All events to be held at the Ford Conference and Event Center unless otherwise indicated.
Tuesday December 12, 2017
9:00 am to 4:00 pm
Executive Level Tabletop- Invite Only
4:00 pm to 5:30 pm
All Member Meeting
6:00 pm to 8:00 pm
Executive and Member Cocktail Hour at the Dearborn Inn
7:00 pm to 9:00 pm
Board Dinner hosted by Agari at the Dearborn Inn- Invite Only
Wednesday December 13, 2017
7:30 am to 8:30 am
Registration & Breakfast
8:30 am to 8:45 am
Speaker: Tom Stricker, Vice President, Product Regulatory Affairs, Toyota North America
8:45 am to 9:30 am
9:30 am to 10:15 am
Keynote Fireside Chat
Cruising past information sharing pitfalls: Cross-industry insights
- What are common challenges for cybersecurity and information sharing initiatives and what can be done to overcome them?
- What does good cybersecurity look like?
- What can we learn from successes in the Intel Community and other industries?
- How can automotive strengthen cybersecurity, through information sharing and beyond?
10:15 am to 10:45 am
10:45 am to 11:15 am
Sponsored PresentationPreventing Cyber Attacks Before Any Damage
Zero-day attacks on autonomous vehicles present a major challenge for cybersecurity design. A newly discovered vulnerability could open the door for a hacker to infiltrate an externally connected ECU and tamper with critical safety systems. This scenario is not only possible–but probable–if we don’t find a way to stop hackers BEFORE they execute malicious code in the car.
Heuristic-based security leads to false positives. This “better safe than sorry” approach may work for data protection, but if a cybersecurity solution in a vehicle blocks a legitimate safety function it could be disastrous.
No Room for Errors
It’s not sufficient to minimize the number of false positives. A single error could cost lives. In this talk, Karamba’s CEO, Ami Dotan, will explain how to overcome these challenges with deterministic security that hardens the vehicle’s ECU based on factory settings. Using seamless binary sealing, it automatically maps all function call sequences and creates a security policy that detects and blocks any attempt to download malware or initiate illegitimate function calls.
As a solution that detects and stops attacks–without false positives and with negligible performance impact –Karamba’s Autonomous Security software provides a comprehensive data set about the attack attempt. Any time an attempt to exploit a vulnerability, Karamba provides forensics to be shared with Auto-ISAC subscribers. This data includes:
- Type of attack
- ECU type
- Process ID
- Stack dump
- Registers value
- VIN numbers (optional)
In the spirit of Information Sharing and Analysis, we can collectively use this threat data and forensics to collaborate. We can find new ways to prevent exploit attempts and pinpoint security vulnerabilities in runtime.
Speaker: Ami Dotan, CEO & Co-Founder-Karamba Security
11:15 am to 11:45 am
RoundtableNational Council of ISACs and the Importance of Cross-Sector Sharing
Speaker: Denise Anderson, NH-ISAC
The National Council of ISACs (NCI), formed in 2003, comprises 24 organizations. It is a coordinating body designed to maximize information flow across the private sector critical infrastructures and with government. Information Sharing and Analysis Centers help private sector owners and operators protect their facilities, personnel, and customers from cyber and physical security threats and other hazards. Sector-based Information Sharing and Analysis Centers (ISACs) collaborate and coordinate with each other via the National Council of ISACs (NCI). ISACs collect, analyze and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency. ISACs reach deep into their sectors, communicating critical information far and wide and maintaining sector-wide situational awareness.
Council members are present on the National Cybersecurity and Communications Integration Center (NCCIC) watch floor, and NCI representatives can embed with National Infrastructure Coordinating Center (NICC) during significant national incidents. The Council and individual members also collaborate with other agencies of the federal government, fusion centers, the State and Local Tribal Territorial Government Coordinating Council (SLTTGCC), the Regional Consortium Coordinating Council (RCCC), the Partnership for Critical Infrastructure Security (PCIS) — the Cross-Sector Council, and international partners.
This panel discussion will describe the NCI mission, vision, and its activities. It will cover how a multitude of ISACs are working cross-sector on a daily basis. The panelists will also discuss how it collaborates during incidents. Attendees will learn why it is important for the various sectors to share with each other and how collaborating makes the whole of industry and critical infrastructure and operators more resilient.
Moderator: Faye Francy, ED, Auto-ISAC
Panelist: Denise Anderson, Chair of NCI, ED National Health ISAC
Panelist: Fred Hintermister, Vice Chair of NCI, E-ISAC
11:45 am to 12:15 pm
Speaker: John Felker, Director of NCCIC Operations
12:15 pm to 1:15 pm
1:15 pm to 2:00 pm
State of Michigan Cyber and Auto Efforts
Speaker: Rajiv Das, Chief Security Officer for State of Michigan
2:00 pm to 2:30 pm
CISCP is a voluntary information-sharing program among critical infrastructure partners and the Federal Government. The program builds a community of trust and enhances collaboration between participants
Speaker: Toni Haynes, Cyber Threat and Risk Analysis Branch, NCICC CTDA
2:30 pm to 2:45 pm
Improving the Cybersecurity Posture of Modern Vehicles
Modern vehicles continue to evolve incorporating software and electronics. These complex and software-intensive vehicles are advancing the possibility of vehicles that stop themselves and eventually drive themselves. These technological advances however also introduce new risks from a cybersecurity perspective. The National Highway Traffic Safety Administration’s (NHTSA) primary interest is in the potential safety ramifications of cybersecurity vulnerabilities. The Agency is conducting research and working closely with respective Federal Agencies, industry entities, and other stakeholders to support the industry find innovative solutions to protect consumers and their vehicles from cyber threats. Over the past 3 years, NHTSA and many other partners have produced several studies, best practices, and other documents to help industry improve the cybersecurity posture of modern vehicles. NHTSA looks forward to continued collaboration and intelligence sharing.
Speaker: Nat Beuse, Associate Administrator National Highway Traffic Safety Administration
2:45 pm to 3:30 pm
Legal and Policy Challenges Around Global Information Sharing
Autonomous vehicles provide tremendous opportunities for safer, more widely accessible and more efficient transportation. However, vehicle manufacturers, commercial vehicle operators and suppliers of sophisticated automotive technologies are facing changing market dynamics, increasing cybersecurity risks and evolving regulations related to those risks. Our panelist will provide insights on the legal and policy challenges raised by this new landscape, how the automotive industry can start navigating these challenges and the role the Auto-ISAC can play.
Moderator: Linda Rhodes, Mayer Brown
Panelist: Hilary M. Cain – Director, Technology, and Innovation Policy Government Affairs
Panelist: Paul Hemmersbaugh – Chief Counsel and Public Policy Director, Transportation as a Service, at General Motors.
Panelist: Norma Krayem – Sr Policy Advisor, Co-Chair, Cybersecurity and Privacy Team Holland & Knight.
Panelist: Roberto Rossetti – Vice President Engineering at BMW
3:30 pm to 4:00 pm
4:00 pm to 4:30 pm
Speaker: Doug Maughn, Department of Homeland Security
4:30 pm to 5:00 pm
Baking Cybersecurity into the Development of the Driverless Car
IHS Markit forecasts that 25% of vehicles sold globally 6 years from now will be equipped with cybersecurity cloud services. With the attack surface of connected cars still expanding, a strong cybersecurity infrastructure that protects our vehicles is necessary for the safe deployment of autonomous, driver-less cars on public roads. In his talk, Yuval Weisglass, VP R&D for HARMAN’s Automotive Cyber Security Business Unit, will discuss the underlying security issues surrounding connected cars and will detail the ingredients for making our autonomous cars safe and protected against cyber attacks.
Speaker: Yuval Weisglass, VP R&D, Automotive Cyber Security-HARMAN
Networking Cocktail Event at the Automotive Hall of Fame
Thursday December 14, 2017
7:00 am to 8:00 am
8:00 am to 8:45 am
Confronting Cyber Threats: Cybersecurity from the FBI’s Perspective
Speakers: Tom Winterhalter, Assistant Section Chief, FBI & Ed Parmelee, SSA, FBI
8:45 am to 9:15 am
Hacking the Modern Day Car
The SAE J1962 connector, also known as the Data Link Connector (DLC), or the OBD (On Board Diagnostics) Port is required by California Air Resources Board and US EPA regulations to provide legislated data that reports on the health of the vehicle’s emission control system. OEMs do not have the option of not providing this connector or the legislated data. This access is done in many states via the “inspection and maintenance” process. OEMs also currently use the port as a convenient method to provide enhanced diagnostics information to the service community. This presentation will discuss this accessibility and potential mitigation strategies as applied to the vehicle hacking via this port.
Speaker: Bob Gruszczynski, OBD Communication Expert, Volkswagen Group of America
9:15 am to 9:45 am
Cyber‐Security Program for Connected, Self‐Driving Robots –A Semiconductor Perspective on Solutions
The automotive market is quickly evolving to protect vehicle architectures from cybersecurity attacks. As a long-term supplier to the non-automotive security market, NXP Semiconductors will present some of the challenges and solutions of building a strong cybersecurity mindset. This involves implementing a security development process that integrates industry standards/best practices, a global security organization, incident response and strong cybersecurity design/business practices.
Speaker: Fabrice Poulard, Director, Security, Automotive BU, NXP
9:45 am to 10:15 am
10:15 am to 10:45 am
Safety and Security
Speaker: Brian Murray, Director, Safety and Security Excellence, ZF
10:45 am to 11:15 am
An in-flight analysis of one OEM’s evolving IR journey, from initial incident overload to a perceived PAX Romana, to a recent IR reckoning. GM’s Product Cybersecurity IR manager will provide a quick overview of lessons learned since program inception, discuss the relationship between IR and vulnerability management, and reinforce fundamental IR concepts and references to assist with program standup.
Speaker: Matt Mackay, Manager, Product Cybersecurity Governance & Risk Analytics, General Motors
11:15 am to 11:45 am
Implementing and Managing Secure Authentication in the Automotive Industry
The last decade has seen an exponential growth in network-connected devices and applications used in the automotive industry. The growth of these technologies continues at a dizzying pace and has created a need for properly implemented and managed secure authentication, both between people and automotive systems and between applications and devices.
The challenges the automotive industry faces as it attempts to implement “trust anchors” and trusted authentication infrastructure is not due to a lack of technology, but in how a secure authentication infrastructure is implemented and managed throughout the lifecycle of the systems, devices, and applications. The challenges include key management, certificate issuance, certificate revocation, and adequately securing private keys. Additionally, the various stakeholders in the automotive industry is in need of convergence on the general topic of trust anchors and authentication, including an understanding of basic definitions, risks and benefits associated with various technology and implementation choices (such as symmetric and asymmetric cryptography), pre-conceived notions, crypto-agility, and global acceptance and considerations. While there has been much talk about how this would go about in various working groups throughout the automotive industry and technology space, there has been no convergence on the topic. This presentation will focus on what challenges the automotive industry faces in building and maintaining a securely authenticated ecosystem, how the industry is moving forward to address them and propose some solutions that can help address the challenges.
Speaker: Mike Ahmadi, Global Director- IoT Security Solutions-DigiCert
11:45 am to 12:30 pm
Building a Comprehensive Cybersecurity Program
Autonomous vehicles are going to save lives, and cybersecurity is a fundamental need to protect the safety, quality, and reliability of this new vehicle technology. As we navigate toward this autonomous future, strong cybersecurity will help us earn the confidence of our regulators and the trust of our customers.
We’re at this Summit because the industry has come together to collectively address vehicle cyber risk through Auto-ISAC. And this panel recognizes the work that OEMs, suppliers, and the commercial vehicle sector are individually undertaking to build their internal cybersecurity programs. Please join as our panel of expert representatives from Auto-ISAC share their insights:
- What does good cybersecurity look like?
- How do you build toward that target state?
- How do you elevate cyber as a business priority?
Panelists: Erik Benavides, Senior Group Manager, Vehicle Cybersecurity, Hyundai Motor America Josh Noonan, Vice President, Information Security Officer, Enterprise Holdings Roger Berg, Vice President, North America Research and Development, DENSO
Moderated by: Alexandra Heckler, Cyber Strategy Consultant, Booz Allen Hamilton
12:30 pm to 1:30 pm
1:30 pm to 2:15 pm
Achieving Product Security and IT/OT Integration Across the Enterprise
The race towards autonomous vehicles and the security of Internet-connected automobiles has shifted needed resources towards product security. CEOs, CFOs, and CISOs are responsible not only for product security but must align with corporate security to ensure all programs work in a complementary fashion, as cybersecurity threats exist in the factory, across the enterprise and supply chains, in future M&A targets, and indirect attacks on vehicle components. The panel will discuss how to build a holistic, integrated security program.
Moderator: Emilian Papadopoulos – President, Good Harbor Security Risk Management
Panelist: Derek Benz, Chief Information Security Officer, Ford Motor Company
Panelist: Jeffrey Massimilla – Vice President for Vehicle Safety and Product Cybersecurity, General Motors
Panelist: Brian Murray – Director, Safety and Security Excellence, ZF TRW
Panelist: Jennifer Tisdale – Cyber Automotive Project Manager, Mazda North American Operations
2:15 pm to 2:45 pm
Speaker: Lisa Boran, Manager, Vehicle Cybersecurity, Ford
2:45 pm to 3:15 pm
Cyber Analytics for IoT
Enterprise scale businesses are drowning insecurity data, struggling to convert it into actionable information. Data warehouses swell with the feeds from an ever-growing pool of new devices, including connected vehicles that need to be monitored and managed. Security teams have no shortage of tools that alert and protect — usually more than they have time to properly maintain, but how effective are they with turning all this data into something beyond technical remediation? What is the real impact from safety, financial, or regulatory perspectives? Deloitte Cyber Risk representatives Eric Mazurak and Ajay Arora will share the client challenges we are hearing: defining and monitoring those sources of cyber risk in IoT and beyond.
Speakers: Eric Mazurak, Sr. Mgr., Deloitte Cyber Risk & Ajay Arora, Sr. Mgr., Deloitte Cyber Risk
3:15pm to 4:00 pm
Automotive cybersecurity is a relatively new field, and it significantly differs from cybersecurity in related domains such as entertainment, communication, and even medical and aviation. Automotive cybersecurity comes with very different risk models, level of technical and organizational complexity, and cost limitations, resulting in different solutions. At the same time, it would be foolish to not learn cybersecurity solutions from more mature industries. It is commonly understood that all stakeholders, including industry, government, and academia, need to collaborate to handle the topic and gain an advantage to malicious actor. This panel will provide the perspectives from those main stakeholders, including members from carmakers, suppliers, academia, and government.
Moderator: André Weimerskirch, VP Cybersecurity, Lear Corporation
Panelist: Yuval Weissglas, CTO, TowerSec
Panelist: Jeremy Daily, Associate Professor, University of Tulsa
Panelist: Kevin Harnett, Project Manager/IT Specialist — Information Security, Volpe/US DOT
Panelist: Doug Longhitano, Manager — Connected & Automated Vehicle Policy, American Honda
4:00 pm to 4:45 pm
Smart Vehicles in a Smart World
Our cities are undergoing extreme changes and now, more than ever, vehicles need to be connected and transportation infrastructure needs to get smarter and mobility more accessible. Together we can address this by transforming our thinking about vehicles and standalone hardware, and begin to see them as nodes in an intelligent system to create smart vehicles in a smart world.
Speaker: Don Butler, Executive Director, Connected Vehicles, and Services, Ford Motor Company
4:45 pm to 5:00 pm
Speaker: Jeff Massimilla, Vice President for Vehicle Safety and Cybersecurity, General Motors