Upload
vankien
View
236
Download
0
Embed Size (px)
Citation preview
Secure Product Design Lifecycle for Connected Vehicles
Lisa BoranVehicle Cybersecurity Manager, Ford Motor CompanySAE J3061 ChairSAE/ISO Cybersecurity Engineering Chair
AGENDA
Cybersecurity Standards Awareness
Vehicle Complexity
Holistic Cybersecurity Approach
External Engagement
2
Widespread Interest In Automotive Cybersecurity Development
Automotive Cybersecurity Activity(Not Exhaustive)
3
Past Vehicle Design Emphasis was on Engine Design, Comfort and Chassis and
Security Primarily Revolved Around Vehicle Theft, Odo Tampering & Chip Tuning
Vehicle was Self Contained
4
Areas of Potential Cybersecurity Vulnerabilities
Roadside Networks
Embedded Computers on Local Vehicle Network
Vehicle to Vehicle (V2V) Vehicle to Infrastructure (V2I)
Vehicle to Grid
Onboard Diagnostic Interface
Brought-In DeviceCommunications
WirelessCommunications
Private Clouds
PublicClouds
Sensors/Cameras/ Microphones
Security Measures In Place That Align With Industry Best Practices
To Help Protect Current and Future Technologies5
Connectivity and Complexity Explosion
3rd Party Connected
Services
OEM Connected
Services
16
15
14
Brought-in
Connectivity
Mobile
9
1
23
45
7
Beamed-in
Connectivity
GNSS Antenna
10
8
Built-in
Connectivity
6
13 12
11
17
Interconnectivity And Increased Hacker Capability
Makes Vehicles Potential Targets for Attack 6
Importance of Designing Security Upfront
Safety And Security Are Important To Our Customers
Loss of function or denial of service impacts Safety
Vehicle theft
Customer dissatisfaction
Loss of privacy Unauthorized personal information obtained
Unauthorized vehicle tracking
Impact to reputation and integrity
Financial loss Warranty
Loss of sales
Unauthorized access to features/functions
Higher insurance costs to the customers
Fraudulent commercial transactions
Theft of intellectual property
7
Secure Vehicle
Design
(e.g. HW, SW, Data,
Networks, Access
Control Security)
Secure Vehicle
Production
(e.g. Supply Chain
Management, Service)
Secure Vehicle
Operation
(e.g. Infrastructure
Vehicle Assembly)
Organization (People, Process,
Technology)
Risk ManagementPolicies & Standards,
Governance
Assess ---- Test ---- Address
Continuous Improvement Of Internal Cyber Security Processes and Tools
Monitor and Report
Cu
sto
me
r E
xp
ec
tati
on
s
Inn
ova
tio
n
Bu
sin
es
s D
rive
rs
New
an
d E
me
rgin
g R
eq
uire
me
nts
Inte
rna
l Req
uire
me
nts
& P
roc
es
ses
Reg
ula
tion
s
Holistic Cybersecurity Approach
8
Helps Manage Priority And Resource Allocation
Risk Categories
Functional Safety
(F.S.)
Privacy(P.I.I.)
Enterprise Impact
(E.I.)
Connectivity/Access
(C)
10
Security Controls Toolbox(Not Exhaustive)
Security control needs to be a Defense-in-Depth Layered Technique involving a suite of
controls. There are a number of potential tools in the security controls toolbox:
Firewalls
Authorization / Authentication mechanisms
Gateways / Network separation
Secure data storage/ Secure hardware
Intrusion Detection/Prevention
Secure Data Transport
Encryption
Packaging/Tamper Proofing
Access Control
Memory Management
Secure SW Coding/OS
No one is a complete answer, each potential tool has benefits and limitations.
Controls Are Applicable Within Context. Several Different Tools Are
Required To Obtain The Appropriate Controls. 11
Past Vehicle Design Emphasis was on Engine Design, Comfort and Chassis and
Security Primarily Revolved Around Vehicle Theft, Odo Tampering & Chip Tuning
Building A Cybersecurity Culture
Secure Process and Planning Testing
Supply
Chain
Mgmt.
Auditing
Governance
/ Policy /
Business
Comms /
Reporting
Requirements/Specifications
User Notification
Incident Management
Statement of Work
Supplier Audits
Security AttributeMeetings
SecurityBudget
Escalation
Security Governance
Field Monitoring
Product DevelopmentProcess Integration
Cyber Security Training
Threat Modeling &
Analysis
Risk Management
Public Disclosure Program
Security Capability
StudyRegulatory Compliance
BenchmarkingSelf-Attestation
Dealer Awareness
Training
Privacy Governance
NHTSA
Auto ISAC
Threat Intelligence
Bug Bounty Program
External Engagements
PII PolicySecurity
CapabilityStudy
ComplianceTracking
Insurance Witness Testing
Regulatory Witness Testing
Vehicle Assessments
Application/ Infrastructure Code Reviews
Red Team
Static Code Analysis
Design Verification
Plans
Fuzz Testing
Technical Design
Reviews
12
A Well Documented Incident Response Plan
Incident Management
Field Monitoring
Triage Inputs
Determine Validity and Priority
Product Team to Determine Impact, Containment, Recovery &
Remediation
Present to Appropriate Review Board
Communication/Reporting
13
Cybersecurity Workforce
Threat Analysis &
Risk Assessment
In Vehicle Cyber
Security Teams
PD Teams Red Team
Security Governance
Incident Assessment
Team
Data Monitoring
Backend IT Security
Safety Office/ Legal
Gov’t Affairs / Public
Relations
Cyber Intelligence/
Defense
14
External Engagement
Security Supply Base
University Collaborations
Industry Research Consortia
Government Involvement
Information Sharing
Standards Development
15