In nations that follow these regulations (e.g. EU members, Japan, Republic of Korea, etc.), automakers selling cars for these markets must have certain capabilities in place to monitor, detect, mitigate, and ultimately fix vulnerabilities in cars that malicious actors could compromise.
54 countries are signatories to the 1958 UNECE agreement, and are likely to adopt these regulations at some point in the future, though many plan to do so in the near term.
54 countries are signatories to the 1958 UNECE agreement, and are likely to adopt these regulations at some point in the future, though many plan to do so in the near term.
54 countries are signatories to the 1958 UNECE agreement, and are likely to adopt these regulations at some point in the future, though many plan to do so in the near term.
54 countries are signatories to the 1958 UNECE agreement, and are likely to adopt these regulations at some point in the future, though many plan to do so in the near term.
54 countries are signatories to the 1958 UNECE agreement, and are likely to adopt these regulations at some point in the future, though many plan to do so in the near term.54 countries are signatories to the 1958 UNECE agreement, and are likely to adopt these regulations at some point in the future, though many plan to do so in the near term.
Report
Share
Report
Share
1 of 12
More Related Content
Similar to Strategy Analytics - Automotive Cyber Security - Oct 2020.pptx
Automotive Cybersecurity: Shifting into Overdriveaccenture
The automotive industry is facing new challenges in cybersecurity as vehicles become more connected and remote work increases due to the pandemic. An elite group of 18% of automotive companies have significantly higher cybersecurity performance by investing over 20% of budgets in advanced technologies like AI and SOAR. However, most companies' security investments are failing. As vehicles become more connected through partnerships, overseeing ecosystem cybersecurity practices will be critical as 41% of breaches come through indirect attacks. Regulations are also increasing responsibilities for manufacturers to implement cybersecurity measures across product lifecycles. To adapt, companies need to take an end-to-end approach, look beyond boundaries to ecosystem partners, and engage proactively with regulators and industry groups
The document discusses a webinar on system modernization among APAC insurers. It provides an overview of the webinar agenda, which includes a discussion on how system modernization can enhance customer experience while reducing costs. It also shares key findings from a Forrester study on the system modernization landscape in APAC. The study found that most insurers see system modernization as critical to business success but face challenges modernizing legacy systems. Claims management systems were the highest priority for modernization. Most insurers are taking steps like cloud migration and retooling core systems rather than replacing or retiring them.
This document discusses how continuous delivery of software is putting pressure on security teams to keep up with frequent releases. It describes how leading companies are using Fortify's application security solutions to scan more applications faster, better prioritize issues, and integrate security testing throughout development. By shifting security left to earlier phases, these companies find and fix vulnerabilities sooner, reducing remediation time and allowing for faster software delivery cycles to support business needs. The document surveys software security operations at several large financial, energy, and technology companies to evaluate how Fortify helps with scan setup, performance, triaging, remediation, and scalability.
Our second annual Ponemon Institute Survey tells us there's a growing concern that hackers will target automobiles, and the lack of skilled personnel impedes secure software development.
Satellite communication provides a secure and reliable solution for connected vehicles. It offers several key benefits:
High security due to fewer entry points than terrestrial networks. Updates can be distributed securely via private satellite broadcast networks.
Global coverage allows vehicles to be updated anywhere instantly and reliably without terrestrial dependencies. The network can scale globally as needed.
Comprehensive security programs throughout development and operation, including reducing attack surfaces, authentication, monitoring for threats, and fast global remediation for any issues discovered help ensure safety.
V2 V V2 I Apps Come To Michigan Test Bed Article 9 1 11coachdave
Connected Car technologies come to Michigan. Michigan is the place to come to test new connected car technologies, which is never more true than today! Over the last year we have seen a significant expansion of the connected vehicle test bed, called Michigan Development Test Environment (DTE) from the Novi area to Telegraph road for new Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) applications.
FASTR (Future of Automotive Security Technology Research) is an organization that works with the automotive ecosystem to enable organically secure vehicles of the future. As vehicles become more software-focused, connected, and autonomous, the cyber attack surface is expanding significantly. FASTR will accelerate automotive security innovation by catalyzing key technologies through a community of OEMs, suppliers, universities, and security companies. FASTR takes a layered defense-in-depth approach, with workgroups focusing on in-vehicle systems, connectivity/cloud, and autonomous applications. The goal is to provide proof points in these areas by 2017 to help build trust in autonomous vehicles.
Security Architecture for Cyber Physical SystemsAlan Tatourian
The document discusses considerations for automotive cybersecurity. It begins with two quotes about trust and progresses through discussing technological advances, architecture goals, security goals, advanced design concepts, and concludes with an agenda. The document covers a wide range of topics related to automotive cybersecurity including hardware security, software security, safety and reliability, cryptography, and system architecture.
Increasing Efficiency of ISO 26262 Verification and Validation by Combining F...RAKESH RANA
Increasing Efficiency of ISO 26262 Verification and Validation by Combining Fault Injection and Mutation Testing with Model Based Development
Presented at:
8th International Joint Conference on Software Technologies, ICSOFT-EA, Reykjavík, Iceland, 2013
Get full text of publication at:
http://rakeshrana.website/index.php/work/publications/
Intelligence on the Intractable Problem of Software SecurityTyler Shields
More than half of all software failed to meet an acceptable security level and 8 out of 10 web applications failed to comply with OWASP Top 10. Cross-site scripting was the most prevalent vulnerability across all applications. Third-party applications were found to have the lowest security quality, though developers repaired vulnerabilities quickly. Suppliers of cloud/web applications were most frequently subjected to third-party risk assessments. No single testing method was adequate by itself, and financial industry application security did not match business criticality.
Achieving Software Safety, Security, and Reliability Part 2Perforce
In Part 2, we will focus on the automotive industry, as it leads the way in enforcing safety, security, and reliability standards as well as best practices for software development. We will then examine how other industries could adopt similar practices.
This document discusses securing low-code/no-code applications and introduces Nokod Security's solution. It outlines that 65% of applications will be based on low-code by 2024 which introduces new security challenges as apps can be created without proper security processes. Nokod Security aims to empower organizations by providing tools and intelligence to prevent cyber attacks and data breaches through low-code apps. Their solution includes an application security portal, engine, and data lake to analyze apps. It provides metrics on the TAM and outlines plans for product development, go-to-market strategy, and fundraising.
Software Pricing and Licensing Survey Results and 2012 PredictionsFlexera
The document summarizes the results of a survey on software pricing and licensing trends. It found that while perpetual licensing still dominates, subscription models are growing. Virtualization adoption is widespread but license management remains a challenge. Usage-based pricing is gaining popularity among vendors and customers track usage mainly for compliance. Cloud computing is a major trend driving changes like new monetization models. Overall licensing strategies are expected to undergo moderate or significant changes in the next two years as the industry continues shifting rapidly.
The document summarizes a report on the global video analytics market. It discusses key findings such as the market growing at a CAGR of 23.43% by 2025. It covers the market segmented by application, deployment, vertical, type, and region. Major players discussed include intuVision, PureTech Systems, Gorilla Technology, and Cisco Systems. The report provides an in-depth analysis of market trends, competitive landscape, and growth opportunities in the global video analytics industry.
Retail Industry Application Security Survey InsightsVeracode
Wondering why retail applications are insecure? This survey shows why retail IT and security teams have a huge gap to close when it comes to securing their applications.
Driving Risks Out of Embedded Automotive SoftwareParasoft
Automobiles are becoming the ultimate mobile computer. Popular models have as many as 100 Electronic Control Units (ECUs), while high-end models push 200 ECUs. Those processors run hundreds of millions of lines of code written by the OEMs’ teams and external contractors—often for black-box assemblies. Modern cars also have increasingly sophisticated high-bandwidth internal networks and unprecedented external connectivity. Considering that no code is 100% error-free, these factors point to an unprecedented need to manage the risks of failure—including protecting life and property, avoiding costly recalls, and reducing the risk of ruinous lawsuits.
DevOps Will Save The World! : Public Safety, Public Policy, and DevOps In Context
Joshua Corman, CTO, Sonatype
Link to video: https://www.youtube.com/watch?v=K-hskShNyoo
The document summarizes Strategy Analytics' analysis of the automotive driver monitoring market. It finds that the market will experience strong growth over the next few years, driven by regulations from organizations like Euro NCAP that require direct monitoring of the driver. Strategy Analytics predicts the use of internal cameras will grow at a 70% compound annual rate from 2021-2026. Conventional 2D cameras with IR illumination will dominate short-term due to cost pressures, though software will become increasingly important over time as vehicle architectures shift.
The 10 most advanced automotive tech companies of 2020Mirror Review
Our latest magazine, “The 10 Most Advanced Automotive Tech Companies of 2020,” features the advanced automotive tech companies that are bringing new technologies and solutions to
transform the industry. These companies are delivering different solutions, but their key aim is to reshape the world.
Similar to Strategy Analytics - Automotive Cyber Security - Oct 2020.pptx (20)
Expert Mercedes Car Clutch Services Smooth Gear Shifts and Enhanced Driving P...Motronix
Expert Mercedes Car Clutch Services ensures smooth gear shifts and enhanced driving performance. Our skilled technicians specialize in Mercedes vehicles, providing top-notch clutch repairs and replacements. Trust us for reliable service, using high-quality parts for maximum efficiency and longevity. Experience the difference in your driving with our expert care and attention to detail. Satisfaction and performance guaranteed.
Hyundai IONIQ 5 N TA’s debut at 2024 Pikes Peak International Hill ClimbHyundai Motor Group
Hyundai IONIQ 5 N TA Spec makes its grand debut at the 2024 Pikes Peak International Hill Climb with Dani Sordo setting a new record for the Electric Modified and Production SUV/Crossover categories!
Discover more details on the IONIQ 5 N TA Spec and the Race!
Power Metering Market Global Trends and Forecast Analysis (2023-2032)PriyanshiSingh187645
The Power Metering Market is projected to grow from USD 21,125 million in 2024 to USD 32,322.05 million by 2032, reflecting a robust compound annual growth rate (CAGR) of 5.46%.
Design of Automatic Car Washing System and Construct Prototype.pdfrahulchaure14
Design of Automatic Car Washing System and Construct Prototype
all information on this project design calculation, arduino program, proto model 3d model
International Journal of Microwave Engineering (JMICRO)jmicro
International Journal of Microwave Engineering (JMICRO) is a peer-reviewed, open access journal which invites high quality manuscripts that focuses on Engineering and theory associated with microwave /millimeter-wave technology, guided wave structures, electromagnetic theory and implementation. Authors are invited to submit original research works that stimulate the development of latest technology in industry and academia. Good quality review papers and short communications are also acceptable.
Car seat adjustment is an important part of being a good driver. You have developed the habit of tracking your driving habits using a connected vehicle device. However, you haven’t trained yourself to adjust your car seat properly. That’s bad! For the best results, follow the steps in the slides below to properly adjust your car seat before driving.
3. WIRELESS CONNECTIVITY IN CARS
MANY ATTACK SURFACES
3
0
20,000
40,000
60,000
80,000
100,000
120,000
2018 2019 2020 2021 2022 2023 2024 2025 2026 2027
Units
in
000s
Bluetooth Embedded Cellular Wifi
• The cumulative number of
cars shipped with
embedded cellular
connectivity will total
570M vehicles between
2018 and 2027.
• Cars with Bluetooth make
up an even larger number
at 808M, cumulative,
shipped vehicles sold
between 2018 and 2027.
• Cars with Wi-Fi will total
520M cumulative units
shipped between 2018 and
2027.
4. REGULATIONS AND STANDARDS SET THE STAGE
4
On June 25, 2020, the UNECE announced it had formally adopted two new sets of regulations
as part of the broader WP.29 regulations. These new regulations include:
• UN Regulation on Cybersecurity and Cyber Security Management Systems
• UN Regulation on Software Updates and Software Updates Management Systems
In nations that follow these regulations (e.g. EU members, Japan, Republic of Korea, etc.),
automakers selling cars for these markets must have certain capabilities in place to monitor,
detect, mitigate, and ultimately fix vulnerabilities in cars that malicious actors could
compromise.
54 countries are signatories to the 1958 UNECE agreement, and are likely to adopt these
regulations at some point in the future, though many plan to do so in the near term.
Key Dates:
• These new regulations will apply as of January 2021.
• The EU plans to make these regulations mandatory for all new vehicle types from July 2022,
and for all new vehicles from July, 2024.
• Japan adopted these regulations for SAE Level 3 vehicles in April, 2020, and plans to adopt
it for all OTA update-capable vehicles as of November, 2020.
• The Republic of Korea plans to implement the regulation at a currently undecided future
date.
Other Regulations/Standards/Guidelines:
Standards:
• ISO 21434 (Road Vehicles – Cybersecurity Engineering,
draft)
• ISO 24089 (Software Updates)
• SAE J3101 (Hardware Protected Security)
• SAE J3061 (Cybersecurity Guidebook for Cyber-Physical
Vehicle Systems)
• AUTOSAR (Secure On Board Communications)
Other National Legislation/Guidelines:
EU
• GDPR
U.S.
• NHTSA Cyber Security Guidelines
• Proposed legislation (SELF DRIVE Act, AV Start Act)
• California - CCPA
China
• Cybersecurity Law
• Encryption Law (draft)
• SAC/TC114/SC34 (related to AV and Intelligent
vehicles; has a cyber security working group)
5. INDUSTRY CHALLENGES
5
The automotive industry is facing numerous challenges related to cyber security and must
work to implement a range of processes and technologies in a short timeframe.
• Compliance: For global OEMs, developing the processes and systems to document
compliance with the WP.29 UN Regulation on Cybersecurity and Cyber Security
Management Systems is going to be critical over the next few years.
• Software Asset Tracking: OEMs must start using systems that provide an inventory of,
and monitor, all the software running in each ECU in every deployed vehicle on roads.
• Operations: OEMs must either develop or expand the capabilities of internal teams that
will be actively monitoring fleets for cyber security threats and analyzing, and fixing (or
mitigating) existing vulnerabilities.
• Balancing Current and Next-Generation E/E Architecture Requirements: Although some
OEMs are able to move to next-gen E/E architectures over the next few years, not all
OEMs are moving at the same speed, and many will need to support legacy platforms for
years to come. But to comply with regulatory requirements, OEMs MUST secure those
legacy platforms, otherwise in many markets they simply won’t be able to sell cars.
6. SOFTWARE DEVELOPMENT TRENDS
6
6%
6%
39%
33%
I don't know Less than 5%
10-25% Over 25%
The survey: Developed in partnership with Aurora Labs, Strategy Analytics
collected survey responses between July 21st and August 10th, 2020.
Respondents included professionals working for automakers (22%), Tier 1s
(21%), software vendors (15%), semiconductor vendors (15%), industry
analysts (13%), and representatives of companies that don’t fall into those
categories (“Other.,” 14%). You can download the survey results here.
(Top right) What percentage of vehicle software will be developed in-house
by mass-market automotive manufacturers by 2025?
Automaker representative respondents (22%, or 41 individuals) most
strongly supported the “Over 25%” category, indicating their intent to do
more software development in-house over the next few years.
Total Number of Respondents: 220
(Bottom right) Do you expect this trend to increase over time?
The majority of respondents said they believed this trend would continue.
Total Number of Respondents: 205
76%
24%
Yes No
7. SOFTWARE DEVELOPMENT TRENDS
7
How many different suppliers have
their code in a high-end vehicle?
Currently, software for high-end
vehicles comes from a wide range of
sources. The majority of respondents
believe (77%) believe that a minimum
of 10 different suppliers are providing
software for the average high-end car,
and 52% of respondents said a
minimum of 25 different suppliers are
involved. From a cyber security
perspective, this means it’s challenging
for OEMs to even track what software
is in their cars and whether any of that
software has existing vulnerabilities.
Total Number of Respondents: 211
9%
14%
25%
24%
28%
I don't know Less than 10 10 to 25 25 to 40 Over 50
8. SOFTWARE DEVELOPMENT TRENDS
8
9%
26%
25%
24%
I don't know Car year model 2024 Car year model 2027 Later than 2027
When do you expect more than 1
million vehicles per year, across the
globe, to be produced with more
powerful domain controller-based E/E
architectures?
Automotive OEM respondents were the
most polarized in their respondents,
reflecting that some plan to move very
quickly whereas others plan to use
legacy platforms for a number of years
to come. 52% of respondents believe
that the shift will occur for 2027-MY
vehicles or later.
Total Number of Respondents: 209
9. SOFTWARE DEVELOPMENT TRENDS
9
12%
19%
26%
36%
The user experience (zero downtime)
The overall cost of the solution (to the manufacturer)
The safety and redundancy of the solution
The security of the solution
In your opinion, what is the most
important for vehicle manufacturers
with regard to OTA updates?
The largest group of respondents said
“security” for OTA was the most
important to OEMs, though safety (at
26%) was a close second. Since safety
and security, in this case, are closely
linked, these responses indicate that
the industry believes it is focused on
reducing the potential for problems to
occur, either those caused by bad
actors or those caused by poor design
decisions, mistakes, and process-
related issues.
Total Number of Respondents: 193
10. SOFTWARE DEVELOPMENT TRENDS
10
18%
40%
42%
No, regulations will not speed deployment
Yes, regulating OTA safety and security will accelerate deployment
I am not aware of new regulations for OTA updates
Do you think the newly adopted
regulation on Software Update
Management Systems (UNECE WP.29)
will accelerate the deployment of OTA
updates beyond the infotainment
system?
The survey was global, and since the
regulations won’t apply in every region,
there’s no surprise that a percentage
were not aware of the new WP.29
regulations related to OTA updates. Of
those who were aware, the more than
double (at 40% of respondents) said
they thought having regulations would
speed up deployment.
Total Number of Respondents: 190
11. COLLABORATION
11
Challenges
• Regulations, e.g. UNECE WP.29, will require companies to collaborate more than ever before to find, mitigate or fix
vulnerabilities that could expose vehicle systems to cyber attacks.
• Fewer vehicles are selling due to COVID 19 and the current economic downturn (though sales forecasts for 2021
show improvements in sales volumes)
• The need to shift to EV powertrains and move forward with autonomous vehicle technologies.
• Managing vehicle connectivity on a large-scale basis, including large, fleet-wide OTA updates.
What is GENIVI doing to help the industry meet these challenges?
• GENIVI provides the opportunity to collaborate, specifically with the goal of helping to create tools and solutions
that companies can implement.
• “GENIVI doesn't want to just create best practices and standards if nobody uses them. We'll do the hard work,
[companies in the industry] need to implement them.”
• The GENIVI Security Team is open to industry professionals from across the industry, and is one of the GENIVI groups
that doesn’t require participants to be GENIVI members.
• One example project is OpenXSAM, which is a data output scheme for threats and events and is working towards
compliance for ISO21434 and UNECE WP.29 requirements. Project partners include GENIVI Security Team,
Automotive Security Research Group (ASRG), Block Harbor Cyber Security, SecForCars, and itemis’ Security Analysis
Team.
12. Current Team Lead :
Joby Jester -- joby.jester@irdeto.com
Focused on Actionable Automotive Security Through Industry
Collaboration.
How We’re Different:
• Supported by a Diverse Group of Experts, We Tackle the Day-
to-Day Security Concerns of the Industry. Inside and Outside
of the Vehicle.
• We Use Thought Leadership to Bring Digested Information
and Updates on the Ever-Growing Complexity of the
Automotive Security Space
Reasons to Join:
• Friendly, Accepting Networking Environment
• Ability to Work on Content and/or Speaking Opportunities
• Build Portfolio of Knowledge from Working With Experts
For Links to all Past Content and
Meeting Notices :
https://at.projects.genivi.org/wiki/
Please Subscribe to The Security
Team Mailing List:
https://lists.genivi.org/
Editor's Notes
Hundreds of millions of wireless attack surfaces. This slide drives home the expansion in the number wireless attack surfaces and shows the need to take security seriously.
WP.29 involves threat analysis, testing, verifying security pre-production, then post-sale involves monitoring, mitigation, and remediation if an attack occurs or if the OEM discoveres a vulnerability.