23
European Union Agency for Network and Information Security Enhancing automotive cybersecurity in Europe Liveri Dimitra| OECD Workshop on Digital Security and Resilience in Critical Infrastructure and Essential Services |16.02.18, Paris

Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

  • Upload
    others

  • View
    0

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

European Union Agency for Network and Information Security

Enhancing automotive cybersecurity in Europe Liveri Dimitra| OECD Workshop on Digital Security and Resilience in Critical Infrastructure and Essential Services |16.02.18, Paris

Page 2: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

2

Positioning ENISA activities

POLICY Support MS & COM in

Policy implementation Harmonisation across EU

CAPACITY Hands on activities

EXPERTISE Recommendations Independent Advice

Page 3: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

3

Finance

Smart infrastructures

Secure Infrastructure and Services

eHealth and Smart Hospitals

IoT

www.enisa.europa.eu/topics

Page 4: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

Smart Cars Security Landscape

Page 5: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

5

• Connected and Autonomous Vehicles cybersecurity

• C-ITS Platform - Certificate Policy

- Security Policy

• What about cars of today?

• Day 1 (and 1+) will see CAD coexisting with today’s cars

• It’s becoming more and more frequent headlines item

• Cybersecurity concerns of today’s cars need to be examined

Smart cars security

Cyber System

Physical System

Page 6: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

6

What could possibly go wrong?

Page 7: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

Securing Smart Cars

Page 8: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

8

• Increased attack surface

• Insecure development in today’s cars

• Security culture

• Liability

• Safety and security

process integration

• Supply chain and

glue code

Securing Smart Cars

Page 9: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

9

Page 10: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

10

Smart cars Perimeter

Secure Smart Cars today for safer autonomous cars tomorrow

Page 11: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

11

Smart Cars Assets

Page 12: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

12

Smart Cars Threats

Page 13: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

13

Attacks scenarios

Page 14: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

14

Page 15: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

15

Recommendations:

• Cybersecurity by design

• Improve information sharing amongst industry actors

• Achieve consensus on technical standards for good practices

• Clarify cyber security liability among industry actors

Securing Smart Cars

Secure Smart Cars today for safer autonomous cars tomorrow

https://www.enisa.europa.eu/road

Page 16: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

The road ahead

Page 17: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

17

The Network and Information Security Directive

6

Page 18: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

18

• Obligations for all MS to adopt a national NIS strategy and designate national authorities.

• Creates first EU cooperation group on NIS, from all MS.

• Creates a EU national CSIRTs network.

• Establishes security and notification requirements for operators of essential services and digital service providers

NIS Provisions

Page 19: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

19

NIS Directive and Road transport

Operators of Essential Services

Page 20: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

20

August 2016 - Entry into force

February 2017 6 months Cooperation Group starts its tasks

August 2017 12 months Adoption of implementing on security and notification requirements for DSPs

February 2018 18 months Cooperation Group establishes work programme

9 May 2018 21 months Transposition into national law

November 2018 27 months Member States to identify operators of essential services

May 2019 33 months (i.e. 1 year after transposition)

Commission report - consistency of Member States' identification of OES

May 2021 57 months (i.e. 3 years after transposition)

Commission review

NIS directive - TIMELINE

7

Page 21: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

21

- Support the implementation of the NISD in the Road Transport sector

- Good practices for cybersecurity of smart cars

- Collaboration with DG MOVE through C-ITS Platform

- Engagement with industrial stakeholders, e.g. ACEA, Tier 1 and Tier 2 suppliers

ENISA activities 2018-2019

Page 22: Enhancing automotive cybersecurity in Europe · Smart cars security Cyber System Physical System . 6 What could possibly go wrong? Securing Smart Cars . 8 • Increased attack surface

22

ENISA CaRSEC Expert Group

Join us and apply

• Contribute to ENISA efforts and reports

• Exchange knowledge and expertise

• Review ENISA studies and participate in workshops

• Platform for discussion on automotive cybersecurity

https://resilience.enisa.europa.eu/carsec-expert-group