March 27-29th, 2019 Detroit

9th Automotive Cybersecurity Event

Organized By:

Automotive IQ

www.asdevents.com - www.asdevents.com/event.asp?id=19168

03/27 Pre Conference Workshop Day 9:00am WORKSHOP A: Establishing a Global Information Sharing Community to Address Vehicle

Cybersecurity Risks

- Defining best practices for securing the vehicle ecosystem and providing guidance to implement guidelines

- Addressing inhibitors to information sharing and the way ahead - Efforts to expand organizational sharing in support of increased innovation and consumer

safety Faye Francy Executive Director Auto-ISAC

11:00am Morning Networking and Refreshment Break 11:30am WORKSHOP B: Introduction to Car Hacking with CANbus

- Learning and understanding vehicle hacking techniques to ensure that systems are

reasonably safe under expected real-world conditions - Identifying the basics of threat models for automotive systems - Acquire and analyze in-vehicle communication data - Hacking ECUs, and using tools for vehicle anomaly detection

Mark Zachos Vehicle Data Link Connection (DLC) Security Standards Committee SAE International

1:15pm Networking Lunch 2:15pm WORKSHOP C: Accelerating Cyber Secure Mobility Services via Blockchain and Distributed

Ledger Technologies

- Leveraging Blockchain to coordinate vehicle movement and improve transportation in urban environments

- Managing digital identity and history - Strategies to secure V2I and V2V communications via Blockchain

Chris Ballinger CEO & Founder, The Mobility Open Blockchain Initiative (MOBI) Former CFO & Director of Mobility Services, Toyota Research Institute

4:00pm End of Workshop Day

www.asdevents.com - www.asdevents.com/event.asp?id=19168

03/28 Main Conference Day One 8:00am Conference Registration 9:00am Chairperson’s Welcome and Opening Remarks

Faye Francy, Executive Director, Auto-ISAC

9:15am Developing Security by Design Processes for Improved Vehicle Architecture Security The effort to build in security in the early stages of vehicle design is growing in popularity throughout the automotive sector, as it offers a proactive approach to cybersecurity and protection.

- Testing hardware & software to evaluate product integrity and security as part of component testing - Performing software-level vulnerability testing, including software unit and integration testing - Understanding and identifying methods of attack surface reduction

Kristie Pfosi, Senior Manager, Automotive Cyber Security, Mitsubishi Electric Automotive America, Inc.

10:00am Panel Discussion: Strategies to Secure the Global Automotive Ecosystem from Adaptive Threats The current automotive cybersecurity threat environment is high-speed and adaptive to threat response and mitigation. Cybersecurity threats have already had a profound impact on the automotive ecosystem, and with the ever-increasing connectivity of modern vehicles, this threat will only compound over time.

- Creating benchmarks for improved preparedness and response - Understanding cybersecurity’s affect on the OEM-supplier relationship - Expanding bug bounty programs to target weaknesses in the automotive sector

Moderator: Srini Adiraju, Director of Cybersecurity, Visteon Corporation Panelists: J. Scot Sharland, CEO, Automotive Industry Action Group (AIAG) Chris Ballinger, CEO & Founder, Mobility Open Blockchain Initiative (MOBI)

10:45am Demo Drive & Refreshment Break 11:15am Leveraging Lessons Learned and Best Cyber Practices from the Heavy Machinery Industry

Cyber strategies and lessons learned from the heavy machinery industry can provide a multitude of benefits to the automotive cybersecurity ecosystem. This session will detail cyber challenges and successes from the heavy machinery industry, and will provide insight as to some of Caterpillar’s cyber efforts.

- Understanding the unique cyber challenges for the heavy machine industry - Caterpillar cyber security best practices for the automotive continuum - Cross-industry perspectives on the automotive cyber ecosystem

Scott Smith, CISO, Caterpillar 12:00pm Panel Discussion: Prioritizing and Securing at the ECU Level

The evolving complexity and wide-spread deployment of ECUs has effectively enlarged the attack vector on each vehicle for potential malicious incident. This vulnerability has prompted the automotive industry to reevaluate their current expectations for security specifications and standards.

- Efforts to develop standards for ECU security components - Addressing the diversity of ECUs in vehicles - Defining individual ECU security standards

Moderator: Dave Bares, Product Cybersecurity Senior Engineer, Lear Corporation Panelists: Sanjay Singh, CTO & Executive VP, Dura Automotive Amy Chu, Senior Director, Automotive Cybersecurity, Harman International

www.asdevents.com - www.asdevents.com/event.asp?id=19168

12:45pm Networking Lunch Track 1

Leveraging Community Resources to Combat Automotive Cybersecurity Threats

Track 2 Understanding the Legal, Legislative, and

Regulatory Considerations at the Federal and State Level

1:45pm No Vehicle is An Island The automotive sector is not entirely different from power, water, oil & gas, chemicals and other industries that are each affected by technology trends that lead to the convergence of a digital world with a cyber-physical world. This session will explore a few examples of recent, high-profile security attacks launched against critical infrastructure companies.

- Lessons learned from past cybersecurity

risk-management investments from across industry

- Critical infrastructure security strategies of benefit to the automotive industry

Doug Wylie Director, Industrial & Infrastructure Practice Area SANS Institute

Examining the Future Federal Legislative Policy Ecosystem for Automotive Cybersecurity This discussion will provide an in-depth viewpoint on the ever evolving legislative ecosystem for automotive cybersecurity. With a keen focus on advancing legislation efforts to protect consumers and ensure safety, this panel will detail current legislative efforts to ensure the United States remains at the forefront of advanced vehicle cybersecurity technology, as well as the SELF DRIVE Act’s impact on cybersecurity.

- Federal Challenges Associated with Highly Autonomous Vehicles (HAVs) Security

- Collaborative Efforts to Develop Forward Thinking Regulatory Standards

2:30pm Developing and Attracting Automotive Cybersecurity Expertise for the Benefit of the Automotive Community The automotive community is constantly at risk with emerging cybersecurity attacks on a daily basis, requiring the constant evaluation workforce development and training initiatives.

- Cyber workforce and training priorities - Attracting and retaining top cyber talent

Karl Heimer Principal at Heimer & Associates LLC Senior Technical Advisor, Michigan Auto Office Co-Founder, CyberTruck Challenge

Addressing Autonomous Vehicle Security Concerns at the State Level This session will describe the ongoing regulatory efforts at the State level to prepare for the future of autonomous vehicles, and their security on the roads of Michigan.

- Overview of Current Regulatory Environment for Automotive Security

- Prioritizing MDOT Automotive Cyber Safety Investments

Tony Kratofil Chief Operations Officer Michigan Department of Transportation

3:15pm Afternoon Tea and Networking Break 3:45pm Developing Cyber Secure Strategies for Over the Air (OTA) Updates

Over the air updates provide increased flexibility to manufacturers and car owners to manage embedded systems across the lifecycle of the vehicle. OTA updates are a critical aspect of the automotive cybersecurity ecosystem, but with increased connectivity, brings increased risk.

- Developing secure OTAs for vehicle lifecycle maintenance and management - Safeguarding against data breach and leak - Improving OTA authentication to defer unauthorized entry

Ira McDonald, Security Architect, FCA www.asdevents.com - www.asdevents.com/event.asp?id=19168

4:30pm IDGs Round 1 A

Enhancing Component Security of Critical

Safety Features

Joseph Kristofik Director, Functional Safety and Cybersecurity Management Veoneer

B Understanding the

Unique Cybersecurity Challenges for the

Autonomous Trucking Sector

.

C Considerations on the

Use Case for AI & Machine Learning for Automotive Defense

Uki D. Lucas System Architect and HMI Functional Owner, FCA Group Programs, Connected Car R&D Harman International / Samsung

D Securing ADAS

Technology to Ensure the Future of

Autonomous Vehicle

5:15pm End of Main Conference Day One

www.asdevents.com - www.asdevents.com/event.asp?id=19168

03/29 Main Conference Day Two 8:00am Conference Registration 9:00am Chairperson’s Welcome and Opening Remarks

Faye Francy, Executive Director, Auto-ISAC

9:15am Autonomous Electric Cars, Connected Vehicles, and the Future of Personal Mobility The automotive and transportation industries are undergoing massive transformation. Three disrupting trends are shaping the future of mobility, both personal and commercial: the adoption of shared and on-demand mobility, continued development and market penetration of electric propulsion vehicles, and the maturation of autonomous driving technology.

- Technical factors shaping the future of mobility - Connected vehicle security challenges - Providing governance for companies in the automotive ecosystem

Joe Barkai Chair, Vehicle Internet of Things Program Committee SAE

10:00am Security Architecture Considerations for Automotive Products and Software As cars increasingly transition from hardware driven products to software driven electronic devices, organizations must take careful notice to secure both hardware and software as we move towards the future of connected cars.

- Defining next-gen security architectures in automotive products for both hardware and software

- Ensuring OEM and Tier 1 software and hardware needs are met - Autonomous architecture ECU security trends

Alan Tatourian, Security Architect, P.E. – Autonomous Driving Division, Intel

10:45am Networking & Refreshment Break 11:15am Track 1

Developing Tier 1 Cyber Response Frameworks for Improved Automotive Security & Response Tier 1’s must develop adequate frameworks for responses to cyber incidents to ensure improved incident response. This session will provide insight on to some of the frameworks for Tier 1’s in the automotive continuum.

- Quantifying and measuring cyber incidents for improved organizational results

- Delivering efficient cyber frameworks for organizational response

Matt Fahnestock, CIO, Dana Incorporated

Track 2 Conducting Self-Auditing and Risk Assessments for Improved Accountability In addition to developing intuitive cybersecurity measures for vehicle protection, the automotive industry should document the details related to the cyber processes for improved auditing and accountability of incidents.

- Conducting risk-based approaches to assessing vulnerabilities and potential impacts

- Establishing procedures for internal review and documentation of cyber-related initiatives

- Considerations on BSIMM9, MS SDL, CIS Controls v7, CySAEv2.x

Dave Bares Product Cybersecurity Senior Engineer, Lear Corporation

12:00 Networking Lunch

www.asdevents.com - www.asdevents.com/event.asp?id=19168

1:00pm Driving OBD Port Security Level of Capability Onboard diagnostic security is an integral function for any connected car, and one that is highly vulnerable to cyber attack due to its connectivity to a multitude of safety-critical automotive components. This session will address critical OBD cyber measures and strategies.

- Minimizing attack vector size for safety-critical, OBD connected components - Preventing unauthorized access to the in-vehicle E/E system - Updated SAE standards for OBD port security

Bob Gruszczynski, OBD Communications Expert, Volkswagen Group of America

1:45pm Panel Discussion: Delivering Secure Vehicle to Vehicle Communications Security for Improved Automotive Safety To prepare for the massive influx of connected vehicles entering the roads globally, they must be able to securely connect with one another in order to share pertinent information to ensure driver, pedestrian, and infrastructure safety. Vehicles must be able to connect with one another to create a common sight on roads worldwide, and communication channels must be cyber secure to do so.

- Understanding cybersecurity challenges specific to V2V communications - Weighing the benefits and challenges of DSRC, C-ITS and C-V2X deployments - Assessing safety and security concerns of the data

Moderator: Scott McCormick, President, Connected Vehicle Trade Association Panelists: Cosimo Senni, Head of Cybersecurity Engineering Services, Magneti Marelli

2:30pm Networking & Refreshment Break 3:00pm Understanding the Current Regulatory Environment for Automotive Cybersecurity

This conversation will detail the ongoing regulatory and policy efforts to define proper standards for automotive cybersecurity.

- Emerging policy challenges in auto cybersecurity - Understanding risks and liability of auto cyber incidents and response - Considerations for future regulatory actions to spur economic development

Catherine Muir, Office Counsel, Cybersecurity Group, Baker McKenzie LLP

www.asdevents.com - www.asdevents.com/event.asp?id=19168

3:45pm IDGs Round 2 A

Enhancing Component Security of Critical

Safety Features

Joseph Kristofik

Director, Functional Safety and Cybersecurity Management

Veoneer

B Understanding the

Unique Cybersecurity Challenges for the

Autonomous Trucking Sector

C Considerations on the

Use Case for AI & Machine Learning for Automotive Defense

Uki D. Lucas

System Architect and HMI Functional Owner, FCA Group Programs, Connected Car R&D

Harman International / Samsung

D Securing ADAS

Technology to Ensure the Future of

Autonomous Vehicle .

4:30pm End of Main Conference Day Two

www.asdevents.com - www.asdevents.com/event.asp?id=19168