Cybersecurity: An Introduction for the Automotive Sector     New!

Open
Enrollment
On-site
Delivery

I.D.# C1619Printable Description
Duration: 1 Day
  Delivered in
July 17, 2017 (8:30 a.m. - 4:30 p.m. ) - Troy, Michigan    

Hotel & Travel Information

The automotive industry is the new "battleground" for cybersecurity. Following the path of desktops/laptops, tablets, and mobile phones, the automotive industry is now the "hot" area for both academic researchers and hackers. This will transform the automotive industry just as it transformed traditional information technology and the mobile markets; it is inescapable, but it can be beneficial and a well prepared company can find significant benefit in being a market leader.

What does cybersecurity mean? Who is attacking and why? What must we change? What can stay the same? What is the larger organization's role in cyber? What will the government likely do and how will it affect us? Are there measurements - what does "secure" look like? These questions and more will be answered by this seminar.

We live in an age when cyber-related recalls will happen, when remote, over-the-air updates will become routine, and in which our cars have more lines of code than a small office. This seminar introduces critical cybersecurity concepts and puts them in an automotive context. It cuts through to the "so what" basics that enable understanding and provides ideas to implement in your company. Interaction and discussion is important, so after each lecture block there is a discussion period and a written work product.

Learning Objectives
By attending this seminar you will be able to:

  • Describe key concepts in automotive cybersecurity such as the InfoSec Triad; Threat, Vulnerability, and Risk; Defense in Depth, etc.
  • Understand the importance of organizational roles and support, and how doing this can make cybersecurity an operational value proposition and not just a costly after-thought
  • Understand and recognize good software and embedded security practices
  • Understand why "hackers" are focusing on the automotive industry, and how they tend to think and operate.

Who Should Attend
This seminar is intended for anyone not familiar with automotive cybersecurity. The material covered is introductory and appropriate for both engineering staff and management looking to learn about the cybersecurity issues that affect all aspects of the automotive industry.

Prerequisites
None. However, an engineering background will be helpful.

Topical Outline

  • Introduction
    • Definitions
    • Vulnerability
    • Threat
    • Risk
    • TARA (Threat Assessment and Remediation Analysis)
    • Architecture
    • Attack classes
    • State of the Standards (SAE, NIST, ISO)
  • InfoSec Triad - "Plus"
    • Confidentiality
    • Integrity
    • Availability
    • Non-repudiation
    • Apply to automotive
    • Discuss critical design features (e.g. availability vs integrity)
  • Exercise
    • Short question and answer with problem assignment
  • InfoSec Governance
    • Standards
    • Roles and responsibilities
    • Ongoing monitoring
    • Oversight
    • Value
  • Secure Software Development
    • Scope/scale of problem
    • Proper design of software quality assurance/testing
    • Continuous integration
    • Evaluation of 3rd party code
    • Techniques (e.g. overflows, data protection, etc.)
    • Cryptography
  • The Adversary - Hackers
    • Changing demographics, motivation, and identity
    • Work process (e.g. flash dumping dynamic analysis, etc.)
    • Case study
  • Exercise
    • Short question and answer with problem assignment
  • Embedded Security
    • How embedded security differs from “traditional” security – pros and cons
    • Embedded hardware lock-down
    • Key software development for embedded systems
  • Diverse Topics
    • Overview of some hardware and software cybersecurity techniques and products
    • Resiliency
    • Supply chain cybersecurity
    • Understanding built-in vs bolt-on argument and how to evaluate efficacy
    • Defense in depth
    • Stepping through an exemplar layered system
  • Final Exercise
    • Question and answer with guided exercise

ARTICLE: Need for cybersecurity awareness for managers grows

Instructor(s): Karl Heimer or Robert Dekelbaum
Karl Heimer is a founding partner of AutoImmune, Inc. AutoImmune was founded to exclusively address the cybersecurity challenge in the automotive space. Mr. Heimer is also a Senior Technical Advisor to MEDC and the State of Michigan for cybersecurity for the automotive and defense sectors. Mr. Heimer was formerly of Battelle where he examined and developed new growth areas and, among other things, founded its Center for Advanced Vehicle Environments to focus cyber-security practices on the modern car environment. This group developed security products, performed red team assessments, and advised security design methods to the automotive marketplace. He also founded the Battelle CyberAuto Challenge (which became the SAE-Battelle CyberAuto Challenge in 2015), a well-regarded security event in the industry which serves to expand the automotive cyber-security community of interest and also show promising high school and college students what an exciting field automotive cyber-security is becoming and help connect them to mentors in industry and government. Mr. Heimer has been on both the attack and defense side of "cyber" since the '90s with roles on red teams, cyber forensics, and basic research. He was the manager for several technical projects creating secure mobile solutions for both Department of Defense and the consumer market.

Robert Dekelbaum ("Deker") is a founding partner of AutoImmune, Inc. AutoImmune was founded to exclusively address the cybersecurity challenge in the automotive space. Deker was former the operations officer for Battelle’s automotive cybersecurity organization, the Center for Advanced Vehicle Environments. He has been a mobile security engineer, security Q/A test engineer, and cybersecurity trainer and lab manager for many projects for the US Department of Defense from 2002-2012; prior to that he ran security programs for large ISPs.

Fees: $810.00 ; SAE Members: $648.00 - $729.00

.7 CEUs
You must complete all course contact hours and successfully pass the learning assessment to obtain CEUs.

To register, click Register button at the top of this page and submit the online form, or contact SAE Customer Service at 1-877-606-7323 (724/776-4970 outside the U.S. and Canada) or at CustomerService@sae.org.

For a quote on bringing this course to your company site, fill out a Corporate Learning Solutions Request Form