5th VDI Conference - Cyber Security for Vehicles

Registration & Welcome Coffee

Chair‘s Welcome and Opening Address
Dr. Mathias Dehm, Head of Security & Privacy Research and Governance, Continental AG, Germany

I. Regulations, Certifications & Standardization

Future UNECE Regulations on Cyber Security and SW Updates

• Draft requirements on cyber security and SW updates (incl. over the air)
• Progress of test phase with some voluntary manufacturers and authorities
• Adoption of the final regulation and implementation all over the world

Dr.-Ing. Kai Frederik Zastrow, Master Expert Regulation Certification Standards, PSA Groupe, France

Sticking the Bricks of Road Vehicles’ Life-Cycle together – Mapping of relevant Standards and Regulations

• Overview of road vehicles’ life-cycle
• Landscape of security standards for road vehicles
• Mapping ISO/SAE 21434 to UN regulation on cyber security
• Standardizing software updates engineering

Dr. Markus Tschersich, Manager Security & Privacy Standardization & Regulatory Affairs, Continental AG, Germany

Automotive Cyber Security Risk Treatment

• Identifying and assessing cyber security risks
• Examples for cyber security risk treatment
• Collaboration on risk mitigation within the automotive supply chain

Matthias Hense, Automotive Cybersecurity (Regulations & Standardization), BMW Group, Germany

Trends of Security and Privacy Policy in China

• China’s approach towards ensuring vehicle security
• Biggest challenges for implementing a regulatory framework
• Introduction of CICV‘s „Shield“ project

Jian Wang, CTO, China Intelligent and Connected Vehicles Research Institute Co., Ltd (CICV), China

Lunch

Considerations for regulating Vehicle Cyber Security – An US Perspective

• How setting standards and regulating cyber security is different than traditional FMVSS
• Evolving the traditional regulatory framework to incorporate best practice, guidance and process improvement
• Mechanisms to better align incentives to improve the fleet‘s overall cyber security posture

Chan. D. Lieu, Senior Legislative Advisor, Venable LLP, USA

II. Lessons Learned – Examples of Practice

Cyber Security Threats against the Automotive Industry

• What are some of the top cyber security breaches and trends
• How cant the industry work together to mitigate the threats
• Lessons learned from the past

Matt Summers, Vice President Engagement Management, AON, UK

Panel: How to be compliant? Impact of regulations and certifications?
Dr.-Ing. Kai Frederik Zastrow, PSA Groupe, France
Dr. Markus Tschersich, Continental AG, Germany
Jian Wang, CICV, China
Chan. D. Lieu, Venable LLP, USA
Dr. Evangelos Ouzounis, ENISA, Greece
Moderated by: Beau Woods, I Am The Cavalry, USA

Challenges & Opportunities in Forensic Analysis for Vehicles & Future Automotive Systems

• State-of-the-art vehicles and their forensic readiness
• Research challenges for forensoc analysis in automotive systems
• What are we heading to with future automotive systems
• Opportunities for forensic analysis in future vehicles

Kevin Klaus Gomez Buquerin, Incident Responder/MSc Student, Audi AG/TU Ingolstadt, Germany

Networking & Coffee Break

Autonomous Vehicle Cyber Security Forensics & Threat Hunting

• Challenges and practices
• Advantages and drawbacks of tools, tactics and practices employed in the vehicle design stages and post production
• Securing a better respond to cyber security events and incidents

John Gomez, CEO, Sensato Cybersecurity Solutions, USA

World Cafés:

What has to be considered when applying AI in Cyber Security? For what kind of use Cases can AI be considered? Daniel Fulger, Altran
How to achieve a systematic Approach to Automotive Cyber Security Testing? Orhun Süzer, Vector Consulting Services, Germany
IT Security and Data Protection for Electro Mobility: What Steps have to be taken? Prof. Dr. Christoph Krauß, Fraunhofer SIT, Germany
What is needed to secure Vehicles from malicious Malware? Nathaniel Meron, c2a-security, Israel
Security in 5G/V2X Communication – What kind of Security is necessary? Ian Smith, GSMA, UK

End of Conference Day one

III. Security Testing

Creating a security-aware Organization

• Establishing a comprehensive cyber security program in global organization
• Making security an integral part of (existing) engineering processes
• Fostering a company-wide culture of training & awareness
• Establishing a product security incident management and response process
• Threat intelligence collection and collaboration with researchers

Timo van Roermund, Director Automotive Security, NXP Semiconductors, Germany

Verification and Validation of Security during the Vehicle Lifecycle

• Uncovering weaknesses in the design phase by threat and risk analysis
• Security testing during the development process
• Catching vulnerabilities before production - Penetration testing and what makes automotive different
• Existing penetration testing frameworks and methodologies and how they apply to the automotive world

Sebastian Kutzner, Penetration Tester, ESCRYPT GmbH, Germany

Better Fuzz-testing of cyber-physical Systems

• An overview of state-of-the-art fuzzing techniques
• The challenges specific to fuzzing cyber-physical systems
• New approaches for more efficient fuzzing of cyber-physical systems

Dipl.-Inform. Jan Steffan, Group Manager Security Analyses and Tests, Fraunhofer SIT, Germany

Networking & Coffee Break

IV. Live Hack

Vehicle Security has a long Way to go

• Discussion and demonstrations of the security flaws often find in IVIs, TCUs and telematics platforms
• From rogue firmware updates to leaking of real-time GPS positions of entire vehicle fleets
• From local exploits and unlocking premium features to remote code execution
• Key security issues and advice how design them out of new models

Tony Gee, Associate Partner & Speaker, Pen Test Partners, UK

V. Vehicle Security – Technology Developments

Threats and Solutions in Automotive Sensors Cyber Security

• Vulnerabilities in automotive most common sensors and incidents analysis
• In-depth analysis and research of automotive LiDAR and Radar vulnerabilities
• Vulnerabilities of automotive GNSS and Satellite Navigation
• ADAS and autonomous cyber security best practices

Dror Katalan, Chief Engineer, Regulus Cyber, Israel

Lunch

Automotive Ethernet: The Devil is in the Fragments

• New cyber security risks and challenges posed by Automotive Ethernet
• Deep dive into a design flaw discovered by Argus research team in ethernet packet fragmentation mechanisms
• Protecting ECUs from exploitation in an Ethernet environment

Shiran Ezra, Product Director, Argus Cyber Security, Israel

Secure Service oriented Architecture (SSOA) for connected Vehicles

• Overview of modern service oriented ECU architectures
• Security challenges with SOA and secure concepts
• High Performance vs. strict security
• Future architectures

Dionis Teshler, CTO, co-author: Idan Nadav, VP R&D, both: GuardKnox, Israel

VI. Future Trends

Post-Quantum Cryptography: Future Trends in Automotive

• Introduction into the topic of post-quantum cryptography (PQC)
• Discussion of new upcoming threats with the existence of quantum computer
• Overview on research and standardization activities on PQC
• Case study on PQC signature scheme in classic AUTOSAR

Prof. Dr. rer. nat. Steffen Reith, Design Computer Science and Media, RheinMain University, Dr.-Ing. Marc Stöttinger, Senior Specialist Security & Privacy, Elektrobit Automotive GmbH, both: Germany

And not one IOTA more! Using DLT to enable secure Car Communication, Authentication, Billing and Payment

• Identify and authenticate vehicles, PoS and ECUs
• Conduct secure payments
• Validate communication content
• Secure communication without certificates

Markus Soppa, CEO, accessec GmbH, Germany

The Mobility Open Blockchain Initiative - How the Automotive Industry is jointly approaching Blockchain

• What is MOBI?
• Focus of MOBI Working Groups
• Exploring the value of blockchain and distributed ledger technologies

Dr. Christian Köbel, Project Engineer, Honda R&D Europe GmbH, Germany

Conference Chair‘s closing Remarks

End of Conference