When
March 1st, 2023 11:00 AM EST

Who
Karl Heimer, Principal, Heimer & Associates LLC

What
"Introducing the CyberAuto Challenge – a Tool for Talent Development and Engaging the Next Generation Workforce”

Description
This session describes the model and mission of the CyberAuto Challenge (and sibling events), its history of engaging students, observed outcomes, what the event is like to attend, and then intent for the 2023 year and future years.

When
February 1st, 2023 11:00 AM EST

Who
Peter Colombo, Senior Advisor, CISA

What
"Cross-Sector Cybersecurity Performance Goals for Critical Infrastructure”

Description
In October 2022, CISA published a set of Cross-Sector Cybersecurity Performance Goals (CPGs), which highlighted the most impactful actions critical infrastructure owner/operators can implement to meaningfully reduce cybersecurity risk.  These are of particular value to small and medium sized entities as a tool to aid in identifying potential gaps in their capability and assessing where resources should be applied in a manner to have a meaningful impact on improving the cybersecurity posture of an organization.  Rather than general investment in a broad cybersecurity program, the focus is on targeted investment in known areas of weakness.

When
January 11, 2023 11:00 AM EST

Who
Tamara Shoemaker, Cybersecurity Training Lead, Auto-ISAC

What
"Auto-ISAC Automotive Cybersecurity Training (ACT) Program Overview”

Description
Join us to learn everything you every wanted to know about the Automotive Cybersecurity Training Program (ACT). 2023 signals the sustainment of the ACT program, so we’d like to take this opportunity to discuss the way forward and offer the community the time to ask questions about the program.

When
December 7, 2022 11:00 AM EST

Who
Dan Strachan, Senior Engagement Lead, Joint Cyber Defense Collaborative (JCDC)

What
"CISCP to JCDC Transition”

Description
CISA is pleased to announce plans to begin integration of the Cyber Information Sharing and Collaboration Program (CISCP) into the Joint Cyber Defense Collaborative (JCDC) model. Over the coming months, we will be working to integrate companies into the JCDC and establish specialized subgroups for real time information sharing.

When
November 2, 2022 11:00 AM EST

Who
Brandon Barry, CEO, Block Harbor Cybersecurity

What
A Global Grassroots Community of 10,000+ Automotive Security Folks: The ASRG”

Description
The Automotive Security Research Group is a non-profit grassroots organization focused on the workforce solving challenges in vehicle cybersecurity. Founded by John Heldreth in Stuttgart, Germany, with the next chapter being founded by Sean McKeever and Brandon Barry in Detroit, Michigan, the ASRG quickly grew to over 40 locations all over the world — from Africa to Australia — with over 12,000 people registering for a local chapter. The ASRG captures the interest of folks that want to discuss their day-to-day challenges in vehicle cybersecurity both with their local community and with the broader, global automotive security community. With an engaged academia community, strong membership, and passionate individuals donating their time to run local chapters, the ASRG is a platform to foster remarkable conversation, including hosting WORLD webinars where experts talk about topics in vehicle cybersecurity on YouTube and hosting the “Secure Our Streets” virtual conference in 2022.

When
October 5, 2022 11:00 AM EST

Who
Kristie Pfosi, Executive Director of Product Security, Aptiv- ETSC Chair

Christine Pelione, Cybersecurity Strategic Risk Manager, GM- ETSC Vice Chair

Tamara Shoemaker, ACT Program Manager, Auto-ISAC- ETSC Staff Lead

What
Auto-ISAC Education and Training Standing Committee (ETSC) 2022 Cybersecurity Awareness Project

Description
Cybersecurity is not a bolt-on solution. Like safety and quality, it needs to be designed from the concept phase and supported through the product’s end of life. In this modern vehicle ecosystem, cybersecurity is everyone’s responsibility. We are all in this together. We are all connected. Join this Community Call session to find out about our TLP White videos and posters the ETSC Awareness Tiger Team as put together for you to use during Cybersecurity month!

When
September 14, 2022 11:00 AM EST

Who
Tim Weisenberger, Program Manager, SAE International

What
SAE EV Charging Public Key Infrastructure Program

Description
EV Charging systems have crucial and growing interface points between the Automotive industry, EV drivers, and the Electric Grid/Energy industry. It is critical that these interfaces be secure and trusted. SAE has gathered global EV Charging Ecosystem members in a Cooperative Research Program, to create a solution by industry for industry. The SAE EV Charging PKI program has designed and is currently testing an inclusive, worldwide EV charging industry PKI platform that is secure, trusted, scalable, interoperable, and extensible. Once complete, the PKI design platform will be migrated to an industry consortium to field an operational industry PKI to strengthen electric vehicle charging system security industry wide.

When
August 3, 2022 11:00 AM EST

Who
Gilad Bandel, Business Development & Marketing, Cymotive

What
Continuous Automated Vulnerability Management for Safer Cars and Regulatory Compliance

Description
Real-time vulnerability monitoring will reduce costs during development by addressing them in their early stages. Tier 1s need to provide evidence of proper vulnerability management to OEMs, who in turn are required to submit for type approval to receive compliance certification as per UNR 155. Once the vehicle is on the road, the vulnerabilities must be continuously monitored with specific mitigation tactics for detected critical risk due to newly disclosed vulnerabilities. After all, it’s in the interest of OEMs to avoid any reputation damages and huge costs associated with cyber incidents. We will discuss how OEMs and Tier 1s should address challenges around vulnerability management and in addition, what are the most effective courses of action for mitigating those challenges.

When
July 6, 2022 11:00 AM EST

Who
Bruce Churchill, Pacific Regional Representative & National Transportation Sector Chief, InfraGard National Members Alliance & Stephanie Scheuermann, Manager- Data Protection Services, Ford Motor Company

What
The FBI’s InfraGard Program

Description
The FBI’s InfraGard Program celebrated the 25th Anniversary of its 1996 beginning in the FBI’s Cleveland Field Office in 2021. Since then, the program has grown to over 75,000 members located in 75 Chapters nationwide. The InfraGard Program is locally/regionally based and covers all 16 of the DHS Critical Infrastructure Sectors. The Program also includes several Cross-Sector Councils and the National Sector Security & Resilience Program. The Program is managed by a national Board of Directors that includes two FBI ex-officio members and is financed through an FBI contract and corporate sponsorships. This presentation will cover InfraGard organization, operations and partnership opportunities.

When
June 1, 2022 11:00 AM EST

Who
François-Frédéric Ozog, Director of Business Development, Linaro

What
Automotive Firmware, Hypervisor and OS Cybersecurity Made Simpler

Description
Cybersecurity is gaining traction in the automotive industry with ISO 21434 and 24089 being released.

Linaro and its members have been working on similar topics in a broader “industrial” context to address diversity of behaviours when it comes to cybersecurity on Arm processors.

Following intense market push, Linaro is about to create an automotive project and we are thus enhancing our cybersecurity approach to simplify the work of the automotive supply chain players in implementing ISO, UN WP.29 and NIST recommendations/requirements/regulations. The scope of this activity is Arm platform firmware, Xen hypervisor and Linux operating system. It is expected that this work will be leveraged by commercial providers to do the same.

The session will present available technologies on Arm platforms and the associated roadmap. In addition, the implementation routes to proper multi-tenancy in automotive will be discussed. A key challenge to solve is to give tenants such as insurance companies assurance that their data or algorithms are confidential and protected against tampering by any actor.

Topics to be covered:

- SecureBoot, MeasuredBoot, 

- Sealed disks (intellectual IP protection and more)

- Firmware and secure firmware OTA with anti-bricking and anti-rollback policies

- Application/container security anchored at hardware root of trust

- Onboarding, provisioning

- Trusted Execution Environments

When
May 4, 2022 11:00 AM EST

Who
Kenneth J. Peterson, CTPRP, Founder and CEO, Churchill & Harriman, Inc.

What
Protecting and Enabling Global Revenue Streams

Description
Problem: There is a particular global confluence of High-Level risks across critical infrastructure that threaten existing and new revenue streams. These risks include those inherent in technical continuity, cyber resilience, and the potential for a ransomware attack. These risks are particularly acute in the relationship between manufacturers and their suppliers. These risks are increasingly manifested globally by two factors: 1) Increased dependence on remote working (usually without a firewall) as a result of COVID 19, and 2) Phishing Attacks and Ransomware. Boards of Directors require IT, and Risk Management executives produce evidence of these risks and the impact of these risks in order to make funding decisions to mitigate these risks and to protect and enable global revenue streams. 

Solution: In this presentation, Kenneth will share proven processes and exercises through which these High-Level risks can be identified, risk-ranked, lessened and presented to The Board in order to protect and enable global revenue streams.

When
April 6, 2022 11:00 AM EST

Who
Tara Hairston, Senior Director, Technology, Innovation, & Mobility Policy, Alliance for Automotive Innovation

What
Public Policy Affecting Automotive Cybersecurity

Description
Although 2022 is an election year, there continues to be several policy initiatives that impact automotive cybersecurity. Whether traditional issues, such as incident reporting or supply chain risk management, or emerging issues, such as artificial intelligence or regulations of automated technologies, automotive ecosystem partners have plenty to monitor. This briefing will provide a high-level overview of relevant policy issues, how the Alliance for Automotive Innovation engages on said issues, and how the Alliance for Automotive Innovation works to support Auto-ISAC members through its policy work.

When
March 2nd, 2022 11:00am

Who
Tamara Shoemaker, Cybersecurity Training Leader, Auto-ISAC

What
Become A CyberPatriot Youth Mentor: Validate your Leadership Skills

Description

Since the 2015 academic year, the regional coalition of schools known as the Midwest Colloquium for Information Systems Security Education (MCISSE) has been dedicated to increasing the number of Middle and High School students who participate in the National CyberPatriot Competition in Michigan by funding and supporting the Michigan CyberPatriot Program. The CyberPatriot program provides hands-on STEM education for students and opens the doors for STEM career pathways. Far too many local School districts and student groups across the country are not yet aware of the program and its advantages.
Join this session to learn how this program works and how you can become a Mentor for this program. Volunteer coaches and mentors are critical for the program’s success. These volunteers don’t have to be cyber experts but should have good technical knowledge. You just need a passion for teaching or mentoring students, MCISSE will show you just how easy it can be to validate your skills and pay it forward.

When
February 2nd, 2022 11:00am

Who
Victor Murray, Manager, Cyber-Physical Systems Security, SWRI

What
Research into Defending Automobiles Via Intrusion Detection Systems (IDS)

Description

Modern automotive buses were designed for reliability rather than security. This lack of security means that any node on the bus can transmit a message to any other node and the receiver cannot verify the sender or that the message is unaltered. This presentation will discuss strategies to secure vehicle busses using Intrusion Detection Systems (IDS), with a focus on the Controller Area Network (CAN) bus. An overview of IDS concepts will be reviewed along with SwRI’s specific implementation, challenges that were faced, and the evaluation results. The developed IDS uses digital fingerprinting and application layer detection algorithms to identify anomalies. Bus segmentation is used to isolate agitating nodes and remove anomalous messages.

When
January 5th, 2022 11:00am

Who
Paul Eisler, Senior Director of Cybersecurity, USTelecom

What
Multi-stakeholder Cyber Crisis Response

Description

In recent years, policymakers throughout the world have recognized the need for multi-stakeholder coordination to address the growing epidemic of cyber-attacks, particularly those that can rise to the level of a “cyber crisis”. Effective strategies and preparedness exercises are essential to responding quickly in serious events. For example, when a power plant has stopped working, a financial system has been disrupted, or people lose access to healthcare services.

When
December 1st, 2021 11:00am

Who
Michael Daniel, President and CEO, Cyber Threat Alliance

What
Creating a Ransomware Incident Response Network

Description

Ransomware has evolved from an economic nuisance to a national security and public health and safety threat.  However, we are largely fighting blind against this scourge.  We lack reliable, representative data about ransomware’s scope, scale, distribution, and frequency.  Further, actionable information about ransomware threats does not reach enough people or organizations.  The industry-led Ransomware Task Force made several recommendations to address these two problems and one of those could directly involve ISACs.  That recommendation calls for establishing a Ransomware Incident Response Network (RIRN), which would collect incident information and share defensive actions to counter specific ransomware threats.  This briefing will discuss the ransomware problem, the proposed RIRN as a way to address a key information sharing problem, and the role ISACs can play in making this concept a reality.

When
November 3rd, 2021 11:00am

Who
Ms. Katherine McClaskey, DHS Program Lead, U.S. Department of Homeland Security (DHS)

What
Autonomous Ground Vehicle Security: Transportation Systems Sector

Description

In 2020, CISA conducted an internal study and developed a report on autonomous vehicles. This report covers the historical trajectory and trends of autonomous surface vehicle systems, examines the shape of near-term adoption, identifies a threat model to understand and mitigate potential vehicle attacks caused by these systems, and presents ideas for efforts to mitigate these threats. In reviewing the report, CISA determined that the early adopters of autonomous ground vehicles in the Transportation Systems Sector (e.g., mass transit, trucking, and last mile delivery services) may benefit from guidance on potential threats and risk mitigation options. As such, CISA developed the Autonomous Ground Vehicle Security Guide: Transportation Systems Sector.

CISA developed the Autonomous Ground Vehicle Security Guide: Transportation Systems Sector based on the internal autonomous vehicles report, open-source research, and coordination with the Transportation Security Administration’s Surface Policy Division and the Department of Transportation’s Office of Intelligence, Security, and Emergency Response. Specifically, CISA developed the product to help Chief Security Officers (CSOs) and Chief Information Security Officers (CISOs) within the sector to understand the risks associated with autonomous ground vehicles and implement strategies that can greatly reduce risk to people and property.

When
October 6th, 2021 11:00am

Who
Mr. Darrell Russell Director of Operations-Vehicles, National Insurance Crime Bureau (NCIB)

What
The National Insurance Crime Bureau: An Overview and Discussion About the State of Vehicle Theft

Description

The National Insurance Crime Bureau (NICB) is the nation’s premier not-for-profit organization dedicated exclusively to fighting insurance fraud and crime. NICB is supported by more than 1,200 property and casualty insurance companies, rental car companies, self-insured organizations, and strategic partners. The mission of NICB is to be an intelligence-driven and operationally focused organization that leads a united effort of insurers, law enforcement agencies, and representatives of the public to proactively identify, combat, and prevent insurance crime. NICB partners with a variety of strategic partners (including automotive manufacturers) to fight these crimes and in recent years has become keenly aware of security issues associated to automotive electronic control units and the exploitation of these systems.

When
September 1st, 2021 11:00am

Who
Ms. Kayle Giroud, Partnership Associate Director, GCA; Ms. Gill Thomas, Director of Engagement, Capacity & Resilience Program, GCA

What
Introduction to the Global Cyber Alliance

Description

Since 2015, GCA has pursued the mission to secure the Internet, and provide tools that are accessible to any Internet users and empower them to take action to be more secure. We achieve this mission through two major programs : the Internet Integrity and the Capacity & Resilience programs. The Internet Integrity program aims at building a secure and trustworthy Internet. During this presentation, Alejandro Fernández-Cernuda, Director of Engagement, Internet Integrity, will detail our vision of a secure Internet and present AIDE, our solution to secure IoT devices even in consumers and small office environments. The Capacity & Resilience program aims at democratizing cybersecurity by providing free and easy-to-use solutions to particularly vulnerable Internet users. One of our major work is to help secure SMEs through a free, effective, and user-friendly Toolkit for Small Business. Gill Thomas, Director of Engagement, Capacity & Resilience, will present the Toolkit and our deployment efforts to secure SMEs around the world.

When
August 4th, 2021 11:00am

Who
Suzanne Lightman, Sr. Advisor Information Security, NIST

What
An Overview of International Standards Related to Cybersecurity

Description

The international standards landscape in the vehicle industry has become extremely active, especially in the area of cybersecurity. This presentation will discuss activities in SAE, ISO and UNECE that address road vehicles specifically. The presentation will also cover related work in ISA/IEC on industrial internet of things, as well as touching on NIST work under Executive Order 14028.