120 likes | 133 Views
Connected Car – Cybersecurity Update. Carroll Gray-Preston VP Innovation and Strategic Initiatives ATIS. Denis Niles R&D Leader, Cybersecurity Autonomous Vehicles TELUS. 8 March, 2019. About ATIS. Technology Focus Areas. Critical Infrastructure. Critical Communications.
E N D
Connected Car – Cybersecurity Update Carroll Gray-Preston VP Innovation and Strategic Initiatives ATIS Denis Niles • R&D Leader, Cybersecurity Autonomous Vehicles • TELUS • 8 March, 2019
About ATIS Technology Focus Areas Critical Infrastructure Critical Communications Internet of Things Vertical Industry Collaboration Ordering and Billing Interdomain Solutions & Interconnection Industry Numbering Security, Trust and Privacy 5G Technologies Network Evolution NFV and Cloud Networks
Disrupting the Current Cybersecurity Model for Vehicle OEMs Since the publication of our white paper in August 2017, TELUS and ATIS have been engaging various cybersecurity companies, defining the Collaborative Cybersecurity framework for the Vehicle OEMs • To deal with the new realities of cybersecurity threats, the current models to protect various vertical industries are not sufficient - close collaboration is not only the best way forward but a must in terms of developing and applying a new disruptive model that serves the interests of all players involved A collaborative approach is needed to achieve a “WIN-WIN” outcome Image as published in https://www.pcquest.com/security-in-the-age-of-connected-cars/
Perceived Hurdles For Not Sharing Information There are many reasons why vehicle OEMs would not want to collaborate with each other. Some probable points of contention include… • Issues of TRUST. Simply put, the OEMs have a distrust of sharing information. • Legal issues. Sharing information may or could be seen as damaging to the company. • Long standing ingrained corporate policy not to share information & collaborate. • Not the type of behavior the company is used to. Difficult to change the corporate culture. • Not convinced that sharing information & collaboration will serve their interests. • Don’t understand the value of sharing cybersecurity information. • Misguidedly believe that individual cybersecurity tech investments are much better than what any combined efforts can achieve. • Suspicious of other OEMs and their motives to collaborate vis-à-vis cybersecurity. • Don’t believe that their cybersecurity costs will actually go down.
Individual Cybersecurity Programs Advantages Vehicle OEMs cannot compete on cybersecurity strategies - any cybersecurity advantage is a perceived one and a very short-lived one at the best of times. Damaging events of OEM “X” repeat themselves for vehicle OEMs “Y” and “Z” as time moves forward. It is not a question of “IF” but rather “WHEN” other OEMs get hit with a similar attack. Vehicle OEM “X” gets hit with a major attack due to a bug in its s/w + Government scrutiny, Investigations, Audits, Lawsuits Vehicle OEM “X” advertises its vehicles as the safest Vehicle OEM “X” Vehicle OEM “Y” Vehicle OEM “Z” Vehicle OEM “X” recovery is slow & costly Revenue/Profits Time Sales - Sometimes, recovery is next to impossible Customer confidence
Example : Collaborative Cybersecurity App Store Module = +Risk & Cost aspects • When a bad-acting or potentially harmful applications are discovered by one OEM, all other vehicle OEMs immediately benefit from this informationthus the risk is much lower when all OEMs collaborate in the shared program • Risk is always kept at its lowest based on the continuous real-time findings from all OEMs in the shared program • Interestingly, when vehicle OEMs limit their cybersecurity costs by sharing information and working together with respect to bad applications, the net benefit for OEMs is that it actually increases the security position for their individual companies and products • Cybersecurity app costs go down due to collaborative approach, and the fact that the same organization running the Bug Bounty program would also run the App Store cybersecurity program intensifies/multiplies the cost reductions for all vehicle OEMs • A collaborative program means that there is actually more money in the overall combined cybersecurity bucket to deal with bad applications which also means that the collaborative program can… • Hire the best and most experienced people to deal with bad applications • Support more research into limiting the impact of potentially harmful applications • Acquire and/or develop the best tools to find and address cybersecurity application issues • Test & evaluate new app-related cybersecurity strategies & technologies • Create and design a significantly more secure connected and autonomous vehicle… especially where it concerns governments & consumers
Connected Vehicle Security Framework Unmanaged Environment where device & connectivity are NOT controlled by Telcos Managed Environment which includes Managed Connectivity Backend Systems or Cloud Domain Network Domain Connected-Vehicle Domain or End-Point External Domain Telco Managed Layered Security LTE Vehicle OEM Backend or Cloud Systems SGW HSS OTA MME Mobile Devices & WiFi Services PCRF PGW End-Point security for Connected-Vehicle Antenna & LTE Wireless Base Station MPLS Core Network Evolved Packet Core Network Internet An end-to-end security framework that encompasses the connected vehicle, network, and back-end system domains
Key Framework Elements Threat Intelligence Hardware Security Software Security Network Security Cloud Security • Working with Trend Micro we have developed the Threat Intelligence component of the Security framework • Key capabilities include: • Threat Engine • Up-to-date Global Threat Intelligence feeds • Bug Bounty Program • TELUS engaging 5GAA to enlist their participation and support for program • Trustonic has committed to provide expertise around TEE • ARM has committed to participate and provide their expertise related to Tier 1 vehicle OEM suppliers “By PresentationGO.com“
Threat Intelligence Components Shared Analytics for... Central OP Center for Cyber Data Ingestion & Analysis For All Vehicle OEMs • Zero Days • Trends • Targeted software modules • Hardware specific • Cybersecurity Supplier/Partner ranking • Most persistent attackers • H/W component specific • S/W service modules • Unknowns • Learnings & Strategic Direction • Success rates of stopping & containing • Time to identify • Time to intercept • Time to remediate • Success rates of attacks • Most effective models • Shape Next Cyber Tech Strategy • Threat engine ratings for OEMs Threat Intelligence • Output • Example Bug Bounty Data From All Vehicle OEMs • Individual Vehicle OEM Cybersecurity OPs Data • Vehicle OEM H/W & S/W Modules - Partner Cyber Test Data • Log Data from All OEM Connected Vehicles
Threat Intelligence Data Flow Model Connected Vehicles Cybersecurity Operations Center for All Vehicle OEMs Threat Intelligence Vehicle OEM Bug Bounty logs Cyber Bugs reported by all vehicle OEMs from individual Bug Bounty Programs Threat Hunting • Multi-Channel data analytics • Up-to-date Global Threat Intelligence feeds • Unknown threat hunting Suspicious logs ECU21 ECU22 ECU23 Internal GW logs Suspicious logs ECU11 ECU12 ECU13 Suspicious logs logs SIEM/Data Lake External GW DCM ECU01 ECU02 ECU03 Global Threat Intelligence Collection Engine Meta data inquiry API ITS OBDII BT WI-FI PLC Input From Multiple Different Sources • Alerts • Updates • Patches • Fixes Individual Vehicle OEM Cybersecurity OP Centers Vehicle OEM S/W and H/W Partners Dark Web Cybersecurity University Researchers Threat Intelligence Companies Connected Vehicle Honeypots
Collaborative Cybersecurity Program - Key Milestones Initial meetings with Cybersecurity companies Engage Network Operators Collaborative program guidelines defined Begin Engaging Vehicle OEM’s Dec/Jan 15 Mar 12 Apr Apr Nov/Dec 21 Jan 5 Apr Continue discussions with targeted partners Key framework elements defined Program Proposal Complete