6th International VDI Conference - Cyber Security for Vehicles

Registration & Welcome Coffee

Chair’s Welcome & Opening Address
Dr. Mathias Dehm, Head of Security & Privacy Research and Governance, Continental AG, Germany

I. Regulations & Standards

Regulatory Approach to Cyber Security & Managing Software Updates at the UNECE

• Overview of the work undertaken at the UNECE in this field
• Proposed regulations & the approach adopted
• How an assessment might be made & supporting documents provided

Dr. Darren Handley, Chair of UN Task Force on Cyber Security & OTA Issues & Cyber Security Lead, Department for Transport, UK

ISO 21434 Road Vehicles – Cyber Security: Impact & Application

• Relation between UNECE WP 29 & ISO 21434
• Impact on the automotive industry & strategy to implement the requirements
• Audit & assessments

Dr. Markus Tschersich, Manager Security & Privacy Standardization & Regulatory Affairs, co-author: Dr. Mathias Dehm, Head of Security & Privacy Research and
Governance, both: Continental AG, Germany

Networking & Coffee Break

AUTOSAR: Two Platforms enabling the Development of Secure Systems

• AUTOSAR release 19-11 & retrospective on cyber security features
• Adaptive & classic platforms: Compatibility on features & network level
• Securing service oriented communication

Adrian Baruta, Senior Engineer, Toyota Motor Europe, Belgium

II. Strategy & Industry Collaboration

The ROI of Cyber Security for Automotive

• Current industry investments in security & status of attacks on automotive
• Misalignment between industry investments & real-world attacks
• Proposed investment methodology to address threats & manage risks

Nir Berman, CTO, Automotive Cybersecurity BU, Harman, Israel

Auto-ISAC in Europe: Addressing European Needs for Automotive Security Information sharing

• What is the mission of the Auto-ISAC & who leads the organization?
• Why does an integrated global Auto-ISAC make sense?
• How can the Auto-ISAC work in Germany & Europe?

Robert Kaster, Chief Technical Expert, Robert Bosch LLC., USA & Dr. Christophe Jouvray, Cybersecurity & Privacy Senior Expert, Valeo, France

Lunch

III. Security Testing

Security Testing: From TARA to Test Coverage & Regression Strategies

• Standards & methods for security testing, ISO 21434 in practice
• Security verification & validation along the life-cycle
• Test-oriented requirements engineering for security
• Grey-box penetration testing for efficient testing

Prof. Dr. Christof Ebert, Managing Director, Vector Consulting Services, Germany

Automotive Pentesting: Implementation & Scaling Challenges

• Pentesting in the automotive industry: Challenges in theory and practice
• From product to project: Scoping
• Opportunities of pentest automation & use of secunet redbox

Felix Friedrich, Head of Sector Pentest & Hardware Security, Secunet Security Networks, Germany

Interactive World Café Session – Exemplary Topics

• How to Successfully Establish & Prove Conformity of Cyber Security Management Systems - Escypt GmbH
• Integrated Safety & Security Development – Kugler Maag Cie GmbH
• AI & Safety – Cyres Consulting Services GmbH
• Hardware Security from Rail to Road – Siemens AG

Networking & Coffee Break

IV. Secure E/E Architectures

Bastion: A Trust Anchor in the E/E Architecture

• Bastion as trust anchor for connected & automated vehicle security & safety
• Different levels of security services to cover low- to high-end architectures
• Integration: How to segregate networks & operate such security elements
• Need for synergies between bastion security services

Dr. Christophe Jouvray, Cybersecurity & Privacy Senior Expert, Valeo, France

Cyber Security for Automotive Ethernet Networks

• Expanding coverage of attacks targeting Automotive Ethernet networks: Invehicle IDS & Automotive SOC working together
• Case studies using real attack scenarios on Automotive Ethernet networks
• Analysis & mitigation of Automotive Ethernet attacks in an Automotive SOC

Matan Atad, Director, Security Architecture, Argus Cyber Security Ltd., Germany

Building a Vehicle Security Architecture

• Security assets & goals
• Attacker & threat model
• Technologies to secure

Dr.-Ing. Andre Kohn, Security Engineer, co-author: Alexander Tschache, Security Engineer, both: Volkswagen AG, Germany

End of Conference Day one

Get-together
Relaxed and informal atmosphere for in-depth conversations with other participants and speakers.

V. V2X Security

V2X Communication Security & Cyber Security

• V2X security protocols, PKI & key management
• Differences between the USA & China
• Cyber security & hardware security requirements of the V2X unit
• Crypto-agility in V2X

Dr. André Weimerskirch, VP Cybersecurity & Functional Safety, Lear Corporation, USA

Cellular V2X Standards & Security

• Current status & overview of C-V2X standardization
• 4G LTE & 5G NR
• C-V2X security
• Industry collaborative efforts

Ian Smith, IoT Security Director, GSMA, UK

Security & Privacy Challenges of Connected Vehicles to Cloud Based Infrastructures & Services

• Cloud based infrastructure for connected vehicles & security issues
• Privacy & security of cloud based services & impact on automotive areas
• Tools for & attacks on cloud based infrastructures
• Role of regulations

Dr. Hosnieh Rafiee, Cockpit Electronic/ Security Expert in Automotive, Cloud and IT Systems, Volkswagen AG, Germany

Intrusion & Anomaly Detection in Cooperative Intelligent Transportation Systems (C-ITS)

• Overview: C-ITS Security (as part of overall vehicle cyber security)
• Overview of intrusion & anomaly detection in C-ITS
• Principles and framework(s)

Tim Leinmüller, Manager Corporate R&D, Denso International Europe, Germany

Networking & Coffee Break

VI. Intrusion & Anomaly Detection

CANet: An Unsupervised Intrusion Detection System for High Dimensional CAN Bus Data

• Machine learning based intrusion detection system for the controller area network
• Synthetic benchmark data set for CAN intrusion detection systems
• Comparision between learning based methods

Dr. Holger Ulmer, Chief Expert Machine Learning, co-authors: Dr. Markus Hanselmann, Machine Learning Expert, Dr. Thilo Strauss, Machine Learning Engineer, all: ETAS GmbH, Germany

Security Areas and Modular IDPS – Architecture Design Elements protecting Automotive Ethernet Networks

• Two architecture design elements: Security Areas and IDPS; definiton of security areas to restrict attack surface
• Modular IDPS consisting of vehicular sensors, actuators & controllers & cloud-based SOC platform
• Anomaly detection on different levels considering latency, automation level & impact

Dr. Michael Ziehensack, VP Automotive Networks, co-author: Dr. Georg Gaderer, Senior Manager Automotive Networks, both: Elektrobit Austria GmbH, Austria

Automotive-IDS, SIEM & SOC for Connected Vehicles

• ECU-installed automotive Intrusion Detection System (IDS) for monitoring in-vehicle network traffics & host
• Cloud-based Security Incident and Event Management (SIEM) system with visualization of the related logs
• Automotive Security Operation Center (SOC) for efficient incident response

Yoshihiro Ujiie, Staff Engineer, Business Innovation Division, Panasonic Corporation, Japan, co-author: Ryo Hirano, Senior Security Professional, both: Panasonic R&D Center Germany GmbH, Germany

Lunch

VII. Security for Automated Vehicles

Conquering Safety & Security in Autonomous Vehicles

• Safety & security needs & requirements of autonomous cars
• Considering safety & security already in concept phase
• Multilayer measures & validation techniques

Dr. Daniel Große, DFKI CPS Bremen, Germany

Adversarial Attacks on AI-Based Automotive Systems

• Machine learning applications in the automotive industry
• Consequences in vehicle‘s behaviour when misclassifying objects
• Methods for generating adversarial attacks and reality check

Elpidoforos Arapantonis, Cyber Security Engineer, Active Safety, Volvo Cars, Sweden

Autonomous Security for Self Driving Vehicles

• Baking security into the development lifecyle is easier said than done
• Most agile development teams struggle to shift left
• Self defending systems are the way to go to scale security development

Suchit Mishra, CISO, Autonomous Intelligent Driving GmbH, Germany

Chair‘s Closing Remarks

End of Conference