CYBERSECURITY IS DYNAMIC SO LEARNING NEVER STOPS IN OUR AUTO COMMUNITY
Community Calls
The Auto-ISAC holds monthly virtual community meetings for members and connected vehicle ecosystem stakeholders to stay informed of Auto-ISAC activities and share information on key vehicle cybersecurity topics.
Contact us to participate in our monthly community calls. The community calls are held on the first Wednesday of each month at 11am EST.
May 2023: Cybersecurity Challenges in the Electric Vehicle Market
When
May 3rd, 2023 11:00 AM EST
Who
Nalindrani Malimage, Cybersecurity Consultant at Burns and McDonnell
What
"Cybersecurity Challenges in the Electric Vehicle Market”
Description
Electric vehicle market is a small market in the larger automotive industry. The electric vehicles is growing than ever before. This is also owing to factors such as, political factors, growing demand, the need for environmentally friendly solutions and increased focus on sustainability. The question arises if the electric vehicle market is addressing the emerging cyber threats in the industry at the same time and how prepared the industry is. The key areas to look into with regard to this would be, OEM security, network security, cloud security, IOT and charging methods. It’s important to look at a few past security incidents in this phase and discuss challenges to predict what the future holds for the EV (electric vehicle) market. The topic is focused on mainly understanding the cybersecurity challenges in the EV market.
April 2023: NIST Auto Cybersecurity Community of Interest”
When
April 5th, 2023 11:00 AM EST
Who
Suzzanne Lightman, Senior Advisor, NIST; Nakia Grayson, IT Security Specialists, NIST
What
"NIST Auto Cybersecurity Community of Interest”
Description
NIST covers a wide range of topics in cybersecurity and many of these topics directly relate to the transportation sector and automotive in particular. To facilitate outreach to the automotive sector, NIST has created a Community of Interest. This presentation will introduce the community, its purpose and some of the activities that NIST will be communicating to the community over the coming year.
March 2023: Introducing the CyberAuto Challenge – a Tool for Talent Development and Engaging the Next Generation Workforce
When
March 1st, 2023 11:00 AM EST
Who
Karl Heimer, Principal, Heimer & Associates LLC
What
"Introducing the CyberAuto Challenge – a Tool for Talent Development and Engaging the Next Generation Workforce”
Description
This session describes the model and mission of the CyberAuto Challenge (and sibling events), its history of engaging students, observed outcomes, what the event is like to attend, and then intent for the 2023 year and future years.
February 2023: Cross-Sector Cybersecurity Performance Goals for Critical Infrastructure
When
February 1st, 2023 11:00 AM EST
Who
Peter Colombo, Senior Advisor, CISA
What
"Cross-Sector Cybersecurity Performance Goals for Critical Infrastructure”
Description
In October 2022, CISA published a set of Cross-Sector Cybersecurity Performance Goals (CPGs), which highlighted the most impactful actions critical infrastructure owner/operators can implement to meaningfully reduce cybersecurity risk. These are of particular value to small and medium sized entities as a tool to aid in identifying potential gaps in their capability and assessing where resources should be applied in a manner to have a meaningful impact on improving the cybersecurity posture of an organization. Rather than general investment in a broad cybersecurity program, the focus is on targeted investment in known areas of weakness.
January 2023: Auto-ISAC Automotive Cybersecurity Training (ACT) Program Overview
When
January 11, 2023 11:00 AM EST
Who
Tamara Shoemaker, Cybersecurity Training Lead, Auto-ISAC
What
"Auto-ISAC Automotive Cybersecurity Training (ACT) Program Overview”
Description
Join us to learn everything you every wanted to know about the Automotive Cybersecurity Training Program (ACT). 2023 signals the sustainment of the ACT program, so we’d like to take this opportunity to discuss the way forward and offer the community the time to ask questions about the program.
December 2022: CISCP to JCDC Transition
When
December 7, 2022 11:00 AM EST
Who
Dan Strachan, Senior Engagement Lead, Joint Cyber Defense Collaborative (JCDC)
What
"CISCP to JCDC Transition”
Description
CISA is pleased to announce plans to begin integration of the Cyber Information Sharing and Collaboration Program (CISCP) into the Joint Cyber Defense Collaborative (JCDC) model. Over the coming months, we will be working to integrate companies into the JCDC and establish specialized subgroups for real time information sharing.
November 2022: A Global Grassroots Community of 10,000+ Automotive Security Folks: The ASRG
When
November 2, 2022 11:00 AM EST
Who
Brandon Barry, CEO, Block Harbor Cybersecurity
What
A Global Grassroots Community of 10,000+ Automotive Security Folks: The ASRG”
Description
The Automotive Security Research Group is a non-profit grassroots organization focused on the workforce solving challenges in vehicle cybersecurity. Founded by John Heldreth in Stuttgart, Germany, with the next chapter being founded by Sean McKeever and Brandon Barry in Detroit, Michigan, the ASRG quickly grew to over 40 locations all over the world — from Africa to Australia — with over 12,000 people registering for a local chapter. The ASRG captures the interest of folks that want to discuss their day-to-day challenges in vehicle cybersecurity both with their local community and with the broader, global automotive security community. With an engaged academia community, strong membership, and passionate individuals donating their time to run local chapters, the ASRG is a platform to foster remarkable conversation, including hosting WORLD webinars where experts talk about topics in vehicle cybersecurity on YouTube and hosting the “Secure Our Streets” virtual conference in 2022.
October 2022: Auto-ISAC Education and Training Standing Committee (ETSC) 2022 Cybersecurity Awareness Project
When
October 5, 2022 11:00 AM EST
Who
Kristie Pfosi, Executive Director of Product Security, Aptiv- ETSC Chair
Christine Pelione, Cybersecurity Strategic Risk Manager, GM- ETSC Vice Chair
Tamara Shoemaker, ACT Program Manager, Auto-ISAC- ETSC Staff Lead
What
Auto-ISAC Education and Training Standing Committee (ETSC) 2022 Cybersecurity Awareness Project
Description
Cybersecurity is not a bolt-on solution. Like safety and quality, it needs to be designed from the concept phase and supported through the product’s end of life. In this modern vehicle ecosystem, cybersecurity is everyone’s responsibility. We are all in this together. We are all connected. Join this Community Call session to find out about our TLP White videos and posters the ETSC Awareness Tiger Team as put together for you to use during Cybersecurity month!
September 2022: Program SAE EV Charging Public Key Infrastructure Program
When
September 14, 2022 11:00 AM EST
Who
Tim Weisenberger, Program Manager, SAE International
What
SAE EV Charging Public Key Infrastructure Program
Description
EV Charging systems have crucial and growing interface points between the Automotive industry, EV drivers, and the Electric Grid/Energy industry. It is critical that these interfaces be secure and trusted. SAE has gathered global EV Charging Ecosystem members in a Cooperative Research Program, to create a solution by industry for industry. The SAE EV Charging PKI program has designed and is currently testing an inclusive, worldwide EV charging industry PKI platform that is secure, trusted, scalable, interoperable, and extensible. Once complete, the PKI design platform will be migrated to an industry consortium to field an operational industry PKI to strengthen electric vehicle charging system security industry wide.
August 2022: Continuous Automated Vulnerability Management for Safer Cars and Regulatory Compliance
When
August 3, 2022 11:00 AM EST
Who
Gilad Bandel, Business Development & Marketing, Cymotive
What
Continuous Automated Vulnerability Management for Safer Cars and Regulatory Compliance
Description
Real-time vulnerability monitoring will reduce costs during development by addressing them in their early stages. Tier 1s need to provide evidence of proper vulnerability management to OEMs, who in turn are required to submit for type approval to receive compliance certification as per UNR 155. Once the vehicle is on the road, the vulnerabilities must be continuously monitored with specific mitigation tactics for detected critical risk due to newly disclosed vulnerabilities. After all, it’s in the interest of OEMs to avoid any reputation damages and huge costs associated with cyber incidents. We will discuss how OEMs and Tier 1s should address challenges around vulnerability management and in addition, what are the most effective courses of action for mitigating those challenges.
July 2022: The FBI’s InfraGard Program
When
July 6, 2022 11:00 AM EST
Who
Bruce Churchill, Pacific Regional Representative & National Transportation Sector Chief, InfraGard National Members Alliance & Stephanie Scheuermann, Manager- Data Protection Services, Ford Motor Company
What
The FBI’s InfraGard Program
Description
The FBI’s InfraGard Program celebrated the 25th Anniversary of its 1996 beginning in the FBI’s Cleveland Field Office in 2021. Since then, the program has grown to over 75,000 members located in 75 Chapters nationwide. The InfraGard Program is locally/regionally based and covers all 16 of the DHS Critical Infrastructure Sectors. The Program also includes several Cross-Sector Councils and the National Sector Security & Resilience Program. The Program is managed by a national Board of Directors that includes two FBI ex-officio members and is financed through an FBI contract and corporate sponsorships. This presentation will cover InfraGard organization, operations and partnership opportunities.
June 2022: Automotive Firmware, Hypervisor and OS Cybersecurity Made Simpler
When
June 1, 2022 11:00 AM EST
Who
François-Frédéric Ozog, Director of Business Development, Linaro
What
Automotive Firmware, Hypervisor and OS Cybersecurity Made Simpler
Description
Cybersecurity is gaining traction in the automotive industry with ISO 21434 and 24089 being released.
Linaro and its members have been working on similar topics in a broader “industrial” context to address diversity of behaviours when it comes to cybersecurity on Arm processors.
Following intense market push, Linaro is about to create an automotive project and we are thus enhancing our cybersecurity approach to simplify the work of the automotive supply chain players in implementing ISO, UN WP.29 and NIST recommendations/requirements/regulations. The scope of this activity is Arm platform firmware, Xen hypervisor and Linux operating system. It is expected that this work will be leveraged by commercial providers to do the same.
The session will present available technologies on Arm platforms and the associated roadmap. In addition, the implementation routes to proper multi-tenancy in automotive will be discussed. A key challenge to solve is to give tenants such as insurance companies assurance that their data or algorithms are confidential and protected against tampering by any actor.
Topics to be covered:
- SecureBoot, MeasuredBoot,
- Sealed disks (intellectual IP protection and more)
- Firmware and secure firmware OTA with anti-bricking and anti-rollback policies
- Application/container security anchored at hardware root of trust
- Onboarding, provisioning
- Trusted Execution Environments
May 2022: Protecting and Enabling Global Revenue Streams
When
May 4, 2022 11:00 AM EST
Who
Kenneth J. Peterson, CTPRP, Founder and CEO, Churchill & Harriman, Inc.
What
Protecting and Enabling Global Revenue Streams
Description
Problem: There is a particular global confluence of High-Level risks across critical infrastructure that threaten existing and new revenue streams. These risks include those inherent in technical continuity, cyber resilience, and the potential for a ransomware attack. These risks are particularly acute in the relationship between manufacturers and their suppliers. These risks are increasingly manifested globally by two factors: 1) Increased dependence on remote working (usually without a firewall) as a result of COVID 19, and 2) Phishing Attacks and Ransomware. Boards of Directors require IT, and Risk Management executives produce evidence of these risks and the impact of these risks in order to make funding decisions to mitigate these risks and to protect and enable global revenue streams.
Solution: In this presentation, Kenneth will share proven processes and exercises through which these High-Level risks can be identified, risk-ranked, lessened and presented to The Board in order to protect and enable global revenue streams.
April 2022: Public Policy Affecting Automotive Cybersecurity
When
April 6, 2022 11:00 AM EST
Who
Tara Hairston, Senior Director, Technology, Innovation, & Mobility Policy, Alliance for Automotive Innovation
What
Public Policy Affecting Automotive Cybersecurity
Description
Although 2022 is an election year, there continues to be several policy initiatives that impact automotive cybersecurity. Whether traditional issues, such as incident reporting or supply chain risk management, or emerging issues, such as artificial intelligence or regulations of automated technologies, automotive ecosystem partners have plenty to monitor. This briefing will provide a high-level overview of relevant policy issues, how the Alliance for Automotive Innovation engages on said issues, and how the Alliance for Automotive Innovation works to support Auto-ISAC members through its policy work.
March 2022: Become A CyberPatriot Youth Mentor: Validate your Leadership Skills
When
March 2nd, 2022 11:00am
Who
Tamara Shoemaker, Cybersecurity Training Leader, Auto-ISAC
What
Become A CyberPatriot Youth Mentor: Validate your Leadership Skills
Description
Since the 2015 academic year, the regional coalition of schools known as the Midwest Colloquium for Information Systems Security Education (MCISSE) has been dedicated to increasing the number of Middle and High School students who participate in the National CyberPatriot Competition in Michigan by funding and supporting the Michigan CyberPatriot Program. The CyberPatriot program provides hands-on STEM education for students and opens the doors for STEM career pathways. Far too many local School districts and student groups across the country are not yet aware of the program and its advantages.
Join this session to learn how this program works and how you can become a Mentor for this program. Volunteer coaches and mentors are critical for the program’s success. These volunteers don’t have to be cyber experts but should have good technical knowledge. You just need a passion for teaching or mentoring students, MCISSE will show you just how easy it can be to validate your skills and pay it forward.
February 2022: Research into Defending Automobiles Via Intrusion Detection Systems (IDS)
When
February 2nd, 2022 11:00am
Who
Victor Murray, Manager, Cyber-Physical Systems Security, SWRI
What
Research into Defending Automobiles Via Intrusion Detection Systems (IDS)
Description
Modern automotive buses were designed for reliability rather than security. This lack of security means that any node on the bus can transmit a message to any other node and the receiver cannot verify the sender or that the message is unaltered. This presentation will discuss strategies to secure vehicle busses using Intrusion Detection Systems (IDS), with a focus on the Controller Area Network (CAN) bus. An overview of IDS concepts will be reviewed along with SwRI’s specific implementation, challenges that were faced, and the evaluation results. The developed IDS uses digital fingerprinting and application layer detection algorithms to identify anomalies. Bus segmentation is used to isolate agitating nodes and remove anomalous messages.
January 2022: Multi-stakeholder Cyber Crisis Response
When
January 5th, 2022 11:00am
Who
Paul Eisler, Senior Director of Cybersecurity, USTelecom
What
Multi-stakeholder Cyber Crisis Response
Description
In recent years, policymakers throughout the world have recognized the need for multi-stakeholder coordination to address the growing epidemic of cyber-attacks, particularly those that can rise to the level of a “cyber crisis”. Effective strategies and preparedness exercises are essential to responding quickly in serious events. For example, when a power plant has stopped working, a financial system has been disrupted, or people lose access to healthcare services.
December 2021 Community Call: Creating a Ransomware Incident Response Network
When
December 1st, 2021 11:00am
Who
Michael Daniel, President and CEO, Cyber Threat Alliance
What
Creating a Ransomware Incident Response Network
Description
Ransomware has evolved from an economic nuisance to a national security and public health and safety threat. However, we are largely fighting blind against this scourge. We lack reliable, representative data about ransomware’s scope, scale, distribution, and frequency. Further, actionable information about ransomware threats does not reach enough people or organizations. The industry-led Ransomware Task Force made several recommendations to address these two problems and one of those could directly involve ISACs. That recommendation calls for establishing a Ransomware Incident Response Network (RIRN), which would collect incident information and share defensive actions to counter specific ransomware threats. This briefing will discuss the ransomware problem, the proposed RIRN as a way to address a key information sharing problem, and the role ISACs can play in making this concept a reality.
November 2021 Community Call: Autonomous Ground Vehicle Security: Transportation Systems Sector
When
November 3rd, 2021 11:00am
Who
Ms. Katherine McClaskey, DHS Program Lead, U.S. Department of Homeland Security (DHS)
What
Autonomous Ground Vehicle Security: Transportation Systems Sector
Description
In 2020, CISA conducted an internal study and developed a report on autonomous vehicles. This report covers the historical trajectory and trends of autonomous surface vehicle systems, examines the shape of near-term adoption, identifies a threat model to understand and mitigate potential vehicle attacks caused by these systems, and presents ideas for efforts to mitigate these threats. In reviewing the report, CISA determined that the early adopters of autonomous ground vehicles in the Transportation Systems Sector (e.g., mass transit, trucking, and last mile delivery services) may benefit from guidance on potential threats and risk mitigation options. As such, CISA developed the Autonomous Ground Vehicle Security Guide: Transportation Systems Sector.
CISA developed the Autonomous Ground Vehicle Security Guide: Transportation Systems Sector based on the internal autonomous vehicles report, open-source research, and coordination with the Transportation Security Administration’s Surface Policy Division and the Department of Transportation’s Office of Intelligence, Security, and Emergency Response. Specifically, CISA developed the product to help Chief Security Officers (CSOs) and Chief Information Security Officers (CISOs) within the sector to understand the risks associated with autonomous ground vehicles and implement strategies that can greatly reduce risk to people and property.
October 2021 Community Call: The National Insurance Crime Bureau: An Overview and Discussion About the State of Vehicle Theft
When
October 6th, 2021 11:00am
Who
Mr. Darrell Russell Director of Operations-Vehicles, National Insurance Crime Bureau (NCIB)
What
The National Insurance Crime Bureau: An Overview and Discussion About the State of Vehicle Theft
Description
The National Insurance Crime Bureau (NICB) is the nation’s premier not-for-profit organization dedicated exclusively to fighting insurance fraud and crime. NICB is supported by more than 1,200 property and casualty insurance companies, rental car companies, self-insured organizations, and strategic partners. The mission of NICB is to be an intelligence-driven and operationally focused organization that leads a united effort of insurers, law enforcement agencies, and representatives of the public to proactively identify, combat, and prevent insurance crime. NICB partners with a variety of strategic partners (including automotive manufacturers) to fight these crimes and in recent years has become keenly aware of security issues associated to automotive electronic control units and the exploitation of these systems.