When
Wednesday, November 6th, 2024 11:00 AM EST

Who
Maggie Shipman, Research Engineer, Southwest Research Institute (SwRI) Intelligent Systems Division

What
“EV Charging Cybersecurity”

Description
Overview of the EV Charging Ecosystem:

• Current News: Get an update on EV Charging Cybersecurity literature, government action, and “hacks in the wild.”

• Crash Course: This presentation will quickly breakdown the EV Charging Ecosystem components, roles, and interactions of all involved in making seamless charging a reality.

• SwRI Hacks & Research: Let’s dive into FOUR unique hacks performed by Southwest Research Institute engineers! Including…

• DCFC Hack - July 16, 2024 — Engineers at Southwest Research Institute have identified cybersecurity vulnerabilities with electric vehicles (EVs) using direct current fast-charging systems, the quickest, commonly used way to charge electric vehicles. The high-voltage technology relies on power line communication (PLC) technology to transmit smart-grid data between vehicles and charging equipment.

• In a laboratory, the SwRI team exploited vulnerabilities in the PLC layer, gaining access to network keys and digital addresses on both the charger and the vehicle.

• “Through our penetration testing, we found that the PLC layer was poorly secured and lacked encryption between the vehicle and the chargers,” said Katherine Kozan, an engineer who led the project for SwRI’s High-Reliability Systems Department. The team found unsecured key generation present on older chips when testing, which was confirmed through online research to be a known concern.

• The research is part of SwRI’s ongoing efforts to help the mobility sector and government improve automotive cybersecurity spanning embedded automotive computers and smart-grid infrastructure. It builds upon a 2020 project where SwRI hacked a J1772 charger, disrupting the charging process with a lab-built spoofing device.

• In the latest project, SwRI explored vehicle-to-grid (V2G) charging technologies governed by ISO 15118 specifications for communications between EVs and electric vehicle supply equipment (EVSE) to support electric power transfer.

• Level 3 Hack - November 9, 2020 — Engineers at Southwest Research Institute were able to interfere with the charging process of an electric vehicle (EV) by simulating a malicious attack as part of an automotive cybersecurity research initiative.

• The SwRI team reverse-engineered the signals and circuits on an EV and a J1772 charger, the most common interface for managing EV charging in North America. They successfully disrupted vehicle charging with a spoofing device developed in a laboratory using low-cost hardware and software.

• “This was an initiative designed to identify potential threats in common charging hardware as we prepare for widespread adoption of electric vehicles in the coming decade,” said Austin Dodson, the SwRI engineer who led the research.

• SwRI performed three manipulations: limiting the rate of charging, blocking battery charging, and overcharging. A SwRI-developed “man-in-the-middle” (MITM) device spoofed signals between charger and vehicle. Researchers also drained the battery and generated signals to simulate J1772 charging rates.

• When overcharging, the vehicle’s battery management system detected a power level that was too high and automatically disconnected from charging. To limit charging, the MITM device requested the smallest charge allowed (6 amps) to dramatically reduce the charging rate. To block battery charging, a proximity detection signal barred charging and displayed the warning: “Not Able to Charge.”

• “The project effectively tricked the test vehicle into thinking it was fully charged and also blocked it from taking a full charge,” Dodson said. “This type of malicious attack can cause more disruption at scale.”

• Future Work: SwRI is set to continue to explore this ever-expanding ecosystem. Take a look at what new research their engineers have planned and how you can get more involved in all things EV Charging Cybersecurity!

When
October 2nd, 2024 11:00 AM EST

Who
Francesca Forestieri, Head of Automotive, GlobalPlatform

What
“ Trust for Secure Automotive Systems”

Description
GlobalPlatform is THE standard for managing applications on secure chip technology, with over 20 years of experience and mass market deployment in financial, identity, mobile industry, internet of things, and automotive (with over 62 billion+ Secure Elements shipped worldwide are based on GlobalPlatform specifications and over 15 billion GlobalPlatform-compliant Trusted Execution Environment in the market today).

This presentation will provide an overview of:

• GlobalPlatform secure component technologies provide standardized common security services that provide flexibility with Support of Multiple Security Services, updatability of services over time, Multi-tenant security services, Portability of services for common requirements /No Vendor Lock-In, Easy Integration into existing ecosystems with a strong track record in authentication

• Role of certification in demonstrating compliance with security level targets and security interoperability

• How GlobalPlatform works closely with different automotive organizations to foster alignment on global digital security services (including SAE and AUTOSAR).

When
September 4th, 2024 11:00 AM EST

Who
Dr. Chen Liu, Associate Professor, Clarkson University

What
“ Low-Level Hardware Information Assisted Approach Towards System Security Industry”

Description
Cyber-attacks come in many different shapes and forms. In order to combat modern cyber-attacks, cyber-security researchers have to play the game of “cat and mouse” in analyzing and discovering the vulnerabilities of the system to come out on top against malicious attackers. However, the traditional static detection systems are not able to differentiate between benign and malicious behaviors effectively. In this talk, I will share our thoughts on the detection of different attacks through modeling the execution behavior of an application using low-level hardware information. Our approaches can provide more flexibility for detection schemes by performing dynamic behavioral analysis at run-time. With anomaly detection methods, the abnormal behaviors that deviate from benign behaviors at run-time can be flagged and captured.

When
August 7th, 2024 11:00 AM EST

Who
Anirban Banerjee, CEO, Riscosity

What
“The State of Data and Privacy Risks in the Automotive Industry”

Description
The auto industry is improving customer experiences through features like built-in navigation, device synchronization, and contact storage. To keep pace with innovation, manufacturers produce, use, and exchange large amounts of data that consumers may define as both sensitive and private. Compliance requirements under laws like CCPA, GDPR, Canadian PIPEDA, etc. require manufacturers to safeguard collected data, be transparent about how they use and store data, and get explicit consent before sharing it with third parties. In this presentation, we’ll cover the privacy risks, manufacturer challenges, the risks of data leakage, and the influence of emerging privacy protection requirements.

When
July 10th, 2024 11:00 AM EST

Who
Richard Hayton, Chief Strategy and Innovation Officer, Trustonic

What
“Time for TEEs. What they are, and why they have become a key technology for Automotive”

Description
Trusted Execution Environments (TEEs) have been around for a long time, primarily in Mobile Phone and Set Top Box markets. However, with the rise of cybersecurity risks, and needs of regulation, they are now a common component in IVI, Gateway, and other automotive domain controllers. This talk will explain what they are, why they matter, and how you can benefit from them.

When
June 5th, 2024 11:00 AM EST

Who
Justin Montalbano, President, Car Hacking Village (CHV)

What
“An Overview of the Car Hacking Village (CHV)”

Description
Have you ever wondered what draws large crowds of security professionals to Las Vegas each year for DEFCON? Join Justin Montalbano for an insightful presentation on his experiences at the event, where he leads the Car Hacking Village activities. Justin will begin with an overview of DEFCON, then delve into the specifics of the Car Hacking Village, discussing past events, this year's activities, and how you can get involved or help sponsor the Car Hacking Village.

When
May 1st, 2024 11:00 AM EST

Who
Walter Capitani, Director of Technical Product Management, CodeSecure

What
“State-of-the-Art Automotive SBOM Monitoring”

Description
SBOMs have grown into a standardized way to represent the components in embedded software such as OEM and Tier 1 automotive components.  In addition, SBOMs can be used to understand the vulnerabilities associated with these components.  In this presentation we will explore the need for continuous monitoring of SBOM components for new vulnerabilities and exploits, and how this can reduce the exposure and time to remediation for affected software applications and devices.

When
April 3rd, 2024 11:00 AM EST

Who
Darryn Persaud, CMO, Comply.Law

What
“Automotive Cybersecurity Safeguards”

Description
This session will discuss an overview of how OEMs can improve Cybersecurity and protocols within their environments though an industry overview and three recent case studies that illustrate how detrimental a cybersecurity threat and or attack can be specifically to the automotive industry.   Presenter will then discuss preventative measures and solutions pertaining to these issues that are relevant and attainable for OEMs, their third-party vendors (i.e. apps, cloud technologies )  and their dealership partners, that include ongoing training, preventative software and technologies, and daily practices that should be second nature and implemented into standard protocols within any organization.

When
March 6th, 2024 11:00 AM EST

Who
Jay Schwartz, SAE G-32: S.A.E. Cyber-Physical Systems Committee’s Electric Vehicle Illustrative Example Subcommittee Chair

What
“The SAE Electric Vehicle Charging Station Illustrative Example: How to apply JA7496 standard to Electric Charging Scenarios Insights”

Description
Electric vehicle charging stations are proliferating, and there is no end in sight for how many of them will ultimately exist.  However, these stations are highly dependent on how they interface with both the vehicle and “the world”.  Given their sophistication versus traditional gas pumps there needs to be a way to make them cyber-secure from a system point of view that is agnostic to their hardware, software, data, mechanical, and functional characteristics and properties.

When
February 7th, 2024 11:00 AM EST

Who
Shira Sarid-Hausirer, Upstream Security

What
“2024 Global Automotive Cybersecurity Report: Key Findings & Insights”

Description
Since 2019, Upstream has been releasing the definitive Global Automotive Cybersecurity reports which analyze hundreds of automotive incidents in order identify major trends and predict what’s ahead in the cybersecurity threat landscape.

Now, with the 2024 report just out, we look back at 2023 and can safely say that this past year, the automotive industry has reached an inflection point.  Based on our analysis of hundreds of automotive incidents between 2010-2023, we’re seeing that the sheer impact of cybersecurity attacks has dramatically increased during 2023, with far-reaching consequences for automotive stakeholders (inc. OEMs, automotive manufacturers and suppliers, EV charging companies). During the community call we’ll put a spotlight on key shifts that took place in the automotive industry in 2023, discuss the role of GenAI - how it’s being used by threat actors and how it can also be harnessed for threat detection and remediation. We’ll also provide overview of new security regulations and predictions for the year ahead.

When
January 10th, 2024 11:00 AM EST

Who
Ramiro Pareja Veredas, Principal Cybersecurity Consultant, IOActive & Yashin Mehaboobe, Senior Cybersecurity Consultant, Xebia

What
“Scalable Attacks on Connected Vehicles”

Description
For the last 10 years, the automotive industry has been involved in an electrification and automation process that is revolutionizing the way we drive. The fundamentals of this deep transformation are battery-powered engines, self-driving cars, and connected vehicles. These technological advances - especially vehicle connectivity – bring about many new cybersecurity challenges that need to be addressed in the coming years.

The goal of the work that we present here assess the current state of connected vehicle cybersecurity. Compared with other works already published, in which the researchers chose to attack a popular modern car, IOActive focused on other automotive components and systems that cybersecurity experts - and car designers - usually overlook, and which could be abused to launch scalable and massive attacks. We analyzed devices including telematics, OBD2 dongles, 5G modems, MQTT servers, and mobile apps, aiming to get a broader picture of the state of automotive cybersecurity, expanding on the existing view based limited to the vehicles themselves.

IOActive’s research identifies multiple vulnerability issues that can be exploited remotely to gain full control of an entire fleet of cars, heavy-duty trucks, and cranes. Although our work is limited to a few devices - not enough to draw an industry-wide conclusion - it indicates that these types of cybersecurity issues might be common and that the cybersecurity of connected automotive systems needs to be improved.

When
December 6th, 2023 11:00 AM EST

Who
Dan Barahona, Founder, APIsec University

What
“API Security Risks for Connected Cars”

Description
According to Gartner, APIs have become the “most frequent attack vector” – and this appears to be very true for the automotive sector. While APIs offer remarkable benefits for software development, integration, and scalability, they have become a primary target for attackers. Recent studies have show connected cars susceptible to API manipulation to lock/unlock car doors, start and stop engines, and much more.

This session will discuss why APIs appeal to attackers, what makes them especially difficult to secure, and best practices for keeping car APIs safe.

When
November 1st, 2023 11:00 AM EST

Who
Adam Robbie, Senior Staff Researcher, Palo Alto Networks

What
“The Game of IT/OT Security: Unveiling New Critical Developments in Our Critical Infrastructure Threat Landscape”

Description
Critical infrastructure such as manufacturing, electrical-grid, or water-utilities uses Industrial Control Systems/Operation Technology for daily operations. If you have pumped your car, turned on the light, or drank water, then you have interacted with ICS. In this presentation, we will discuss our research team’s findings related to three new critical developments in the ICS/OT threat landscape. These findings are based on data we collected from ten thousand companies and across 50 countries over the past three years. We will then demonstrate by using the Purdue model, how non-ICS malwares can exploit and propagate through the ICS system. 

First, we will show that ICS/OT industries have become the new top target for many national-state adversaries and cyber criminals. This conclusion is based on an extensive technical analysis of recent exploits. We found that the rate at which exploits targeting ICS/OT industries far surpasses the exploit rate as to all other industries in both quantity and growth trend. Another data-driven analysis indicated that in 2022, the industry most impacted by ransomware and extortion attacks was manufacturing.

The second finding is that, contrary to popular belief, ICS malware centric is not the top threat for ICS/OT industries.  Rather, as our analyses revealed, approximately 99.99% of malware impacted the ICS/OT industries were exploiting IT technology/protocols, such as Emotet, Coinminers, or AgenTesla.  Only 0.001% of malware targeting ICS/OT industries were exploiting ICS/OT protocols (e.g., Havix, Shamoon, or BlackEnergy). 

The final finding concluded that ICS/OT industry detection time of compromised devices lags far behind the industry standard.  In the most extreme example of delayed detection, we found an unattended compromised device that communicated with C2 for a period of ten months.  

The totality of the above findings confirms why ICS/OT leaders need to update their defense plans to protect our critical infrastructure. To this end, we will demonstrate how to create a zero-trust defense strategic solution by applying Game Theory to risk assessment and by mapping threats to MITRE TTPs. This approach incorporates Game Theory modeling and the ICS ATT&CK framework to conquer the adversary in this new landscape.

When
October 4th, 2023 11:00 AM EST

Who
Brandon Barry, CEO, Block Harbor; Niraj Kaushik, MD North America, VicOne; Brian Gorenc, VP Threat Research Trend Micro

What
“Pwn2Own for Automotive @ Automotive World Tokyo, January 2024”

Description
“Tesla hacked in under 2 minutes” is one of the major headlines. Researchers prepared for months, and they flew to Vancouver to take home a Tesla Model 3 and $100,000 in cash. 21 more zero day vulnerabilities were discovered across many industries at the same event. Pwn2Own.

What if we had a $1.5M pool to pay researchers to demonstrate some of the most creative exploits of vehicles in Tokyo, January of 2024? An automotive-specific Pwn2Own. It’s happening. In this talk, we’ll overview what Pwn2Own is, and we’ll ask you to provide components or vehicles to access some of the world's top research. The catch? There is none. We’ll handle the bug bounty payouts and there is no cap. One lucky Auto ISAC member will get a free sponsorship for the event!

When
September 6th, 2023 11:00 AM EST

Who
Stephen Lilley, Partner, Mayer Brown

What
“Cyber Policy Developments Affecting the Auto Industry”

Description
This presentation will discuss recent cybersecurity policy developments that could have significant implications for members of the Auto-ISAC, including: the SEC’s final rules on cybersecurity disclosures; the Biden Administration’s implementation of its cybersecurity strategy; Version 2.0 of the NIST Framework; and implementation to-date of the Cyber Incident Reporting for Critical Infrastructure Act. This presentation will provide key takeaways from these recent policy developments, including how they may inform NHTSA’s expectations for members of the Auto-ISAC.

When
August 2nd, 2023 11:00 AM EST

Who
Victor Murray, Assistant Director, CISSP, Southwest Research Institute

What
“Towards Deployment of a Zero-Trust Architecture (ZTA) For Automated Vehicles (AV)”

Description
The advancement of Automated Vehicle (AV) technology is critical to maintaining military superiority. AV development historically placed a significant focus on functionality and less on security. Ongoing cybersecurity programs such as Cybersecurity for Robotics and Autonomous Systems Hardening (CRASH) are working to implement a holistic approach to applying security to AVs while simultaneously supporting the developer focus on functionality. This task is challenging as previous research has demonstrated vulnerabilities in AV systems due to their continuous physical interaction with the environment through sensors and actuators, command and control, and remote connectivity. This paper presents an approach to balance functionality and security through a Zero-Trust Architecture (ZTA) for AV which leverages authentication, cyber policy enforcement, and monitoring to detect and mitigate cyber-attacks. This approach is traceable to guidance provided in NIST 800-207 for applying zero trust concepts to Information Technology (IT) networks.

The presented example AV architecture begins with a non-self-driving baseline, adding sensors, actuators, command/control, and remote connectivity. The seven (7) principles from NIST 800-207 are distilled into three (3) components: 1. Authentication 2. Policy Enforcement and 3. Monitoring. Authentication includes verifying that software is authentic prior to booting, and a combination of public/private key encryption, symmetric key encryption, and Message Authentication Codes (MACs) are used to secure all networked communication. Policy Enforcement occurs at every node on the AV system and is overseen by the central gateway. The gateway also monitors traffic and logs issues. Together, these combine into the ZTA for AV.

Several recent programs have implemented portions of the ZTA for AV outlined. For example, the CRASH program has implemented authentication for ethernet communication, security policy enforcement for control code base, process separation, monitoring autonomy communication, and securely updating software. Other programs are tackling related pieces in parallel including monitoring automotive CAN and ethernet busses and improving resiliency through sensor redundancy and fusion. To fully implement ZTA for AV, there are pieces that still need to be addressed in future efforts.

When
July 5th, 2023 11:00 AM EST

Who
Roy Zur, Founder & CEO, ThriveDX

What
“Driving a Cyber-Secure Culture in Auto Manufacturing: The Essential Role of the Human Factor”

Description
In the increasingly digitized landscape of auto manufacturing, the Human Factor plays a pivotal role in cybersecurity.
This session will explore the profound influence of advanced cybersecurity training that extends beyond basic awareness, alongside the value of secure coding practices and the skill sets of IT and security analysts. We'll also highlight the instrumental role of the C-suite in spearheading these initiatives and the crucial importance of fostering a cyber-secure culture within your organization. We'll delve into methods for equipping your workforce with advanced cybersecurity skills, thereby transforming them into your organization's most potent cybersecurity asset. Come join us as we discuss how to harness your human factor effectively to counteract cyber threats and thrive amidst the ever-evolving cyber landscape.

When
June 7th, 2023 11:00 AM EST

Who
Justin Montalbano, President, Car Hacking Village

What
“What is the Car Hacking Village (CHV)?”

Description
Ever wonder what all those nerds in Vegas are doing every year at DefCON? Join Justin Montalbano in his firsthand experience of the event at DefCON he orchestrates, the Car Hacking Village. Throughout this presentation, Justin will go over the basics of DefCON then dive into more details of what the Car Hacking Village is, their activities, previous events and how to get involved.

When
May 3rd, 2023 11:00 AM EST

Who
Nalindrani Malimage, Cybersecurity Consultant at Burns and McDonnell

What
"Cybersecurity Challenges in the Electric Vehicle Market”

Description
Electric vehicle market is a small market in the larger automotive industry. The electric vehicles is growing than ever before. This is also owing to factors such as, political factors, growing demand, the need for environmentally friendly solutions and increased focus on sustainability. The question arises if the electric vehicle market is addressing the emerging cyber threats in the industry at the same time and how prepared the industry is. The key areas to look into with regard to this would be, OEM security, network security, cloud security, IOT and charging methods. It’s important to look at a few past security incidents in this phase and discuss challenges to predict what the future holds for the EV (electric vehicle) market. The topic is focused on mainly understanding the cybersecurity challenges in the EV market.

When
April 5th, 2023 11:00 AM EST

Who
Suzzanne Lightman, Senior Advisor, NIST; Nakia Grayson, IT Security Specialists, NIST

What
"NIST Auto Cybersecurity Community of Interest”

Description
NIST covers a wide range of topics in cybersecurity and many of these topics directly relate to the transportation sector and automotive in particular. To facilitate outreach to the automotive sector, NIST has created a Community of Interest. This presentation will introduce the community, its purpose and some of the activities that NIST will be communicating to the community over the coming year.