7th International VDI Conference - Cyber Security for Vehicles

Registration & Welcome Coffee

Chair’s Welcome & Opening Address
Dr. Mathias Dehm, Head of Security & Privacy Research and Governance, Continental AG, Germany

I. Regulations, Standards & Processes

Opening Keynote

Impact of Cyber Security Regulations on an OEM

• Impact on processes
• Impact on risk management
• Technical impacts on vehicles

Pierre Gachon, Cybersecurity Expert Leader, Groupe Renault, France

Automotive Cyber Security Technology Innovations in Times of UNECE Regulations

• How UNECE (IEC 21434) not only affects processes but also technology innovation
• Robustness of ADAS against adversarial attacks on AI-based systems
• What cyber security can do for AI & vice versa

Michael Eisenbarth, Head of Cyber Security Research Lab, ZF Friedrichshafen AG, Germany

Compliance with ISO/SAE 21434 – A Semiconductor Supplier‘s Perspective

• Implementing the requirements in our policies & procedures
• Applying the requirements to components developed out-of-context
• Practical experience & challenges

Timo van Roermund, Director Automotive Security, NXP Semiconductors, Germany

Networking & Coffee Break

Cyber Security Management Systems vs. Information Security Management Systems – Two Sides of the Same Coin?

• CSMS as a connector between Vehicle and IT World
• ISMS/CSMS/QMS – differentiation and comparability
• Automotive-SMS – a combination approach to use synergies

Alexander Ersoy, Head of Automotive Cybersecurity Regulations & Policies, Miriam Gruber, Chief Security Architect, both: Car.Software Org, Germany

Cybersecurity Defense System, Industry Standards & the Ecosystem of Intelligent Connected Vehicles in China

• Industry standards & the safety/security ecosystem in China
• Importance & necessity of Cyber Security Defense in L3+ autonomous driving & software-defined vehicles
• Full defense system including ECU-host, in-vehicle network, transmission in/ out-vehicle, security ecosystem

Dr. Jin Shang, CEO/CTO, AICC Inc., China

Lunch

II. Secure Architectures

Best Practices for Building Security Protocols

• Security protocols, e.g. authentication, key establishment or key transport, are at the heart of modern communication systems
• Careful design of a security protocol is crucial: Flawed protocols cause severe vulnerabilities which completely destroy security even in the case of a perfect implementation or an unbroken cryptosystem
• Guidelines & best practices for building security protocols, useful also for the automotive domain, which avoid the most common mistakes

Dr. Josef Wagenhuber, Specialist Development, BMW Group, Germany

Starting up MACsec for Automotive Ethernet

• MACsec can protect many more messages than other solutions – does this make it the best solution?
• What key exchange options exist & what are their implications
• Finding the missing pieces – startup performance & optimization options

Dr. Lars Völker, Technical Fellow, Technica Engineering GmbH, Germany

Interactive World Café Sessions

Directly engage with international experts in these highly interactive sessions. Discuss current challenges, needs, and solutions with your peers!

• Optimal Integration of Security in a Company, Stefan Römmele, Head of Security & Privacy Competence Center, Continental AG, Germany

• Requirements & Needs for Future Security Architectures, Miriam Gruber, Chief Security Architect, Car.Software Org, Germany

• Automated Security Testing in Agile Product Development, Rakshith Amarnath, R&D Project Lead, Robert Bosch GmbH, Germany

Networking & Coffee Break

III. Intrusion & Anomaly Detection

An AUTOSAR-Based Solution for Automotive Intrusion Detection Systems

• Challenges that have prevented the broad adoption of automotive IDS in the industry
• The standardized technical infrastructure & protocols for IDS released with the latest AUTOSAR version
• The opportunity for reducing the cost & effort for implementing automotive IDS

Dr. Eduard Metzker, Principal Solution Manager, Vector Informatik GmbH, Germany

Intrusion Detection for SOME/IP: Challenges & Opportunities

• Scarcity of published work on intrusion detection in cars, in particular for service-oriented communication
• Discussion of selected challenges & opportunities for intrusion detection in SOME/IP
• Proposal of an architecture for a SOME/IP intrusion detection system, discussion of its security properties & report of preliminary experimental results

Dr. Paul Duplys, Program Lead „Security, Privacy & Safety“ & Senior Manager, co-author: Tobias Gehrmann, Security Researcher, all: Robert Bosch GmbH, Germany

Intrusion & Anomaly Detection in Cooperative Intelligent Transportation Systems (C-ITS)

• Overview: C-ITS Security (as part of overall vehicle cyber security)
• Overview of intrusion & anomaly detection in C-ITS
• Principles and framework(s)

Tim Leinmüller, Manager Corporate R&D, Denso International Europe, Germany

End of Conference Day 1

At the end of the first conference day we kindly invite you to use the relaxed and informal atmosphere for in-depth conversations with other participants and speakers.

IV. V2X Security & Privacy

Security & Privacy Challenges of Connected Vehicles to Cloud Based Infrastructures & Services

• Cloud based infrastructure for connected vehicles & security issues
• Privacy & security of cloud based services & impact on automotive areas
• Tools for & attacks on cloud based infrastructures
• Role of regulations

Dr. Hosnieh Rafiee, Mainframe Group / Security Expert in Automotive, Cloud & IT Systems, Volkswagen AG, Germany

The Privacy Paradox in Automated & Connected Vehicles

• 64% see data privacy as a criterion when buying a new car
• In practice most modern cars do not implement privacy by design
• How to improve privacy in vehicles with organizational & technical measures

Florian Stahl, Team Manager, AVL, Germany

Towards a Common Cybersecurity ITS Model

• Model-based engineering
• Homogenization of ITS standards
• Ecosystem or system of system viewpoint

Dr. Christophe Jouvray, Product Cybersecurity Regulation & Norms Manager, Valeo SA, Antonio Kung, CEO, Trialog, all: France

Networking & Coffee Break

V. Threat & Risk Assessment

The CTI – Cybersecurity of Intelligent Transportation Project & Its Method for Risk Analysis

• Project consortium, three industries: automotive, railway & aeronautics
• Project approach: cyber security add-ons to all phases of product’s lifecycle
• Project outcomes: secure and supervised architecture, validation methodology
• Focus on Computer Aided Risk Analysis & autonomous car use case

Dr. Witold Klaudel, Research Project Leader, co-author: Dr. Artur Rataj, Senior Researcher, both: Institute for Technological Research (IRT) SystemX, France

Threat Analysis Methods & Tools

• Automating automotive cyber security risk identification & assessment
• Reuse of assets & upkeep of threat information
• Identification of attack paths & rating of attack likelihood

Christoph Schmittner, Safety & Security Engineering, AIT Austrian Institute of Technology GmbH, Austria

Lunch

VI. Incident Management & Response

Cyber Secure Monitoring and Incident Response for Vehicular Systems

• Introduction & motivation of security monitoring & secure operation centers for vehicle fleets
• Challenges in incidence response for safety critical systems; translation of fail-safe and fail-operational concepts to incidence response
• Exemplification of the incidence response processes containment, recovery & eradication for vehicles

Prof. Dr. Falk Langer, Team Manager Connected Software Systems & Services, co-author: Lukas Stahlbock, Systems Engineer, all: IAV GmbH, Germany

Investigating Security Incidents in the Vehicle with Input from Threat Intelligence in a Security Operation Center Solution (tbc.)

• tba.

Adi Dubin, Director of Product Management, Argus Cyber Security Ltd., Israel

Networking & Coffee Break

The Auto-ISAC and its Approach to Improving Automotive Security

• What is an ISAC & how does the Auto-ISAC work?  
• Success stories from the Auto-ISAC & examples of sharing within the AutoISAC

Robert Kaster, Chief Technical Expert, Robert Bosch LLC., Auto-ISAC Global Task Force Europe Chair, Tobias Gärtner,Vehicle Cybersecurity Specialist, US Incident Response Lead, BMW NA, Auto-ISAC Global Task Force Europe Vice-Chair (2020- 2021), all: USA

Harmonizing Cybersecurity Across the Automotive Ecosystem

• Need for a new, comprehensive approach to automotive cybersecurity lifecycle management that enables harmonized communication across the entire ecosystem.
• Proposal of a practical, uncomplicated approach to cybersecurity lifecycle management that enables vertical integration, empowers OEMs & Tier 1s to own every step of the security lifecycle & equips them with the agility required to identify & respond to attacks quickly

Chair‘s Closing Remarks

End of Conference