking
▪ EV/Grid metering and storage
▪ Car & ride sharing
▪ Mobility commerce / Car as wallet
▪ Autonomous V2X payments and coordination
▪ Usage-based fees (taxes, tolls, carbon, etc.)
▪ Tokenizing the mobility services ecosystem
Building a Minimum Viable Community:Network Effects and Why Size Matters in Blockchain Ecosystems
16
“Blockchain is a team sport”Brian Behlendorf
Hyperledger/Linux Foundation
“Successful blockchain efforts
don’t begin with technology…
they begin with a community”W. Scott Stornetta
most cites in Nakamoto whitepaper
Hello World!
www.dlt.mobi
▪ A newly created nonprofit foundation to
accelerate adoption and promote standards
in blockchain, distributed ledgers, and
related technologies for the benefit of the
mobility industry, consumers, and
communities
▪ Creating simple, standard and digital ways of
identifying cars, people, and trips, and for
paying for mobility services
▪ Open, inclusive partner to entities in the pay
for use, on demand, connected, and
someday autonomous, mobility services
industry
What is ?
Alliance of almost 70% of the world’s large automakers, along with many start-ups, non-profits, transit agencies, and
technology companies working to make mobility services more efficient, affordable, greener, safer and less congested.
Who is ?
Aioi Nissay Dowa Insurance
▪ Blockchain – A tamper-proof distributed ledger in
which transactions can be recorded chronologically, publicly or privately
▪ AI – Introduction of AI and Machine learning into
vehicles allows the pursuit of complex goals,
progressively substituting machine intelligence for human input
▪ Service – IoT turns products into services and
accelerates the switch from private ownership toward Mobility as a Service (MaaS) and Usage Based Consumption (UBC)
▪ IoT – These connections, along with Introduction of
new sensors and computing power, are turning vehicles into nodes on the IoT
▪ Connected – Mobile phones and native connections
The BASICsFive trends that are disrupting transportation
21
Autonomous V2X payments and coordinationFrom Digital Identity to Digital Transactions
Identity, Provenance
and Authenticity and
are major problems
in a digital world…
…But are Critical
Requirements for V2X
Transactions, Micro-
Payments and a Pay-
per-use Economy
The Vehicle Identity
Working Group
Creating a vehicle’s ‘Digital Twin’
The Usage Based
Insurance Working
Group
IoT Turns Products
into Pay for Use Services
The EV Grid
Integration Working
Group
EV demand could take down the Grid
The Supply Chain
Working Group
The Automotive
Supply Chain is one
of the most Complex
Human Artifacts
The AV Data
Exchange Working
Group
A Trillion Miles of AV
Data may be
needed before AVs can Drive Safely
The Financing and
Securitization Working
Group
85% of US new cars are
financed; most of that is securitized
The Car/Ride Share
Working Group
Can BC help asset
owners monetize
the other 95% of Vehicle Capacity?
The MOBI Grand Challenge
• Over one million dollars of token prizes to be
awarded over the three-year Challenge
series
• The MOBI Grand Challenge (MGC) series first
Challenge -- a four-month long tournament
to showcase potential uses of Blockchain in
coordinating vehicle movement and
improving transportation in urban
environments – kicked off on October 12
and ends with a public demonstration of
selected technologies at an event at BMW
HQ in Munich on February 15, 2019.
October 10, 2018 - MOBI and TIoTA announce the launch of MOBIGrand Challenge to unlock new Blockchain-connectedautonomous vehicle solutions
33
250+ Participants
24 Teams
15 Countries
The MOBI Grand Challenge
34
January [email protected]
www.dlt.mobi
Blockchains and Smart MobilityA Ledger of Things for the Mobile Internet of Things
January 2018
Blockchains and Smart MobilityA Ledger of Things for the Mobile Internet of Things
www.dlt.mobi
372 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Open Discussion
Around the Room
Any questions about the
Auto-ISAC or future topics
for discussion?
382 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Connect with us at upcoming events:
Asia-Pacific Automotive Engineering Conference April 1-4, Bangkok, Thailand
SAE / NHTSA Government/Industry Cyber Security
Workshop***April 2, Washington, DC
SANS 2019 April 1-8, Washington DC
Auto-ISAC Community Call*** April 3, Telecon
SAE Government/Industry Meeting*** April 3-5, Washington, DC
Washington Auto Show April 5-14, Washington, DC
SAE World Congress April 9-11, Detroit, MI
CIRI Symposium on Resilience of Critical Infrastructures*** April 10-11, Urbana, IL
SAE Connected Vehicle Challenge April 11, Detroit MI
NAFA Institute and Expo*** April 15-17, Louisville, KY
IoT Tech Expo Global April 25-26 London, UK
SANS Cloud Security Summit & TrainingApril 29- May 6, San Jose,
CA
Event Outlook
**For full 2018 calendar, visit www.automotiveisac.com
Closing Remarks
392 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Closing Remarks
If you are an OEM, supplier or commercial
vehicle company, now is a great time to join
Auto-ISAC!
How to Get Involved: Membership
To learn more about Auto-ISAC Membership or Partnership,
please contact Kim Kalinyak ([email protected]).
➢ Real-time Intelligence
Sharing
➢ Development of Best Practice
Guides
➢ Intelligence Summaries ➢ Exchanges and Workshops
➢ Regular intelligence
meetings
➢ Tabletop exercises
➢ Crisis Notifications ➢ Webinars and Presentations
➢ Member Contact Directory ➢ Annual Auto-ISAC Summit Event
402 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Strategic Partnership Programs
NAVIGATORSupport Partnership
- Provides guidance and
support
- Annual definition of
activity commitments
and expected outcomes
- Provides guidance on
key topics / activities
INNOVATORPaid Partnership
- Annual investment
and agreement
- Specific commitment
to engage with ISAC
- In-kind contributions
allowed
COLLABORATORCoordination
Partnership- “See something, say
something”
- May not require a formal
agreement
- Information exchanges-
coordination activities
BENEFACTORSponsorship
Partnership - Participate in monthly
community calls
- Sponsor Summit
- Network with Auto
Community
- Webinar / Events
Solutions
Providers
For-profit companies
that sell connected
vehicle cybersecurity
products & services.
Examples: Hacker ONE,
SANS, IOActive
Affiliations
Government,
academia, research,
non-profit orgs with
complementary
missions to Auto-ISAC.
Examples: NCI, DHS,
NHTSA
Community
Companies interested
in engaging the
automotive ecosystem
and supporting -
educating the
community.
Examples: Summit
sponsorship –
key events
Associations
Industry associations
and others who want
to support and invest
in the Auto-ISAC
activities.
Examples: Auto Alliance,
Global Auto, ATA
Closing Remarks
412 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
➢Focused Intelligence Information/Briefings
➢Cybersecurity intelligence sharing
➢Vulnerability resolution
➢Member to Member Sharing
➢Distribute Information Gathering Costs across the Sector
➢Non-attribution and Anonymity of Submissions
➢Information source for the entire organization
➢Risk mitigation for automotive industry
➢Comparative advantage in risk mitigation
➢Security and Resiliency
Auto-ISAC Benefits
Securing Across the Auto Industry
Benefits
422 April 2019TLP WHITE: May be shared within the Auto-ISAC Community.
Our contact info
Faye FrancyExecutive Director
20 F Street NW, Suite 700
Washington, DC 20001
703-861-5417
Kim KalinyakMembership Engagement
Lead
20 F Street NW, Suite 700
Washington, DC 20001
240-422-9008
Josh PosterProgram Operations
Manager
20 F Street NW, Suite 700
Washington, DC 20001
Jessica EttsSenior Intel Coordinator
20 F Street NW, Suite 700
Washington, DC 20001