Keys to Creating a Cybersecurity Process from the J3061 Process Framework     New!

Web
Seminar

I.D.# WB1604Printable Description
Duration: 7 Hours
  Delivered in
Show Session Dates
November 27-December 1, 2017 (3 Sessions ) - Live Online
   

Connected vehicles are increasingly seen as a target for cybersecurity attacks. A key differentiator for the automotive industry is the use of cyber-physical systems, where a successful cybersecurity attack can affect physical entities. Often involving embedded electronics and real time control, these systems require different solutions in addition to established IT security principles and reactive responses to threats. Cybersecurity needs to be designed and built into cyber-physical systems throughout the development lifecycle to provide defense in depth. SAE J3061 provides an engineering process to design and build cybersecurity into vehicle systems in a comprehensive and systematic way, to monitor for and respond to incidents in the field, and to address vulnerabilities in service and operation. J3061 is unique in describing a process framework for cybersecurity that an organization can tailor against its other development processes. This allows an organization to develop an internal cybersecurity process consistent with its other processes in order to build cybersecurity robustness into their cyber-physical systems.

This web seminar will define key concepts in cybersecurity and discuss what a cybersecurity process consists of and why one is needed for the development of cyber-physical vehicle systems. Featuring instructors from the SAE Vehicle Cybersecurity Systems Engineering Committee, the course will feature the process framework described in J3061 that will enable participants to relate it to their own organization’s processes, including cybersecurity and safety activities. The instructors will provide guidance on how to tailor the standard’s process framework into an internal process to build cybersecurity robustness into cyber-physical systems. Different approaches to integrate the process within the participant’s organization, including the key issues and potential pitfalls with respect to implementation of a cybersecurity process, will be discussed. Key analysis activities that support the process, including Threat Analysis and Risk Assessment and Attack Tree Analysis, will also be presented.

Note: Due to the complexities and unique internal processes within each organization, participants will not be given a complete process implementation that can be directly applied in their organization. The information provided in the course will equip participants with the necessary foundation to begin tailoring the J3061 process framework for application within their organization.

Learning Objectives
By participating in this web seminar, you will be able to:

  • Define key cybersecurity concepts
  • Describe what a process consists of and why a cybersecurity process is needed
  • Relate the process framework described in J3061 to your own development processes
  • Recognize ways to integrate cybersecurity and safety within your organization
  • Describe analysis activities to be performed with respect to an effective cybersecurity process
  • Recognize potential pitfalls and key issues with respect to implementation

Who Should Attend
This course will be beneficial to anyone involved in cybersecurity including those wishing to lead their organization in implementing and applying a cybersecurity process. Cybersecurity engineers will learn the need for a cybersecurity process and comprehend the J3061 process framework for tailored application in their organization. Quality management professionals will learn that a cybersecurity process is another important factor in internal process improvement and auditing. Executives and management representatives will better understand how to use J3061 to build defense and in-depth cyber-physical vehicle systems and how to drive cost savings through a systematic process. Human Resources will comprehend the need for seeking out individuals with the skills needed to address cybersecurity within their organizations.

Topical Outline
Session 1

  • Brief History of Automotive Security and Cybersecurity
    • Introduction to Connected Vehicle Applications
  • Cyber-Physical Systems
    • Difference between cyber-physical systems security (cybersecurity) and IT security
  • Five Levels of Vehicle Attack: wireless, wired; ECU external / internal; software / silicon
  • Reactive vs. Proactive Approach to Cybersecurity
  • What is a Process?
  • Key Concepts in Cybersecurity Defined
  • Introduction to J3061
    • What components of a process are captured
    • Scope, rationale and intent
    • Tailoring from the ISO 26262 process framework
  • When to Apply a Cybersecurity Process
  • Cybersecurity Process Overview
    • Motivation for a well-defined and well-structured process
    • J3061 process framework
    • Milestone and gate reviews
Session 2
  • Cybersecurity Process Details
  • Overall management of cybersecurity
  • Concept phase
  • Product development at the system, hardware and software levels
Session 3
  • Production, Operation and Service
  • Supporting Processes
  • Relationship between Cybersecurity Process and Safety Process
  • Review of Appendices A, C-E, G-I
  • Tailoring the J3061 Process Framework into an Internal Process
  • Examples of Key Analysis Activities
    • Threat Analysis and Risk Assessment
    • Attack Tree Analysis
  • Summary

Instructor(s): Barbara Czerny and David Ward
Barbara CzernyDr. Barbara Czerny is Sr. Technical Specialist Safety and Cybersecurity at ZF TRW. She has over six years of experience working in automotive cybersecurity and began promoting a cybersecurity process in early 2012 at SAE. An active member of several SAE International committees, Dr. Czerny played a key role in the development of the SAE Recommended Practice J3061. She has authored numerous papers and presentations in the areas of cybersecurity and safety-critical automotive system and has co-led workshops. Dr. Czerny also has over 18 years of experience working in automotive system safety and has worked on advanced development safety-critical automotive systems. She is an ISO technical expert and has actively participated in the development of ISO 26262 from its beginning. She is a member of the US Technical Advisory Group that worked on the development of ISO 26262. Dr. Czerny holds MS and PhD degrees in Computer Science from Michigan State University.

David WardDr. David Ward is Senior Technical Manager, Functional Safety at HORIBA MIRA. In this role, he provides leadership in development and independent assessment of automotive electronic system safety, reliability and cybersecurity. Since joining HORIBA MIRA in the 1990s, Dr. Ward has been instrumental in industry activities to develop standards and guidance for automotive functional safety, beginning with the pioneering MISRA “Guidelines for Development of Vehicle Based Software” in 1994 and more recently as the UK Principal Expert to ISO/TC22/SC32/WG8 “Road Vehicles – Functional Safety”, which develops ISO 26262. Dr. Ward is an active contributor to the automotive industry’s first standard for cybersecurity SAE J3061. In recognition of his contribution to standardization in functional safety, he was awarded the Institute of Mechanical Engineers Award for Risk Reduction in 2013. Dr. Ward holds an MA degree in Natural Science from the University of Cambridge, a Ph.D. in Electrical Engineering from the University of Nottingham, UK and holds appointments as a Visiting Professor in Functional Safety at Coventry University, UK and in Engineering Design at the University of Leicester, UK.

Registration Information
Registration for this live web seminar is available on a per-person basis, similar to purchasing a seat in a classroom. Participants attend an online session from work or home; anywhere with a PC with internet access (at least 56K) and a telephone. The fee includes one connection to the conference calls (toll free telephone number provided for U.S. and select countries*) and assigned personal ID number; one connection to SAE's online training center (via WebEx); and access to a secure course in the SAE Learning Center that contains the presentations, class session recordings, supplemental materials, and assignments.

Registrations will be accepted until 5:00 p.m. the day before the start of the web seminar, but early registration is encouraged to allow for pre-course set-up and instructions.

*Global toll-free telephone numbers are provided for many countries outside the U.S., but are limited to those on the WebEx call-in toll-free number list. Check here to see if your country has a global call-in toll free telephone number for this web seminar. If your country is not listed, you may still connect using the US/Canada Call-in toll number or Voice over Internet Protocol (VoIP).

Although WebEx Training Manager will automatically launch when you join the web seminar, you or your system administrator are encouraged to download the plug-in in advance to help ensure successful setup. Click here, then follow the onscreen instructions.

NOTE: The course presentation will be recorded and made available for 30 days to those who register by the deadline.

Multiple Seat Discount - Does your company have a group of employees who need this course? Register one individual at the appropriate member or list price, then register additional employees at half off the list price. Registration by phone with SAE Customer Service is required to take advantage of this discount. Register all individuals at the same time or mention the confirmation number for the first registrant. The offer is good for only the same web seminar offering. All registrants will receive a personal account and opportunity for CEUs.

Cancellations
Can't attend on the date/time above? The presentation will be recorded and made available for 30 days to those who are registered, regardless of availability for the live session. If you still need to cancel, transfer to a future offering, or designate a substitute, a full refund is issued if you notify SAE at least 14 days prior to the web seminar start date. If less than 14 days prior, please contact SAE Customer Service to discuss options*. NOTE: SAE reserves the right to cancel web seminar and cannot be held responsible for related costs incurred by registrants other than the registration fee.

*Cancellation penalties may apply.

Fees: $610.00 ; SAE Members: $488.00 - $549.00

.7 CEUs
You must complete all course contact hours and successfully pass the learning assessment to obtain CEUs.

To register, click Register button at the top of this page and submit the online form, or contact SAE Customer Service at 1-877-606-7323 (724/776-4970 outside the U.S. and Canada) or at CustomerService@sae.org.