Japan's ITS security approach(tentative)

Ministry of Internal Affairs and Communications(MIC)
Yuji Nakamura

An overview of SAE J3061: Cybersecurity Guidebook for cyber-physical vehicle systems

Interconnectivity of today’s and future vehicles make them potential targets for attack. Following a defined structured process for developing secure automotive embedded systems upfront reduces the likelihood of successful attacks. SAE J3061 outlines a structured process to identify and evaluate the use of existing security processes, methods, and tools that may be applicable for cybersecurity of embedded automotive systems. This presentation will highlight SAE J3061’s goals, methodology, and current status.

Ford Motor Company
In-Vehicle Systems Security Engineer
Justin Mendenhall

Justin Mendenhall is an In-Vehicle Systems Security Engineer with Ford Motor Company and is the feature lead for security on SYNC. Justin has 7 years at Ford in software development for projects in IT and Product Development. Justin has a B.S. in Computer Science with a concentration in embedded systems and is a contributing author on SAE J3061.

Sharing of Cyber Threat Intelligence – the future of the Automotive ISAC

Today’s automobiles are constantly evolving to accommodate rapid changes in technology. Increasingly, connected vehicles require OEMs and other automotive industry stakeholders to adapt to emerging cyber security threats. In anticipation of these threats, key stakeholders in the automotive industry united to create an Automotive Information Sharing and Analysis Center (Auto-ISAC) to improve cyber security threat awareness and coordination across the industry. The intended mission of Auto-ISAC is to serve the global automotive industry as the central point for the analysis and sharing of trusted and timely cyber threat information about existing or potential cyber-related threats and vulnerabilities in light duty passenger vehicle electronics and associated networks. The purpose of this panel is to discuss the ISAC’s founding principals, discuss the sharing mechanism, cyber threat alerts, and threat and vulnerability analyses that the Auto ISAC aims to achieve.

Booz Allen Hamilton
Principal
Jonathan Allen

Jon is a Principal with Booz Allen Hamilton focusing on cyber and security capabilities for commercial clients with a focus on high-tech manufacturing and the automotive. Jon is the firm’s executive over the automotive industry with a focus on cyber security, enabling connected vehicles, introducing automotive data analytics, incident response and cyber threat intelligence related to vehicle safety. His most recent engagements have been with major automotive OEM leading the assessment and building the industry’s first vehicle cyber security organization led by a senior ex-ecutive. He serves as the PM over Booz Allen’s support to developing the Automotive Information Sharing & Analy-sis Center (ISAC). Other commercial clients have included General Electric, a super major oil & gas company, a ma-jor financial institution, and non-related cyber engagements with Major League Baseball. Prior to joining Booz Allen’s commercial practice, Jon helped reestablish Booz Allen’s commercial business in the Middle East, and previously supported the U.S. Government clients within the DoD, to include US Africa Command, and Intelligence Community developing resiliency and risk practices protecting US critical infrastructure. Prior to joining Booz Allen, Jon served as a U.S. Army Infantry Officer with assignments in Georgia, Korea, Washington, DC, and Texas—to include serving as the Senior Army Social Aide to President Clinton and commanding an infantry company with the 1st Cavalry Division. Jon received his BA from Norwich University, an MA in Security Studies from Georgetown University. He is the incoming Vice Chairman for Norwich University’s Board of Fellows. Corporate Profile: http://www.boozallen.com/careers/meet-our-people/Jon-Allen Twitter: @JonAllen72

Booz Allen Hamilton
Senior Associate
Denis Cosgrove

Denis is a leader in Booz Allen Hamilton’s Commercial High-Tech Manufacturing practice, where he is an delivering strategy, cyber, and analytical solutions for the automotive industry. His recent client engagements include working with a major automaker to reimagine their approach to vehicle cyber security and partnering with them to build the first vehicle cyber security senior director within the industry. Denis previously worked with clients in the US government national security clients developing new methods in risk analytics to protect the homeland. Prior to joining Booz Allen, he served as a Senior Associate Scholar at the Center for European Policy Analysis and taught undergraduate courses in philosophy. He earned graduate degrees studying political philosophy at the University of Chicago and international relations at Georgetown University. Denis has published essays on foreign policy and presents an annual graduate-level lecture on strategy in Machiavelli’s Prince at Johns Hopkins University.

Vulnerability Management of Automobiles

Today Automobiles are to be connected to the world of complexity. Automobile vulnerabilities by wireless attacks have been publicly demonstrated. Electronic components like numerous ECUs, instrument cluster, anti-lock brakes once isolated from the world outside could be compromised. Security hardening of component devices and the system is much needed before attack surfaces are exploited in reality. We will discuss and demonstrate some of the effective robustness testing methods that the Automotive industry has started to adopt to reduce chances of compromise and, therefore, liability.

Synopsys
Vice President, Marketing, Software Integrity Group
David Chartier

David Chartier is the Vice President of Marketing for Synopsys' Software Integrity Group. Chartier has over 25 years of technology industry experience, which includes serving as the chairman of Maxware, an identity software company acquired by SAP in 2007. He has also held CEO positions for companies such as Codenomicon, IntelliSearch, and Computas, and served as the chairman of Active ISP. An experienced entrepreneur, David founded InfoStream and led the company through a successful IPO in 1999.

Synopsys
Senior Manager of the Field Applications Engineering (FAE), Software Integrity Group
Olli Jarva

Olli Jarva is the Senior Manager of the Field Applications Engineering (FAE) organization in the Software Integrity Group at Synopsys. He is an expert in
network security and mobile platforms, and has a deep understanding of protocol vulnerabilities. He has been involved in the discovery and coordination of a number of zero-day vulnerabilities. Olli has a rich experience in cyber security for the critical infrastructure space in the past 10 years. He is a regular speaker at security conferences, such as RSA, AusCert, CodeGate.

Cyber Safety: Facts, Fiction and a 'Vehicle' for Collaboration

Modern vehicles are computers on wheels. Benefits of vehicle technology are clear; accompanied risks less so. Sensational car hacking headlines are raising attention, but can trigger less optimal reactions. Let's choose a different road. Automakers are masters of their domain; Cyber Security experts are masters of theirs. As these domains have collided, we will have the safest outcomes, the soonest, if we work together. Willing ambassadors from both worlds have already begun fruitful collaboration on a foundation of necessary capabilities. This presentation will cover: -The "5 Star Automotive Cyber Safety Framework" of foundational, critical capabilities. -The policymaking, legal, and public perception landscape driving immediacy of a response.
-Current progress on our joint traction to date from both auto and cyber.
-The benefits of a road ahead together.

I Am The Cavalry
Cyber Safety Advocate
Beau Woods

Beau Woods is one of the core contributors to the I Am The Cavalry movement, helping to crystalize vision and evolve the direction of the group. He has over a decade in the information technology and computer security industry, having worked as a practitioner and consultant in previous roles. With Dell SecureWorks he advised dozens of organizations, from small business to Global 100, on security practice, strategy and technology. Beau is a frequent presenter, an author, media contributor, and podcast host.

Applying security research in automotive design and operations

The 3 year Swedish industry collaboration project HeavenS is concluding in 2016. Some results, such as risk models, has already been shared with the automotive security community. This presentation includes (but is not limited to) the most recent results such as test methods. The presentation also addresses how research results is helping the advanced engineering and vehicle project to avoid releasing vulnerable products to the market and to maintain the level of security in vehicles on the streets. Sharing results to facilitate industry collaboration in such initiatives as Autosar, SAE international vehicle electrical system security committee, ISO and information sharing and analysis.

Volvo Car Senior designer, electrical department
Henrik Broberg

Henrik Broberg is a senior designer at the electrical department at Volvo Car Corporation specializing in security of the vehicle electrical system. Henrik has been working with automotive security since 2008 when he participated in the EVITA project. He has been part of Volvo Car Corporation security programs since 2009. One of the security project is a join research project between Swedish automotive stakeholders called HeavenS (healing vulnerabilities in automotive environments), financed by Vinnova.

Automotive security for infotainment system

Panasonic
Hideki Matsushima

Summary of escar EU 2014 & US 2015

Panasonic
Hideki Matsushima

Etas
Takahiro Furue

Networking Party

JASPAR's automotive security approach

JASPAR/Toyota Motor
Koji Hirabayashi

Playing with car multimedia unit firmware (or how to brick your car)

A lot of papers have already been done/produced on hacking cars through ODB2/CanBus. Looking at the car firmware could also be something really fun. How to access the firmware, hidden menus & functionalities, hardcoded SSID, users and passwords (yes, you read right), are some of the subjects we will cover during this presentation.

SCRT
Founder and CEO
Paul Such

Paul is a security engineer and the founder of SCRT, a Swiss company specialized in ethical hacking / penetration test and digital forensic since 2002. He is also the organizer of the Insomni'hack event (CTF and security conference in Switzerland)

Cyber Security for Connected Vehicles

DENSO General Manager, DP-Cyber Security R&D Department, Basis Electronic Technology Unit
Hiroshi Hayakawa

Attacking and Defending Autos Via OBD-II

It began as an assessment of an insurance dongle that connected to a car’s On-Board Diagnostic port (OBD-II) to gather driving information to provide a car insurance quote. This dongle lacked even basic security controls and the code violated almost even basic good coding practices. It is a simple matter for an attacker with network access to take control of this dongle and load his attack code on a device with access to the CANBus (not to mention the vulnerabilities in the back end at the insurance company).

The second part of this session will cover what an attacker could do with network access to the OBD-II, how a vendor should be integrating security into the OBD-II / CANBus so a poorly designed dongle cannot affect the auto, and some proof of concept tools to prevent attacks via the OBD-II port.

Digital Bond Labs
CEO
Dale Peterson

Mr. Dale Peterson leads Digital Bond’s Industrial Control System (ICS) Consulting and Research Teams. He has helped organizations assess and secure their control systems as well as ICS vendors integrate security into their products. Much of the ICS technology integrated into security products, such as intrusion detection and scanning tools, was developed from research that Dale led in projects funded by the US Department of Homeland Security, UK Government and JPCERT. Dale began his career as an NSA Cryptanalyst. Read Dale’s latest articles at www.digitalbond.com or @digitalbond.

CyberAuto Challenge Asia - Proposed

This talk describes the CyberAuto Challenge, now in its 4th year in the US. Why it was founded, what it has accomplished, and what it intends for the future. Then it describes how a similar event might be modified to support industry and academia as an annual event in Japan.

AutoImmune
Partner
Robert Dekelbaum

Rob “Deker” Dekelbaum has been involved in computer network security since the mid-90’s in many roles such as systems administrator, product developer, red-team reverse-engineer, OS kernel hacker, development team manager, systems architect, and security researcher for DoD as well as commercial concerns.

After joining Battelle in 2011, he was able to realize the opportunity of combining his love of computer security and his long standing interest in automobiles and established the Center for Automotive Vehicle Environments (CAVE). As the Principal Investigator for CAVE, Deker focused on creating one of the first organizations dedicated to the study of in-vehicle electronic security from theoretical as well as practical angles. Deker lead the development of best-of-breed automotive security projects, automotive red-team vulnerability assessments, and consultative services to help the automotive industry practically deal with the upcoming threats in cybersecurity.

Deker has also coordinated the CyberAuto Challenge since it’s inception as an event designed to raise awareness of the need for future engineers in the cyber-automotive space and give industry, government, security researchers, promising high-school and college students an opportunity to explore and address these challenges together.

Through this event, and his work directly within the auto industry, Deker has gained a unique knowledge and understanding of not only the threats facing the auto industry as the connected car becomes real, but also of the practical implications and engineering challenges of addressing these issues from within automotive OEMs and suppliers.

Panel Discussion