Security risk analysis approach for on-board vehicle networks

Size: px
Start display at page:

Download "Security risk analysis approach for on-board vehicle networks"

Transcription

1 1 Security risk analysis approach for on-board vehicle networks Alastair Ruddle Consultant, MIRA Limited

2 Motivation 2 o o Future vehicles will become mobile nodes in a dynamic transport network vehicle systems will be under threat from malicious individuals and groups seeking to gain personal or organizational advantage ensuring security will be critical for the successful deployment of V2X technology EU project EVITA aims to prototype a toolkit of techniques and components to ensure the security of in-vehicle systems hardware, software, analysis methods

3 EVITA scope and assets 3 EVITA only aims to investigate network security solutions at vehicle level Different levels of security protection are envisaged, depending on need Some assets may not require security measures (low risk) Risk analysis aims to prioritize security requirements

4 EVITA project security risk analysis rationale 4 o Too costly to protect against every threat, so need to rank risks in order to prioritize countermeasures o Risk associated with a security attack depends on: severity of impact (ie. harm to stakeholders) drivers, other road users, civil authorities, ITS operators, vehicle manufacturers and system suppliers probability of successful attack depends on attacker resources, nature of attack o Physical safety is a key aspect of security physical harm may be an objective of an attack harm may also be an unintended consequence

5 Safety and security 5 o Physical safety is a key aspect of security physical harm may be an objective of an attack harm may also be an unintended consequence o Automotive ot functional safety standards ds are based on qualitative measures of relative risk, severity and probability natural basis for automotive security risk analysis o For safety-related security risks, probability needs to include controllability of hazardous situations opportunity for drivers to influence outcome for safety- related security hazards

6 Starting point EVITA Use Cases 6 A suite of 18 potential use cases was defined, based on EASIS project network architecture In vehicle network structure Powertrain PTC Engine Control Hybrid Drive Transmission PT Sensors Chassis & Safety CSC Diagnosis Interface Body Electronic BEM Communication Unit CU Brake Control Instrument Audio Chassis / Steering Environmental Sensors Passive Safety Airbag Chassis Sensors e.g. Steer Angle Door Modules Light Control Climate Seat ECU Head Unit HU Display / Video Navigation Telephone GPS/Galileo UMTS DSRC USB Bluetooth Mobile Device Scenario classes: car-car car-infrastructure mobile devices aftermarket maintenance Assumed reference architecture

7 Security threat agents and their motivations 7 o Dishonest drivers avoid financial obligations, gain traffic advantages; o Hackers gain/enhance reputation as a hacker; o Criminals and terrorists financial gain, harm or injury to individuals or groups; o Dishonest organisations driver profiling, industrial espionage, sabotage of competitor products; o Rogue states achieve economic harm to other societies

8 Generic security threats and objectives 8 Generic security threats Aims Target Approach Motivation Security objectives Harming individuals Driver or passenger Interference with safety functions of a specific vehicle Criminal or terrorist activity Safety Privacy City or state economy, Interfere with safety functions of Harming Criminal or Safety through vehicles many vehicles or traffic groups terrorist activity and/or transport management functions Operational Gaining personal advantage Gaining organizational advantage system Driver or passenger Vehicle Transport system, vehicle networks, tolling systems Driver or passenger Vehicle Theft of vehicle information or driver identity, vehicle theft, fraudulent commercial transactions Interference with operation of vehicle functions Criminal or terrorist activity Privacy Financial Interference with operation of Build hacker Operational reputation Privacy Interference with operation of traffic management functions or tolling systems Avoiding liability for accidents, vehicle or driver tracking Interference with operation of vehicle functions, acquiring vehicle design information Enhanced traffic privileges, toll avoidance Fraud, criminal or terrorist activity, state surveillance Industrial espionage or sabotage Operational Privacy Financial Privacy Financial Privacy Operational Safety

9 Security hazard classification 9 o Different security aspects are not independent safety is definitely a sub-set of operational financial is perhaps a subset of privacy o Why separate the proposed security aspects? certain aspects relate to particular attacker types privacy industrial espionage, surveillance operational industrial i sabotage, nuisance hacker safety opportunistic harm (terrorism) privacy and safety targeted harm (crime) privacy and financial crime (opportunistic, organized) safety has special features potential for driver to intervene to mitigate some hazards

10 Threat analysis Attack Trees 10 Common model to map attack trees to risk analysis

11 Sample attack tree 11 Developed by brainstorming (based on EVITA uses cases considering identified threat agents and their motivations)

12 Severity classification in vehicle safety engineering 12

13 Extending from safety to security 13

14 Severity classification of privacy infringements 14

15 Financial severity classification 15

16 Security severity classification a 4-component vector 16

17 Attack potential and probability 17 o o Attack potential evaluation using established, structured approach from Common Criteria applied in EVITA at asset attack level l of attack trees Indicative of attack probability (inverse relationship) numerical scale used to represent relative ranking of attack probability

18 Evaluation of attack potential 18 o Factors considered (ISO/IEC 18045) elapsed time attacker expertise system knowledge required window of opportunity equipment required o Each factor has a number of classes each assigned with a numerical value e.g. attacker expertise layman (0), proficient (3), expert (6), multiple experts (8) o Attack potential classes based on ranges of total numerical value

19 Controllability safety hazards 19 Possibility for the driver (and/or other traffic participants) p to mitigate possible safety hazards

20 Risk graph (fragment only) 20 Non-safety aspects addressed with table for controllability C=1 (C>1 only for safety issues)

21 Attack tree tables for risk analysis 21 A compressed tabular attack tree representation provides a convenient framework for documenting the risk analysis Attack Objective Severity (S) Attack Method Risk level (R) Combined attack method probability (A) Asset (attack) a & B1 R B1(S B, A B1) A B1=min{Pa,Pb} b B S B d B2 R B2 (S B, A B2 ) A B2 =max{pd,pe,pf} P Pf} e Pe f Attack Probability (P) Pa Pb Pd P Pf OR: as easy as the easiest option AND: as hard as the hardest component

22 Overview of EVITA attack trees 22 o The 18 EVITA use cases suggested 10 attack trees: attack E-call, attack E-toll tamper with warnings, attack active break manipulate speed limits, force green light manipulate traffic flow, simulate traffic jam unauthorized braking, engine denial-of-service o These are representative, but not exhaustive o Rationalization of the attack trees revealed: 44 different asset attacks, involving 16 different assets o Risk analysis provides the means to assess the relative importance of protecting ti these assets

23 Risk-based prioritisation of counter-measures 23 Identified threats Risk analysis results Security requirements Asset Attack Risk level Instances 1 3 Authenticity_6, Availability_102, Denial of service Chassis 2 1 Availability_106 Low priority Safety Exploit Controller 4 1 Authenticity_1, Authenticity_2, implementation i flaws 5 1 Authenticity_3 2 5 Confidentiality_1, Confidentiality_2, Authenticity_ Corrupt or fake 4 4 Wireless messages 5 1 Important to protect Comms 6 4 againstthis this asset attack Availability_107, Availability_108, Jamming 5 2 Integrity_102

24 Conclusions 24 o o A security risk analysis approach has been developed from automotive safety and IT security practices attack trees to identify asset attacks from use cases, attacker type and motivations 4-component security risk vector, potentially including security-related related safety issues attack potential and controllability to assess probability of successful attack Level and frequency of risks associated with asset attacks identified in attack trees indicate priorities iti for counter-measures

25 Acknowledgements 25 For further information see:

Vehicular On-board Security: EVITA Project

Vehicular On-board Security: EVITA Project C2C-CC Security Workshop 5 November 2009 VW, MobileLifeCampus Wolfsburg Hervé Seudié Corporate Sector Research and Advance Engineering Robert Bosch GmbH Outline 1. Project Scope and Objectives 2. Security

More information

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications 7 th escar Embedded Security in Cars Conference November 24 25, 2009, Düsseldorf Dr.-Ing. Olaf Henniger, Fraunhofer SIT Darmstadt Hervé

More information

Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis

Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis Andreas Fuchs and Roland Rieke {andreas.fuchs,roland.rieke}@sit.fraunhofer.de Fraunhofer Institute for

More information

The research area of SET group is software engineering, and model-based software engineering in particular:

The research area of SET group is software engineering, and model-based software engineering in particular: Introduction The research area of SET group is software engineering, and model-based software engineering in particular: Given the high-tech software-intensive industry in the Eindhoven region, we consider

More information

Automotive and Industrial Data Security

Automotive and Industrial Data Security André Weimerskirch Cybersecurity for Cyber-Physical Systems Workshop April 23-24, 2012 Overview Introduction and Motivation Risk analysis Current and future security solutions Conclusions Communication

More information

The relevance of cyber-security to functional safety of connected and automated vehicles

The relevance of cyber-security to functional safety of connected and automated vehicles The relevance of cyber-security to functional safety of connected and automated vehicles André Weimerskirch University of Michigan Transportation Research Institute (UMTRI) February 12, 2014 Introduction

More information

Electronic Registration Identification (ERI)

Electronic Registration Identification (ERI) Electronic Registration Identification (ERI) Concept, architecture and current status Murcia, 18th June 2009 Overview The ERI standard User requirements Architecture Current status 2 Electronic Registration

More information

Secure software updates for ITS communications devices

Secure software updates for ITS communications devices Secure software updates for ITS communications devices - International Standardization Activity in ITU-T SG17 - Masashi Eto, Senior researcher, Cybersecurity laboratory, Network security research institute,

More information

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services 1. Computer Security: An Introduction Definitions Security threats and analysis Types of security controls Security services Mar 2012 ICS413 network security 1 1.1 Definitions A computer security system

More information

Security in Vehicle Networks

Security in Vehicle Networks Security in Vehicle Networks Armin Happel, Christof Ebert Stuttgart, 17. March 2015 V1.1 2015-04-28 Introduction Vector Consulting Services supports clients worldwide in improving their product development

More information

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for

More information

Lecture 7: Threat Modeling. CS 392/6813: Computer Security Fall 2007. Nitesh Saxena. *Adopted from a previous lecture by Nasir Memon

Lecture 7: Threat Modeling. CS 392/6813: Computer Security Fall 2007. Nitesh Saxena. *Adopted from a previous lecture by Nasir Memon Lecture 7: Threat Modeling CS 392/6813: Computer Security Fall 2007 Nitesh Saxena *Adopted from a previous lecture by Nasir Memon Course Admin HW 1 to 5 are graded; solutions provided HW6 being graded

More information

Electronic Logging Devices (ELD)s Reliability and Efficiency for Hours Of Service Enforcement CCMTA, June 16, 2015

Electronic Logging Devices (ELD)s Reliability and Efficiency for Hours Of Service Enforcement CCMTA, June 16, 2015 Bitte decken Sie die schraffierte Fläche mit einem Bild ab. Please cover the shaded area with a picture. (24,4 x 11,0 cm) Electronic Logging Devices (ELD)s Reliability and Efficiency for Hours Of Service

More information

Type Threats Origin. Destruction of equipment or media. Dust, corrosion, freezing. Climatic phenomenon. Seismic phenomenon. Volcanic phenomenon

Type Threats Origin. Destruction of equipment or media. Dust, corrosion, freezing. Climatic phenomenon. Seismic phenomenon. Volcanic phenomenon nnex C (informative) xamples of typical threats The following table gives examples of typical threats. The list can be used during the threat assessment process. Threats may be deliberate, accidental or

More information

International Working Group on Data Protection in Telecommunications

International Working Group on Data Protection in Telecommunications International Working Group on Data Protection in Telecommunications 675.42.10 4 April 2011 Working Paper Event Data Recorders (EDR) on Vehicles Privacy and data protection issues for governments and manufacturers

More information

Protecting Organizations from Cyber Attack

Protecting Organizations from Cyber Attack Protecting Organizations from Cyber Attack Cliff Glantz and Guy Landine Pacific Northwest National Laboratory (PNNL) PO Box 999 Richland, WA 99352 cliff.glantz@pnnl.gov guy.landine@pnnl.gov 1 Key Topics

More information

No Safety without Security

No Safety without Security 1 / 6 No Safety without Security Dr. Günther Heling, Vector Informatik GmbH Dr. Christof Ebert, Vector Consulting Services GmbH V0.91 2014-11-26 No Safety without Security Automotive Trends Vector Congress

More information

Risk Assessment Guide

Risk Assessment Guide KirkpatrickPrice Assessment Guide Designed Exclusively for PRISM International Members KirkpatrickPrice. innovation. integrity. delivered. KirkpatrickPrice Assessment Guide 2 Document Purpose The Assessment

More information

Introduction CHAPTER 1

Introduction CHAPTER 1 CHAPTER 1 Introduction Ever since the development of the first integrated circuits in the late 1950s the complexity of such devices doubled every 20 months. A development which has been anticipated by

More information

An OSGi based HMI for networked vehicles. Telefónica I+D Miguel García Longarón

An OSGi based HMI for networked vehicles. Telefónica I+D Miguel García Longarón June 10-11, 2008 Berlin, Germany An OSGi based HMI for networked vehicles Telefónica I+D Miguel García Longarón Networked Vehicle 2 Networked Vehicle! Tomorrow, the vehicles will be networked! Using Always

More information

Automotive Software Development Challenges Virtualisation and Embedded Security

Automotive Software Development Challenges Virtualisation and Embedded Security Automotive Software Development Challenges Virtualisation and Embedded Security 1 Public ETAS-PGA/PRM-E October 2014 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, Automotive

More information

Analyzing the Security Significance of System Requirements

Analyzing the Security Significance of System Requirements Analyzing the Security Significance of System Requirements Donald G. Firesmith Software Engineering Institute dgf@sei.cmu.edu Abstract Safety and security are highly related concepts [1] [2] [3]. Both

More information

Car Connections. Johan Lukkien. System Architecture and Networking

Car Connections. Johan Lukkien. System Architecture and Networking Car Connections Johan Lukkien System Architecture and Networking 1 Smart mobility, TU/e wide Cooperative Driving (platooning), A270: Helmond-Eindhoven, 2011 (Mechanical Engineering/TNO) Full electric:

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

Basics of Internet Security

Basics of Internet Security Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Vulnerability Scanning Part 1. Purpose. Subpart A. This guideline establishes the minimum technical standards for vulnerability

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

An Overview of NHTSA s Electronics Reliability and Cybersecurity Research Programs Paper ID 15-0454 Abstract

An Overview of NHTSA s Electronics Reliability and Cybersecurity Research Programs Paper ID 15-0454 Abstract An Overview of NHTSA s Electronics Reliability and Cybersecurity Research Programs Authors(s): Arthur Carter, David Freeman, and Cem Hatipoglu National Highway Traffic Safety Administration (NHTSA) Paper

More information

EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS

EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS Ian Green Manager, Cybercrime & Intelligence Commonwealth Bank of Australia Session ID: GRC T17 Session Classification: ADVANCED WHY? What keeps you

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,

More information

Perspectives on In-Vehicle Infotainment Systems and Telematics

Perspectives on In-Vehicle Infotainment Systems and Telematics Perspectives on In-Vehicle Infotainment Systems and Telematics How will they figure in consumers vehicle buying decisions? 2 Key trends shaping the automotive landscape What are the most important trends

More information

Defense in Cyber Space Beating Cyber Threats that Target Mesh Networks

Defense in Cyber Space Beating Cyber Threats that Target Mesh Networks Beating Cyber Threats that Target Mesh Networks Trent Nelson, Cyber Security Assessment Lead, Idaho National Laboratory Jeff Becker, Global Wireless Business Director, Honeywell Process Solutions Table

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Software development for safetyrelated automotive systems the MISRA guidelines and ISO 26262

Software development for safetyrelated automotive systems the MISRA guidelines and ISO 26262 Software development for safetyrelated automotive systems the MISRA guidelines and ISO 26262 Dr David Ward General Manager Functional Safety MIRA Ltd 2010 Agenda Motivations and challenges for system safety

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

The Human Factor of Cyber Crime and Cyber Security

The Human Factor of Cyber Crime and Cyber Security The Human Factor of Cyber Crime and Cyber Security Challenges: September 11th has marked an important turning point that exposed new types of security threats and disclosed how cyber criminals pursuit

More information

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

REGULATIONS FOR THE SECURITY OF INTERNET BANKING REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY

More information

How to Secure Your Environment

How to Secure Your Environment End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge

More information

Customer Experience. Silicon. Support & Professional Eng. Services. Freescale Provided SW & Solutions

Customer Experience. Silicon. Support & Professional Eng. Services. Freescale Provided SW & Solutions September 2013 Silicon Support & Professional Eng. Services Customer Experience Freescale Provided SW & Solutions Provide Valued Software, Support & Professional Engineering Services, Competitively 2 Customer

More information

Improving Fuel economy and CO 2 Through The Application of V2I and V2V Communications

Improving Fuel economy and CO 2 Through The Application of V2I and V2V Communications Ricardo 1 Improving Fuel economy and CO 2 Through The Application of V2I and V2V Communications Making Connected Vehicles Happen Karina Morley August 4, 2009 2 Background and Market Drivers There Are Three

More information

NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS

NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS André Groll, Jan Holle University of Siegen, Institute for Data Communications Systems {andre.groll,jan.holle}@uni-siegen.de

More information

Cybersecurity And The Automotive Industry

Cybersecurity And The Automotive Industry Cybersecurity And The Automotive Industry Dr Andrew Brown, Jr PE, FESD, FSAE, NAE Vice President & Chief Technologist Delphi 2014 Global Symposium on Connected Vehicles & Infrastructure April 21-23, 2014

More information

Compliance Services CONSULTING. Gap Analysis. Internal Audit

Compliance Services CONSULTING. Gap Analysis. Internal Audit Compliance Services Gap Analysis The gap analysis is a fast track assessment to establish understanding on an organization s current capabilities. The purpose of this step is to evaluate the current capabilities

More information

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote

More information

Chapter 6: Fundamental Cloud Security

Chapter 6: Fundamental Cloud Security Chapter 6: Fundamental Cloud Security Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,

More information

Advanced Safety. Driver Vehicle Interface Collision Avoidance & Mitigation Vehicle Communications. Helping industry engineer safe vehicles

Advanced Safety. Driver Vehicle Interface Collision Avoidance & Mitigation Vehicle Communications. Helping industry engineer safe vehicles SAE INTERNATIONAL Advanced Safety Standards & Resources Driver Vehicle Interface Collision Avoidance & Mitigation Vehicle Communications Helping industry engineer safe vehicles Driver Vehicle Interface,

More information

RUAG Cyber Security. More security for your data

RUAG Cyber Security. More security for your data RUAG Cyber Security More security for your data More security in cyberspace The RUAG Cyber Security Portfolio offers greater protection for your data through inspection, event analysis and decision-making

More information

ACEA PRINCIPLES OF DATA PROTECTION IN RELATION TO CONNECTED VEHICLES AND SERVICES

ACEA PRINCIPLES OF DATA PROTECTION IN RELATION TO CONNECTED VEHICLES AND SERVICES ACEA PRINCIPLES OF DATA PROTECTION IN RELATION TO CONNECTED VEHICLES AND SERVICES September 2015 INTRODUCTION We, the member companies of ACEA, are committed to providing our customers with a high level

More information

Overview TECHIS60241. Carry out risk assessment and management activities

Overview TECHIS60241. Carry out risk assessment and management activities Overview Information in all its forms is a vital component of the digital environment in which we live and work. The protection of information in its physical form is well understood but the protection

More information

Cyber Security for SCADA/ICS Networks

Cyber Security for SCADA/ICS Networks Cyber Security for SCADA/ICS Networks GANESH NARAYANAN HEAD-CONSULTING CYBER SECURITY SERVICES www.thalesgroup.com Increasing Cyber Attacks on SCADA / ICS Systems 2 What is SCADA Supervisory Control And

More information

Integration of QMS, SMS,

Integration of QMS, SMS, Integration of QMS, SMS, WMO/QM Task Team, 4th Meeting 20.-22. January 2015 / Gerold Fletzer DIESER TEXT DIENT DER NAVIGATION Since last meeting the world has changed: 2015 we are facing ISO 9001:2015

More information

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 Outline Infosec, COMPUSEC, COMSEC, and Network Security Why do we need Infosec and COMSEC? Security

More information

MAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 Revision 0

MAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 Revision 0 MAJOR PROJECTS CONSTRUCTION SAFETY SECURITY MANAGEMENT PROGRAM STANDARD HS-09 Document Owner(s) Tom Munro Project/Organization Role Supervisor, Major Projects Safety & Security (Canada) Version Control:

More information

White Paper How are thieves stealing modern vehicles?

White Paper How are thieves stealing modern vehicles? SECURITY WHITEPAPER How are thieves stealing modern vehicles? SBD/SEC/2288 1 Introduction Developments in vehicle security over recent years have made it increasingly difficult for thieves to steal vehicles

More information

Impact of Connected Automated Vehicles on Traffic Management Centers (TMCs)

Impact of Connected Automated Vehicles on Traffic Management Centers (TMCs) Impact of Connected Automated Vehicles on Traffic Management Centers (TMCs) Automated Vehicles Symposium 2015 Breakout Session Impact of Connected and Automated Vehicles on Traffic Management Systems and

More information

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013 2013 PASTA Abstract Process for Attack S imulation & Threat Assessment Abstract VerSprite, LLC Copyright 2013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

SECURITY RISK ANALYSIS AND EVALUATION OF INTEGRATING CUSTOMER ENERGY MANAGEMENT SYSTEMS INTO SMART DISTRIBUTION GRIDS

SECURITY RISK ANALYSIS AND EVALUATION OF INTEGRATING CUSTOMER ENERGY MANAGEMENT SYSTEMS INTO SMART DISTRIBUTION GRIDS SECURITY RISK ANALYSIS AND EVALUATION OF INTEGRATING CUSTOMER ENERGY MANAGEMENT SYSTEMS INTO SMART DISTRIBUTION GRIDS Christian HÄGERLING Fabian M. KURTZ Christian WIETFELD TU Dortmund University Germany

More information

Safety and security related features in AUTOSAR

Safety and security related features in AUTOSAR Safety and security related features in Dr. Stefan Bunzel Spokesperson (Continental) Co-Authors: S. Fürst, Dr. J. Wagenhuber (BMW), Dr. F. Stappert (Continental) Automotive - Safety & Security 2010 22

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency ENISA s Study on the Evolving Threat Landscape European Network and Information Security Agency Agenda Introduction to ENISA Preliminary remarks The ENISA report Major findings Conclusions 2 ENISA The

More information

Wireless Sensor Networks Chapter 14: Security in WSNs

Wireless Sensor Networks Chapter 14: Security in WSNs Wireless Sensor Networks Chapter 14: Security in WSNs António Grilo Courtesy: see reading list Goals of this chapter To give an understanding of the security vulnerabilities of Wireless Sensor Networks

More information

Vehicular Security Hardware The Security for Vehicular Security Mechanisms

Vehicular Security Hardware The Security for Vehicular Security Mechanisms escrypt GmbH Embedded Security Systemhaus für eingebettete Sicherheit Vehicular Security Hardware The Security for Vehicular Security Mechanisms Marko Wolf, escrypt GmbH Embedded Security Embedded Security

More information

Cybersecurity Awareness. Part 1

Cybersecurity Awareness. Part 1 Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat

More information

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014 Security Testing Vulnerability Assessment vs Penetration Testing Gabriel Mihai Tanase, Director KPMG Romania 29 October 2014 Agenda What is? Vulnerability Assessment Penetration Testing Acting as Conclusion

More information

Cyber Threats: Exposures and Breach Costs

Cyber Threats: Exposures and Breach Costs Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals

More information

BlackBerry 10.3 Work and Personal Corporate

BlackBerry 10.3 Work and Personal Corporate GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

INTERNET FOR VANET NETWORK COMMUNICATIONS -FLEETNET-

INTERNET FOR VANET NETWORK COMMUNICATIONS -FLEETNET- ABSTRACT INTERNET FOR VANET NETWORK COMMUNICATIONS -FLEETNET- Bahidja Boukenadil¹ ¹Department Of Telecommunication, Tlemcen University, Tlemcen,Algeria Now in the world, the exchange of information between

More information

Recall the Security Life Cycle

Recall the Security Life Cycle Lecture 7: Threat Modeling CS 436/636/736 Spring 2014 Nitesh Saxena Recall the Security Life Cycle Threats Policy Specification Design Implementation Operation and Maintenance So far what we have learnt

More information

U.S. DoD Physical Security Market

U.S. DoD Physical Security Market U.S. DoD Physical Security Market Technologies Used for DoD Applications June 2011 Table of Contents Executive Summary 7 Introduction 8 Definitions and Scope 9-11 Percentage of FY 2010 Total Budget Request

More information

TABLE OF CONTENTS INTRODUCTION... 1

TABLE OF CONTENTS INTRODUCTION... 1 TABLE OF CONTENTS INTRODUCTION... 1 Overview...1 Coordination with GLBA Section 501(b)...2 Security Objectives...2 Regulatory Guidance, Resources, and Standards...3 SECURITY PROCESS... 4 Overview...4 Governance...5

More information

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000 Issue Chair: Issue Sherpa: Dick Brown CEO EDS Corporation Bill Poulos EDS Corporation Tel: (202) 637-6708

More information

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri Automotive Ethernet Security Testing Alon Regev and Abhijit Lahiri 1 Automotive Network Security Cars are evolving Number of ECUs, sensors, and interconnects is growing Moving to Ethernet networks utilizing

More information

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives (Revised March 2012) Disclaimer: To the extent permitted by law, this document

More information

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting

More information

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO E MARITIME SAFETY COMMITTEE 95th session Agenda item 4 MSC 95/4/1 5 March 2015 Original: ENGLISH MEASURES TO ENHANCE MARITIME SECURITY Industry guidelines on cyber security on board ships Submitted by

More information

Chap. 1: Introduction

Chap. 1: Introduction Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today

More information

Connected and Automated Vehicles and the Cybersecurity Threat

Connected and Automated Vehicles and the Cybersecurity Threat Connected and Automated Vehicles and the Cybersecurity Threat How the Industry is Responding Dr Andrew Brown, Jr, PE, FESD, FSAE, NAE Vice President & Chief Technologist CAR Breakfast Briefing Series February

More information

Surviving the Ever Changing Threat Landscape

Surviving the Ever Changing Threat Landscape Surviving the Ever Changing Threat Landscape Kevin Jordan Cyber Security Specialist Dell GLBA FFIEC NCUA PCI HIPAA NERC CIP FISMA 700+ Percentage of U.S. adults who Federal named online and banking state

More information

How-To Guide: Cyber Security. Content Provided by

How-To Guide: Cyber Security. Content Provided by How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses

More information

BSc (Hons.) Computer Science with Network Security. Examinations for 2011/2012 - Semester 2

BSc (Hons.) Computer Science with Network Security. Examinations for 2011/2012 - Semester 2 BSc (Hons.) Computer Science with Network Security BCNS/09/FT Examinations for 2011/2012 - Semester 2 MODULE: WIRELESS NETWORK SECURITY MODULE CODE: SECU 3105 Duration: 2 Hours 15 Minutes Reading time:

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information

A STUDY OF THE APPLICABILITY OF ISO/IEC 17799 AND THE GERMAN BASELINE PROTECTION MANUAL TO THE NEEDS OF SAFETY CRITICAL SYSTEMS

A STUDY OF THE APPLICABILITY OF ISO/IEC 17799 AND THE GERMAN BASELINE PROTECTION MANUAL TO THE NEEDS OF SAFETY CRITICAL SYSTEMS A STUDY OF THE APPLICABILITY OF ISO/IEC 17799 AND THE GERMAN BASELINE PROTECTION MANUAL TO THE NEEDS OF SAFETY CRITICAL SYSTEMS EXECUTIVE SUMMARY March 2003 OF WORK CARRIED OUT FOR JRC ISPRA UNDER CONTRACT

More information

Connected Car Security: A Holistic, Proactive Approach

Connected Car Security: A Holistic, Proactive Approach EXECUTIVE BRIEF Connected Car Security: A Holistic, Proactive Approach Eric M. Friedberg Executive Chairman Well before a highly publicized Jeep hack last year raised C-suite and board-level concern over

More information

EBERSPÄCHER ELECTRONICS automotive bus systems

EBERSPÄCHER ELECTRONICS automotive bus systems EBERSPÄCHER ELECTRONICS automotive bus systems YOUR PARTNER FOR IN-VEHICLE NETWORKING DRIVING THE MOBILITY OF TOMORROW 2 AUTOmotive bus systems EBERSPÄCHER ELECTRONICS: THE EXPERTS IN AUTOMOTIVE BUS SYSTEMS

More information

Hardware Security Modules for Protecting Embedded Systems

Hardware Security Modules for Protecting Embedded Systems Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &

More information

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations

More information

Automotive (R)evolution: Defining a Security Paradigm in the Age of the Connected Car

Automotive (R)evolution: Defining a Security Paradigm in the Age of the Connected Car Automotive (R)evolution: Defining a Security Paradigm in the Age of the Connected Car Authors: Dr. Joerg Borchert, VP of Chip Card and Security ICs, Infineon North America Shawn Slusser, VP of Automotive,

More information

ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY

ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY E FACILITATION COMMITTEE 39th session Agenda item 7 FAL 39/7 10 July 2014 Original: ENGLISH ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE Measures toward enhancing maritime cybersecurity Submitted

More information

TRW Automotive 2012. TRW Automotive Profile 2012

TRW Automotive 2012. TRW Automotive Profile 2012 TRW Automotive 2012 TRW Automotive Profile 2012 Company Profile Headquartered in Livonia, Michigan, US More than 60,000 employees / contractors worldwide Balanced global presence, with approximately 185

More information

Submitted at: http://www.regulations.gov/#!submitcomment;d=nhtsa-2014-0108-0001

Submitted at: http://www.regulations.gov/#!submitcomment;d=nhtsa-2014-0108-0001 December 8, 2014 Docket Management Facility U.S. Department of Transportation 1200 New Jersey Avenue SE. West Building Ground Floor, Room W12-140 Washington, DC 20590-0001 Submitted at: http://www.regulations.gov/#!submitcomment;d=nhtsa-2014-0108-0001

More information

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...

More information

Developing an Architectural Framework towards achieving Cyber Resiliency. Presented by Deepak Singh

Developing an Architectural Framework towards achieving Cyber Resiliency. Presented by Deepak Singh Developing an Architectural Framework towards achieving Cyber Resiliency Presented by Deepak Singh Presentation Content Cyber Threat Landscape Cyber Attack and Threat Profile Cyber Threat Map Cyber Security

More information

Introduction. Industry Changes

Introduction. Industry Changes Introduction The Electronic Safety and Security Design Reference Manual (ESSDRM) is designed to educate and inform professionals in the safety and security arena. The ESSDRM discusses trends and expertise

More information