Presentation title in SAE Blue, Arial Bold 21pt on one or ... · Title: Presentation title in SAE...
Transcript of Presentation title in SAE Blue, Arial Bold 21pt on one or ... · Title: Presentation title in SAE...
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
Agenda• About SAE
• Why is cybersecurity important ?
• What is industry doing (and challenges) ?
• What is SAE doing (and opportunities) ?
2SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
TECHNICAL
STANDARDS35,000+ aerospace
and
ground vehicle
standards
3
The SAE portfolioa global association of more than 140,000 engineers and related technical experts
PUBLICATIONS100,000+ collection
of technical
publications
MEDIAMagazines, eNewsletters, custom
publishing, Tech Briefs Media Group
MEMBERSHIP140,000 members worldwide,
multiple-tiered/benefit model
ENGINEERING
EVENTSOver 30 global technical
events annually for the
aerospace, automotive, and
commercial vehicle sectors
FOUNDATIONCharitable arm of SAE
International, supporting
STEM for over 30 years;
76,000 K-12 students and
over 7,000 college students.
PROFESSIONAL DEVELOPMENT400 courses portfolio, webinars; in-house,
corporate and self-paced learning
Copyrig
ht (c
) 2014 S
AE
Inte
rnatio
nal. A
ll rights
reserv
ed.
SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
…for the aerospace, automotive and commercial vehicle sectorsC
opyrig
ht (c
) 2014 S
AE
Inte
rnatio
nal. A
ll rights
reserv
ed.
SAE | Advanced Engineering UK | November 2015 4
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
In the past 6 months…
5
www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL 7
WHY IS CYBERSECURITY
IMPORTANT ?
SAE | Advanced Engineering UK | November 2015 Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
Safety
Brand reputation
Customer confidence
Financial
8
Cybersecurity is everyone’s concern
Source: 2015 Cost of Cyber Crime Study: Global, Sponsored by Hewlett Packard Enterprise, Independently conducted by Ponemon Institute LLC, October 2015
SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
Safety
Brand reputation
Customer confidence
Financial
9
Cybersecurity is everyone’s concern
Source: 2015 Cost of Cyber Crime Study: Global, Sponsored by Hewlett Packard Enterprise, Independently conducted by Ponemon Institute LLC, October 2015
$5.65M transportation
$2.28M automotive
SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL 10
Hacking getting easier, more organized
SAE | Advanced Engineering UK | November 2015Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
SAE INTERNATIONAL 11
Increasing lines of code
Space shuttle <500K
Hubble telescope 1M
Boeing 787 (total flight system) 10M+
Microsoft Windows Operating System 50M+
Average modern high end car 100M
More complexity
Source: informationisbeautiful.net and www.code.org
SAE | Advanced Engineering UK | November 2015Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
SAE INTERNATIONAL
Increased connectivity across all mobility sectors
12
Commercial Vehicle
Self-driving Freightliner
Inspiration rolls out on
public roads in Nevada
Automotive
Modern car safety
critical systems no
longer isolated
www.cnet.com/news/freightliner-autonomous-inspiration-truck/
www.boeing.com/commercial/aeromagazine/articles/qtr_01_09/pdfs/AERO_Q109_article05.pdf
Automotive.ebv.com
Aviation
The 787 Dreamliner-
the world’s first e-Enabled
commercial airplane
SAE | Advanced Engineering UK | November 2015Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
Create a Cybersecurity Culture
• Mindset change - Not IF you’ll be hacked, BUT WHEN
• Organizational priority; C-suite attention & resources
• “Security by design” versus “bolted on” later
– Designs and processes to identify, protect, detect, respond, recover over the
entire lifecycle
Legacy components, systems, architecture
• Airplane 30+ years, Auto 11+ years
• Planning for updates (fast and secure)
3rd party; aftermarket devices
• Mobile phones, insurance dongles, hobbyist, tuners
13
Challenges faced by (any) industry
SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
Secure software development
• Open source and reused code; unanticipated use cases, complexity
Looming government regulation(s)
• Vehicle-to-vehicle communication technology for light vehicles
• Government cybersecurity legislation
Skilled workforce
• Intersection of electrical engineering, computer science, math with
cyberphyical understanding
• Shortage throughout the entire supply chain
(New) Collaboration
• With competitors, with government
14
Challenges faced by (any) industry …continued
SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
WHAT IS INDUSTRY DOING ?
15SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
What is industry doing ?
Creating security organizations
• Appointing security executives
• Establishing security operations centers
• Hiring security experts and analysts
Collaborating in research consortia
Writing Standards
Conducting threat analysis
Conducting penetration testing
Closing vulnerabilities
Training; hands-on, mock incidents
16SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
Adopting common privacy principles
Establish Information Sharing
and Analysis Centers (ISACs)
Offering bug bounties
17
What is industry doing ? …continued
SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
WHAT IS SAE DOING ?
18SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
Standards
Conferences
Publications
Media
Training
19
What is SAE doing ?
SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
Aerospace:
– ARINC 811 Commercial Aircraft Information Security Concepts of Operation
and Process Framework
– ARINC 821 Aircraft Network Server System Functional Definition
– ARINC 823 Encrypted data link communications (ACARS)
– ARINC 781 Aviation Satellite Communication
– ARINC 791 Ku-band, Ka-band aviation satellite communication services
…every ARINC standard developed with security concerns in mind
Automotive:
– J3061 Cybersecurity Guidebook for Cyber-Physical Automotive Systems
– J3101 Requirements for Hardware-Protected Security for Ground Vehicle
Applications
20
SAE Cybersecurity Standards
SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
J3061 Cybersecurity Guidebook for Cyber-Physical Automotive Systems
‒ Provides an automotive security guidebook that will help drive a process to
address all the Cybersecurity threats the automotive environment is
experiencing. Anticipated release: YE2015
J3101 Requirements for Hardware-Protected Security for Ground Vehicle
Applications
‒ Defines a common set of requirements for security to be implemented in
hardware for ground vehicles to facilitate security enhanced applications,
developing expectations for necessary functionality to achieve an ideal system
for hardware protection for ground vehicle applications, including examples,
but not explicitly detailing implementation requirements. Underdevelopment
21
SAE Automotive Cybersecurity Standards
SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL 22SAE | Advanced Engineering UK | November 2015Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
SAE Battelle CyberAuto Challenge
Real vehicles; real problems
High school, college and professionals
5 day camp / workshop; classroom discussions
complemented by hands-on vehicle work
24 hour Challenge - practicum
Teams composed of OEs, suppliers, government,
researchers-”white hat” hackers, educators
Extensive on-line student preparation (cryptology,
microcircuit design, CAN, etc.)
2016: July 25-29 Warren, MI
Forging the next generation of cyber auto engineer
24SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
QUESTIONS?
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
http://www.darkreading.com/analytics/threat-intelligence/automobile-industry-
accelerates-into-security/d/d-id/1297313
http://www.foxnews.com/leisure/2015/09/11/are-bounty-hunting-hackers-key-to-car-
security/
http://www.thedetroitbureau.com/2014/11/automakers-create-privacy-principles-for-
new-vehicles/
http://on.aol.com/video/car-hacking-with-carknow--translogic-135-517884188
http://articles.sae.org/13809/
https://securityledger.com/2015/02/bmw-fixes-connecteddrive-flaw-with-over-the-air-
patch/
http://www.informationisbeautiful.net/visualizations/million-lines-of-code/
http://advice.careerbuilder.com/posts/hiring-trends-to-expect-in-2015
http://www.dhs.gov/national-cyber-security-awareness-month
Articles and sources
26SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
http://www.wired.com/2015/06/united-flights-grounded-mysterious-problem/
http://money.cnn.com/2015/08/06/technology/tesla-hack/index.html
www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
http://www.wired.com/2015/09/gm-took-5-years-fix-full-takeover-hack-millions-
onstar-cars/
https://threatpost.com/holes-in-progressive-dongle-could-lead-to-car-hacks/110511/
http://www.wired.com/2015/04/twitter-plane-chris-roberts-security-reasearch-cold-
war
http://www.wired.com/2015/10/five-car-hacking-lessons-we-learned-this-summer/
http://airinsight.com/2013/04/08/cyber-security-and-aviation/
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/the-
aviation-industry-did-they-fail-cybersecurity-101/
http://www.cnet.com/news/freightliner-autonomous-inspiration-truck/
Articles and sources
27SAE | Advanced Engineering UK | November 2015
SAE INTERNATIONAL
Copyright © SAE International. Further use or distribution is not permitted without permission from SAE
Patti Kreh
New Business Development Manager
SAE Industry Technologies Consortia (ITC)
SAE INTERNATIONAL
755 West Big Beaver Road, Suite 1600
Troy, MI 48084
o +1.248.273.2474
m +1.248.210.5418
www.sae.org
28
Thank you
SAE | Advanced Engineering UK | November 2015