Notice: This site is being updated as of July 1, 2021. We look forward to updating you on all of the exciting initiatives we have, so please check back regularly! – Joby
As vehicles become increasingly connected and software-powered, GENIVI recognizes an emerging need for a comprehensive, end-to-end security model. The GENIVI Security Team looks at automotive cybersecurity holistically and delivers guidelines, research, and education that help build, deliver and manage more secure vehicles in the future.
Security Team Charter
The Charter of the GENIVI Security Team is to:
- Assemble emerging automotive cybersecurity challenges/solutions/standards and inform stakeholders through published guidelines, briefs, webinars and event presentations
- Equip stakeholders to understand and use methods and models for identifying and mitigating cybersecurity attacks on a vehicle
- Deliver education that equips software developers and architects with an understanding of typical approaches for attacking a vehicle and with methods of mitigating those attacks with sound software development methods and testing
- Advise GENIVI software development activities to deliver more secure solutions for the connected vehicle.
Getting Involved / Learn More
Security Team Chair: Joby Jester (to be confirmed shortly)
Security Team Co-Chair Lead: Jennifer Dukarski dukarski@butzel.com
Security Team Co-Chair 2nd: Brandon Barry brandon@blockharbor.io
Marketing & GENIVI: michael nunnery MikeNunnery@comcast.net
Team Meetings occur every other Thursday at 10:00am US Eastern Time
Next Meeting: August 19, 2021, 1600 CEST, 1000 EDT, 0700 PDT.
https://us06web.zoom.us/j/87394558934?pwd=OHZ3UHJCM1Q0K1Q4M05RTWJGQU9odz09
One-Page Slide To Promote Security Team: Note: Joby's email has changed
Current Security Team Project Initiatives & Discussions
- Data Classification
- Vehicle Spoofing
- UNECE WP 29
- Description Language
- Security Tools
- Upcoming Security Conferences & Workshop Presentations & Speaking Opportunities
- ISO 21434 Updates
- Cybersecurity Executive Order (related to White House statements on 5/12/2021)
Recent Activities, Reports & Deliverables
- MoRA Presentation for GENIVI Sec Team
- Planning the creation of Security Evaluation Framework based on MoRA methodologies
- 2019 All Member Meeting – (see multiple security-related topics on 5/16 and 5/17 schedule)
- 2018 All Member Meeting – (see multiple security-related topics on 4/19 schedule)
- Technical Brief: Certificate Pinning (with Cloakware/Irdeto)
- White Paper: Man in the Middle Attacks and Secured Communications
- Webinar: How to Secure the Connected Vehicle Ecosystem (Presentations by Uber and Irdeto)
- “Automotive Cybersecurity Literature Review,” a report illuminating crucial research gaps
- “Automotive Industry Guidelines for Secure Over-the-Air Updates,” a document for assisting automotive manufacturers and others involved in evaluating platforms for secure updates
- An Exchange zero day vulnerability.pdf (discussed on March 4, 2021 security team call)
- SPECIAL ADVISORY: https://threatpost.com/microsoft-exchange-zero-day-attackers-spy/164438/
- Executive Order on Improving the Nations Security: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
- Other
Past Activities & Deliverables
Upcoming Events
- (October 5-8th, 2021 - Virtual All Member Meeting and Security Team Workshop) (Link is TBD)
- The GENIVI Security Team is currently seeking speakers, panelists and moderators for this event along with compelling topics/content. If you are interested in submitting a proposed topic or participating on a panel please contact Mike Nunnery (GENIVI Marketing Manager) at MikeNunnery@comcast.net
- (November 16-17, 2021 - LIVE in Novi, MI) TU Automotive Tech Week (GENIVI Networking Event Link is TBD)
- (January 5, 2022 - LIVE in Las Vegas) Connect2Car at CES2022 (link is TBD)
- (January 5, 2022 - LIVE in Las Vegas at Bellagio Hotel) GENIVI Networking Reception & Showcase at CES2022 (link is TBD)
Note: For TU Automotive Events you can use 25% discount code "GENIVI25"
Past Events
- (June 8-10, 2021 - Virtual) TU Automotive FOCUS: Connected Vehicle Commerce
- (May 17-21, 2021 - Virtual) TU Automotive FOCUS: Software Defined Vehicles
- (May 6, 2021 - Virtual) GENIVI Virtual AMM & Cybersecurity Workshop (see content from workshop below)
Meeting Minutes
Recorded Cybersecurity Talks
TITLE (Cybersecurity Workshop Track from October 7, 2021 All Member Meeting) | VIDEO LINKS | SLIDES | SPEAKERS |
Title: GENIVI Security Team Overview: Abstract: GENIVI's Automotive Cybersecurity team lead provides the audience with an overview of the GENIVI cybersecurity team initiatives, how you and your organization can become engaged, and lastly what to look forward to in today's cybersecurity workshop track |
| Joby Jester, (GENIVI Cybersecurity Team Lead/Capgemini) | |
Keynote Title: Creating cybersecurity problems through regulation Abstract: There have been a number of regulations in the vehicle space which have created a number of cybersecurity headaches. From the original ODB port to the recent ELD mandate for trucks more and more connectivity is being mandated with little regard for cybersecurity. Where are we now? What is coming next? What should we be looking for to help avoid the problems coming our way? |
| Creating Cybersecurity Problems Through Regulation.pdf | Urban K. Jonson, (National Motor Freight Traffic Association, Inc) |
Title: Fall 2021 Regulatory and Compliance Update Abstract: Cybersecurity and privacy concerns have dominated the news cycle in recent months. We’ve seen everything from the White House and Congress responding to ransomware payment issues to home EV chargers replete with security vulnerabilities. Join the Butzel team to hear the latest changes including regulations, requirements for critical infrastructure, Executive Orders, guidance, and draft bills. We will discuss the issues you need to be prepared for to promote a culture of compliance while meeting new incident reporting obligations and ransom payment guidance. |
| Claudia Rast & Jennifer Dukarski (Butzel Long) | |
Title: Counterfeit Modules, Right to Repair, and Cybersecurity Plans, Challenges and Opportunities Abstract: Current state of the art allows secure boot of a small subset of modules on the vehicle bus while allowing diagnostic access with very few restrictions. We will explore ways to build a stronger foundation for security, safety, and reliability while sharing the right data and allowing the right R2R! |
| Chad Childers (Privafy) | |
Title: Making Sense of Security Testing for ISO/SAE 21434 Abstract: Fuzz Testing? Pen Testing? Vulnerability Scanning? Functional Testing? Verification Testing? Whether you're an automaker or supplier, you'll inevitably need to get comfortable with security testing as ISO/SAE 21434 permeates the automotive supply chain. In this talk, we'll walk through each type of testing to discuss what it is, why it's done, and when/how to do it. Finally, we'll end this talk with a few recommendations for ways you can get ahead of the curve and start thinking about automating cybersecurity testing for ISO/SAE 21434 |
| Brandon Barry, (Block Harbor Cybersecurity) | |
Title: Cybersecurity Challenges and Implications in C-ITS Abstract: ITS ecosystems are the dominant solution to networks' saturation as they provide several benefits. They contribute to congestion reduction, limitation of emissions and air pollution, avoidance of unexpected incidents on the road, and transportation efficiency. However, deploying interconnected Intelligent Transport Systems creates several challenges, mainly in terms of safety and cybersecurity. During this session, the current situation will be presented and discussed, focusing on challenges and issues that need to be studied to address the growing needs of the ICT infrastructure. |
| Gilad Bandel (Arilou Automotive Cybersecurity) | |
Cybersecurity Staffing Challenges/Wrap-Up Abstract: The GENIVI Security Team Lead, Joby Jester wraps up the talks for today and provides additional industry insight and upcoming automotive cybersecurity event opportunities |
| Joby Jester (GENIVI Cybersecurity Team/Capgemini) |
Title (GENIVI Security Team Workshop May 6, 2021) | ||
GENIVI Security Team Overview Speaker: Joby Jester, Solutions Architect at Irdeto and GENIVI Security Team Lead Abstract: Welcome everyone, About the GENIVI Automotive Cybersecurity Team, How to get involved and engage with the team, and lastly what the agenda for the day will be | Recorded Session | |
On Transforming Automotive Cybersecurity: Bridging gaps, Opportunities, and Diversity Speaker: Ikjot Saini, Academic Director ASRG And Assistant Professor Academic Network | Recorded Session | No slides for this session |
The Implications of Biometric Data in the Vehicle Speaker: Jennifer Dukarski, Emerging Technology, IP and Media Litigation at Butzel Long Abstract: Biometric data includes physical or behavioral human characteristics that can be used to digitally identify a person to grant access to systems, devices or data. In terms of biotechnology in the car, researchers proclaim “give me 10 biometric sensors in the car and I’ll revolutionize healthcare.” But collecting this data comes with a price: enhanced security and privacy protections and regulations. This discussion will look at how global and local legal and regulatory frameworks impact the design, collection, and use of this potential treasure trove of data. This topic will:
| Recorded Session | |
Navigating the Current Threat Environment Fireside: Claudia Rast, Department Chair Cybersecurity at Butzel Long, and Scott Bailey Partner at N1 Discovery | Recorded Session | |
OpenXSAM Speakers: Dirk Leopold, Regional Director at itemis AG, Brandon Barry CEO at Block Harbor Cybersecurity Abstract: Wouldn’t it be nice if you could export cybersecurity data from your TARA tool and import it into your requirement management platform or verification environment? One of the biggest challenges in automotive security is building cohesion between tools to speed up cybersecurity engineering. https://openxsam.io seeks to achieve this by building an open format to exchange security information for vehicles. In this talk, Itemis will give you an introduction to openXSAM and how it’s used by their TARA platform. Then, Block Harbor will talk about how they envision their integration of openXSAM into their automotive verification environment. You’ll walk away from this talk with new ideas on how you can create a seamless integration between your tools to make your vehicle cybersecurity engineering more efficient and more effective. | Recorded Video | |
Break with the ASRG introduction Video | ASRG Video | |
V2X / Cloud Managed Services Security Trends: Speakers: Brandon Barry, Joby Jester Abstract: Explore the trends of Automotive Cybersecurity brought to you by ASRG Leadership and the GENIVI Security Team. Chat about the near and far challenges for AV, EV, Mobility, and beyond! Tune in, sit back, and have a chat with us! | Recorded Session | |
Network Micro-Segmentation Cloaking Technology for Autonomous Vehicles Speaker: Will Hill, Security Technologist at CuDes, and Greg Shields, Director at NetFoundry Abstract: In this talk, we discuss a zero-trust cybersecurity solution that prevents remote access to any software app by hiding the internet connection to this app. Because a hidden-, cloaked-, dark-connection is used, the attack hackers cannot find what does not exist. A user can also implement micro-segmentation such that one software app can only talk to one other software app. The software app can be in the cloud or one app of many apps running on any device with an application processor. Simply put, any app which calls to the internet will be completely hidden from remote access. This is all orchestrated from the cloud as a 100% software solution and no hardware is involved whatsoever. It is free to prototype, right now, via the open-source community. | Recorded Session | NetworkMicroSegmentation_Day 3_Slides |
Automotive Security Hacking & Protection Practice Pre-Recorded: Vincent Zhang - Senior Security Architect at Tencent Abstract: Since the globally recognized “Tesla Model S remote hacking” public research in 2016, Tencent Security Keen Lab has conducted more than 30 connected vehicle security research projects with industry-leading OEMs. This presentation will illuminate common automotive security threats and attack chains based on our rich research experience, as well as mitigation & protection best practices. | Automatic Security Hacking & Protection Practice | No slides for this session |
Automotive Ethernet Specific Cybersecurity Protection Solutions with IDS/IPS) Speaker: Gilad Bandel, VP Product & Marketing at Arliou Automotive Cybersecurity Abstract: The automotive industry is swiftly moving towards automotive Ethernet as the new in-vehicle network core. This technology comes with many new features and benefits, but it also comes with numerous legacy risks from the traditional IT Ethernet landscape, as well as from new, error-prone software that is developed. Automotive Ethernet risks need to be mitigated, with security and protection incorporated into new devices. This lecture will detail solutions to address and mitigate those threats and focus on IDS/IPS required functionality. | Recorded Session | No slides for this session |
Previous GENIVI Virtual Cybersecurity Talks
Titles from Oct 28th Cybersecurity Workshop during AMM | Video Links / Session Playback | Slides |
---|---|---|
GENIVI Cybersecurity Industry Focus | Recorded Session | pptx |
Cybersecurity Industry Focus by Strategy Analytics | pptx | |
An Alternative Universe without Collaboration | Recorded Session | pptx |
Data Privacy for Automotive | Recorded Session | |
ISO 21434 / UNECE WP.29 Update w/OEM Partners | Recorded Session | |
Increased Complexity of Cybersecurity Controls Due to Consolidation of Connected Modules | Recorded Session | |
Perception vs. Reality: How Lack of Collaboration Leads to False Perceptions By Media And Academia | Recorded Session | |
Vehicle Forensics - Digital Evidence from infotainment Systems |
Recent space activity