When
July 7th, 2021 11:00am

Who
Ben Willis, Principal Security Engineer, HackerOne

What
Hacker-Powered Data: The Most Common Security Weaknesses and How to Avoid Them

Description

Vulnerabilities are a fact of life. Today, technology companies, financial institutions and even governments are embracing collaborating with hackers to find vulnerabilities before cyber criminals have a chance to exploit the same bugs for nefarious purposes. In this session, HackerOne will examine the world of hackers, with specific attention to those who hack financial services organizations, and share real-world insights into how to improve relationships with them. Attendees will discover common weaknesses that they won’t find on the OWASP top ten, how attackers could exploit these prevalent vulnerabilities, and the reason for some rising and falling in popularity. Whether you run an active bug bounty program or if your security email address is routed to /dev/null, this session will help attendees shed blind dogma and walk away armed with an analytical approach towards building an effective vulnerability disclosure program that turns security teams into enablement teams.

When
June 2nd, 2021 11:00am

Who
Tim Weisenberger, Project Manager, Emerging Technologies at SAE International

What
SAE EV Charging PKI Project

Description

SAE has gathered industry to design and test an inclusive, worldwide EV charging industry PKI platform that is secure, trusted, scalable, interoperable, and extensible. The project is joint venture of industry companies in the SAE Cooperative Research Program. It is an industry-led, pre-competitive research project that will strengthen electric vehicle charging system security. Tim will give a detailed briefing on the mission, approach, and current status of this important development effort.

When
May 5th, 2021 11:00am

Who
Norma Krayem, Vice President & Chair, Cybersecurity, Privacy and Digital Innovation, Van Scoyoc Associates

What
On the Front Line: Managing 21st Century Cybersecurity Risks

Description

Whether connected vehicles, traditional intelligent transportation systems (ITS) or autonomous vehicles, tech innovation brings systemic cyber and privacy risks. The U.S., EU and nations around the world are instituting cyber mandates, “standards of care” for those who build, run or operate systems along with new IoT and IIoT mandates being instituted. Cybersecurity has become the top safety risks to the sector as well. The discussion will focus on the nexus of these risks, how the sector should work to address the risks and what the new Biden-Harris Administration and the Cyberspace Solarium Commission may be planning.

When
April 7th, 2021 11:00am

Who
Dan Hoban, Exec. VP, Nuspire Josh Smith, Cyber Threat Analyst, Nuspire

What
Auto-ISAC and the Dealer Threat Landscape

Description

Dealer security is a key component of the security of the automotive sector and will continue to increase in importance.  As the automotive industry becomes increasingly digital, the relationship between the dealership, the vehicle, the OEM, and the customer will become more intertwined and “always-on”.  During Nuspire’s ISAC Community Call we will dive into the dealer threat landscape.  We’ll discuss how it impacts the automotive ecosystem (OEM, Dealer, Vehicle, suppliers, and customers).  Nuspire will provide specific threats, attacks, statistics, and recommendations for improvement.

When
March 3rd, 2021 11:00am

Who
John Sheehy, SVP, Research and Strategy, IOActive, Inc.

What
Addressing Accelerating Supply Chain Risks

Description

Understand some of the cybersecurity, integrity, and disruption risks increasingly facing supply chains today. Likewise, hear a sound strategy for addressing these risks with currently available tools and where gaps exist in programmatically addressing supply-chain risks. This talk will explore some of the potential cybersecurity and integrity risks associated with the 2020-2021 automotive microchip shortage.

When
February 3rd, 2021 11:00am

Who
Christopher Church, Senior Mobile Forensic Specialist, INTERPOL Global Complex for Innovation Kamel Ghali, Automotive Security Architect, White Motion (Marelli)

What
Crossroads Of Motor Vehicle Data: Digital Forensics And Cyber Threats

Description

As the car becomes more connected and aware of its environment law enforcement also needs to understand the challenges and issues this will give them. Law Enforcement has started to see a vehicle as an accessory in certain crimes and understand what data a car holds and how they can access it. The evidence gained from a motor vehicle has helped law enforcement understand the back story to a crime. A vehicle’s data has helped trace missing persons, solve murders, and shut down criminal gangs transporting drugs and smuggling weapons and keeping vulnerable citizens safe from harm. As law enforcement start to become aware of the possibilities, so do their responsibility. This presentation will explore the relationship between law enforcement and industry and the crossover of digital forensics too cyber and the associated intertwined landscapes. The presentation will be partly presented by INTERPOL and White motion who have seen a growing interest from the community in this area.

When
January 6th, 2021 11:00am

Who
David Turetsky, Professor; Brian Nussbaum, Assistant Professor; Unal Tatar, Assistant Professor, Practice at the College of Emergency Preparedness, Homeland Security and Cybersecurity at the University at Albany (SUNY).

What
Cybersecurity Information Sharing Success Stories

Description

Given that the theory of cybersecurity information sharing is well-established, the successes ought to be visible in practice. Funded by the William and Flora Hewlett Foundation, we collected real-world information sharing success stories across different economic sectors through a conference and interviews with ISACs, ISAOs and some of their members. Our prior experience suggested that for some in industry, particularly senior executives who are not cybersecurity experts, the benefits of joining a cybersecurity information sharing organization and being a full participant can seem less clear, or at least less concrete and well-documented, than the costs and potential risks of doing so. Our project was intended in part to address this gap by compiling a set of success stories across different areas of activity to help support those trying to explain and document the advantages of information sharing to colleagues and decision makers. We published a Lawfare article about this work, together with a longer research paper.

Cybersecurity Information Sharing Success Stories – Lawfare (lawfareblog.com)

2019_08_01_Turetsky_Stories For Sharing-Transportation Industry

When
December 2nd, 2020 11:00am

Who
Dr. Larry Ponemon: Chairman and Founder of the Ponemon Institute, Rocco Grillo: Managing Director at Alvarez & Marsal, Charlie Miller: Senior advisor at The Santa Fe Group

What
Shared Assessment / Ponemon report “A New Roadmap for Third Party IoT Risk Management – the Critical Need to Elevate Awareness, Authority and Engagement.”

Description

This presentation covered highlights of the Shared Assessment / Ponemon report “A New Roadmap for Third Party IoT Risk Management – the Critical Need to Elevate Awareness, Authority and Engagement.” Current IoT risk management programs are not keeping pace with the dramatic increase in IoT-related risks – a shortcoming that represents a clear and expanding threat to most organizations. To help practitioners focus resources, we examined the practices of high performers to identify gaps in IoT Third Party Risk Management.

When
November 4th, 2020 11:00am

Who
Kiersten Todt, Cyber Readiness Institute (CRI), Managing Director

What
Helping Your Business Become Cyber Ready

Description

Kiersten Todt, Managing Director at Cyber Readiness Institute (CRI) discussed about practical and easy-to-use methods to help small and medium-sized businesses (SMBs) improve their cybersecurity by focusing on human behavior. The session highlighted the importance of creating a culture of cyber readiness in SMBs to improve the security of supply chains in the automotive industry, worldwide.

When
October 7th, 2020 11:00am

Who
Dr. Amine TALEB, Valeo; Director - Innovation & Marketing and Monica Nogueira, Director of Content Acquisition/Multimedia, SAE International

What
User Experience and Acceptance of Automated Vehicles

Description

“User acceptance of automated vehicles! This presentation examines the enablers for attaining a higher consumer trust as well as a safe and intuitive user experience at various automation levels. The talk is based on the work published as SAE EDGE Research Report ( EPR 2020012).”

When
September 2nd, 2020 11:00am

Who
Urban Jonson, NMFTA, Chief Technology Officer

What
Are large fleets susceptible to advanced attacks?

Description

How much effort do you think someone would go through to obtain the ability to affect motor transportation at scale? An overview of the Triton malware intrusion and the search for parallels in vehicle safety systems as well as a review of Remote Vehicle Shutdown (RVS), Remote Vehicle Disablement (RVD) and ATA/TMC RP 1218.

When
August 5th, 2020 11:00am

Who
Gary Berman, Creator of "The CyberHero Adventures"

What
"Humanizing Cybercrime: From Victim to Advocate"

Description

Gary Berman will share his incredible story about how a small group of trusted insiders essentially “cloned” his company right under his nose for an extended period. A total of 19 attack vectors including spoofed website, re-directed telephone calls, sim-swapping, social engineering by pretending to be “whistle blowers” and falsely telling his major clients that he was under investigation by the FBI for fraud and even having 36 people connected to his On-Star account. His story get incredibly uplifting as he shares his “Forrest Gump” journey into the cyber security Community. You will be riveted by a sampling of the evidence, filled with laughter and ultimately, PUMPED up about YOUR mission!

When
July 1st, 2020 11:00am

Who
Tim Mackey, Principal Security Strategist

What
2020 Open Source Security and Risk Analysis Report

Description

The presentation is on the 2020 Open Source Security and Risk Analysis Report (OSSRA) by Mr. Tim Mackey, Principal Security Strategist, Synopsys Cybersecurity Research Center.  The overview of the report outlines several learnings from the governance decision of others.

When
June 3rd, 2020 11:00am

Who
Randy Sandone, Executive Director of CIRI

What
Process, People, and Products - Building Cyber Resilience for the Long-Term

Description

Mr. Randy Sandone is the Executive Director of the Critical Infrastructure Resilience Institute (CIRI).  This is a Department of Homeland Security (DHS) University Center of Excellence housed at the University of Illinois at Urbana-Champaign.  Mr. Sandone presented on how we attain a secure and resilient critical infrastructure by shifting to a more holistic approach to people, product and process.

When
May 6th, 2020 11:00am

Who
Dr. Allan Friedman - Director of Cybersecurity Initiatives at NTIA

Description

The presentation offers a brief overview of the concept of an SBOM, and the progress being made by an open, cross-sector, and international initiative convened by NTIA in the US Department of Commerce. The presentation reviews lessons learned, remaining challenges, and expected progress. It also touches on the path to adoption, including market forces and the ongoing role of regulators.

When
April 4th, 2020 11:00am

Who
Jason Conley, Executive Director OmniAir Consortium

Description

OmniAir Consortium is the leading industry association promoting interoperability and certification for ITS, tolling, and Connected Vehicles.

When
February 5th, 2020 11:00am

Who
Junaid Farooq, PhD Candidate, Tandon School of Engineering at New York University (NYU)

Description

Topic: Cyber-Physical Supply Chain Risk Analysis and Mitigation for Internet of Things Networks

Network-connected electronic devices are becoming an essential part of modern infrastructure systems to automate manual processes resulting in improved efficiency and productivity. The Internet of Things (IoT) is an interconnection of different types of devices using communication networks and computing systems to achieve such automated operation. The widespread adoption of the IoT is becoming indispensable in critical infrastructure (CI) systems due to their burgeoning scale and complexity. However, the cyber-physical integration is also opening doors for malicious cyber activity to sabotage their performance and/or operation. The integration of multiple components manufactured and designed separately makes the system extremely vulnerable to cyber-physical attacks. Supply chain linkages in the IoT ecosystem pose a tremendous risk towards the security of IoT-enabled CI. Furthermore, there might be potential collusion between supply chain actors to coordinate and cause damage to the system. Hence, the underlying cyber-physical supply chain linkages need to be uncovered. The cyber vulnerabilities coupled with the physical characteristics and deployment of IoT devices may lead to more severe and complex security threats to the underlying CI. This talk will discuss tools and methodologies that become a basis for developing decision support tools assisting policy and decision-makers in adopting risk minimizing strategies.

When
January 7th, 2020 11:00am

Who
Amy Smith, the Manager of Pre-College Educational Programming at SAE International

Description

A World in Motion:  Hands-on Cybersecurity Education in a K-16
STEM Experience Continuum