5th VDI Conference - Cyber Security for Vehicles

Registration & Welcome Coffee

Chair‘s Welcome and Opening Address

Dr. Mathias Dehm, Head of Security & Privacy Research and Governance, Continental AG, Germany

I. Regulations, Certifications & Standardization

Future UNECE Regulations on Cyber Security and SW Updates

• Draft requirements on cyber security and SW updates (incl. over the air)
• Progress of test phase with some voluntary manufacturers and authorities
• Adoption of the final regulation and implementation all over the world

Dr.-Ing. Kai Frederik Zastrow, Master Expert Regulation Certification Standards, PSA Groupe, France

Sticking the Bricks of Road Vehicles’ Life-Cycle together – Mapping of relevant Standards and Regulations

• Overview of road vehicles’ life-cycle
• Landscape of security standards for road vehicles
• Mapping ISO/SAE 21434 to UN regulation on cyber security
• Standardizing software updates engineering

Dr. Markus Tschersich, Manager Security & Privacy Standardization & Regulatory Affairs, Continental AG, Germany

Automotive Cyber Security Risk Treatment

• Identifying and assessing cyber security risks
• Examples for cyber security risk treatment
• Collaboration on risk mitigation within the automotive supply chain

Matthias Hense, Automotive Cybersecurity (Regulations & Standardization), BMW Group, Germany

Trends of Security and Privacy Policy in China 

• China’s approach towards ensuring vehicle security
• Biggest challenges for implementing a regulatory framework
• Introduction of „Shield“– Project of CICV

Jian Wang, CTO, China Intelligent and Connected Vehicles Research Institute Co., Ltd (CICV), China

Lunch

Considerations for regulating Vehicle Cyber Security – An US Perspective

• How setting standards and regulating cyber security is different than traditional FMVSS
• Evolving the traditional regulatory framework to incorporate best practice, guidance and process improvement
• Mechanisms to better align incentives to improve the fleet‘s overall cyber security posture

Chan. D. Lieu, Senior Legislative Advisor, Venable LLP, USA

II. Lessons Learned – Examples of Practice

Cyber Security Threats against the Automotive Industry

• What are some of the top cyber security breaches
• What are the trends in automotive cyber security
• How can the industry work together to mitigate the threats
• Lessons learned

Faye Francy, Executive Director, Automotive ISAC, USA, (invited)

Panel: How to be compliant? Impact of regulations and certifications?

Dr.-Ing. Kai Frederik Zastrow, Master Expert Regulation Certification Standards, PSA Groupe, France
Dr. Markus Tschersich, Manager Security & Privacy Standardization & Regulatory Affairs, Continental AG, Germany
Jian Wang, CTO, CICV, China
Chan. D. Lieu, Senior Legislative Advisor, Venable LLP, USA
Dr. Evangelos Ouzounis, Head of Secure Infrastructure and Services Unit, ENISA
Moderated by: Beau Woods, Cyber Security Strategist, I Am The Cavalry, USA

Networking & Coffee Break

Autonomous Vehicle Cyber Security Forensics & Threat Hunting

• Challenges and practices
• Advantages and drawbacks of tools, tactics and practices employed in the vehicle design  stages and post production
• Securing a better respond to cyber security events and incidents

John Gomez, CEO, Sensato Cybersecurity Solutions, USA

World Cafés

Interactively moderated Discussions on challenging Topics of your Industry
Topics and Moderators
What has to be considered when applying AI in Cyber Security? For what kind of use Cases can AI be considered? Daniel Fulger, Altran
How to achieve a systematic Approach to Automotive Cyber Security Testing? Orhun Süzer, Vector
IT Security and Data Protection for Electro Mobility: What Steps have to be taken? Prof. Dr. Christoph Krauß, Fraunhofer SIT
What is needed to secure Vehicles from malicious Malware? Nathaniel Meron, c2a-security
Security in 5G/V2X Communication – What kind of Security is necessary? Ian Smith, GSMA, UK

End of Conference Day one

Get-Together

At the end of the first conference day we kindly invite you to use the relaxed and informal atmosphere for in-depth conversations with other participants and speakers.

III. Security Testing

Creating a Security-aware Organization

• Establishing a comprehensive cyber security program in global organization
• Making security an integral part of (existing) engineering processes
• Fostering a company-wide culture of training & awareness
• Establishing a product security incident management and response process
• Threat intelligence collection and collaboration with researchers

Timo van Roermund, Director Automotive Security, NXP Semiconductors, Germany

Verification and Validation of Security during the Vehicle Lifecycle

• Uncovering weaknesses in the design phase by threat and risk analysis
• Security testing during the development process
• Catching vulnerabilities before production -  Penetration testing and what makes automotive different
• Existing penetration testing frameworks and methodologies and how they apply to the automotive world

Sebastian Kutzner, Penetration Tester, ESCRYPT GmbH, Germany

Better Fuzz-testing of cyber-physical Systems

• An overview of state-of-the-art fuzzing techniques
• The challenges specific to fuzzing cyber-physical systems
• New approaches for more efficient fuzzing of cyber-physical systems

Dipl.-Inform. Jan Steffan, Group Manager Security Analyses and Tests, Fraunhofer SIT, Germany

Networking & Coffee Break

IV. Live Hack

Vehicle Security has a long Way to go

• Discussion and demonstrations of the security flaws often find in IVIs, TCUs and telematics platforms
• From rogue firmware updates to leaking of real-time GPS positions of entire vehicle fleets
• From local exploits and unlocking premium features to remote code execution
• Key security issues and advice how design them out of new models

Ken Munro, Partner, Pen Test Partners, United Kingdom

V. Vehicle Security – Technology Developments

Threats and Solutions in Automotive Sensors Cyber Security

• Vulnerabilities in automotive most common sensors and incidents analysis
• In-depth analysis and research of automotive LiDAR and Radar vulnerabilities
• Vulnerabilities of automotive GNSS and Satellite Navigation
• ADAS and autonomous cyber security best practices

Dror Katalan, Chief Engineer, Regulus Cyber, Israel

Lunch

Automotive Ethernet: The Devil is in the Fragments

• New cyber security risks and challenges posed by Automotive Ethernet
• Deep dive into a design flaw discovered by Argus research team in ethernet packet fragmentation mechanisms
• Protecting ECUs from exploitation in an Ethernet environment

Shiran Ezra, Product Director, Argus Cyber Security, Israel

Secure Service oriented Architecture (SSOA) for connected Vehicles

• Overview of modern service oriented ECU architectures
• Security challenges with SOA and secure concepts
• High Performance vs. strict security
• Future architectures

Dionis Teshler, CTO, co-author: Idan Nadav, VP R&D, both: GuardKnox, Israel

VI. Future Trends

Post-Quantum Cryptography: Future Trends in Automotive

• Introduction into the topic of post-quantum cryptography (PQC)
• Discussion of new upcoming threats with the existence of quantum computer
• Overview on research and standardization activities on PQC
• Case study on PQC signature scheme in classic AUTOSAR

Prof. Dr. rer. nat. Steffen Reith, Design Computer Science and Media, RheinMain University, Dr.-Ing. Marc Stöttinger, Senior Specialist Security & Privacy, Elektrobit Automotive GmbH, both: Germany

And not one IOTA more! Using DLT to enable secure Car Communication, Authentication, Billing and Payment

• Identify and authenticate vehicles, PoS and ECUs
• Conduct secure payments
• Validate communication content
• Secure communication without certificates

Dipl.-Ing. oec. Sebastian Rohr, CISSP/CISA/CISM, CTO and Co-Founder, accessec GmbH, Germany

Conference Chair‘s closing Remarks

End of Conference