cybersecurity: process to solutions

Visteon Confidential

Cybersecurity: Process to Solutions

Srini AdirajuHead of Cybersecurity

2

Agenda

• Foundation of cybersecurity• People• Process• Solutions

• Field monitoring and responding immediately to threats

• Resolving security flaws in a speedy and efficient manner to increase consumer confidence in auto brands

Visteon Corporation proprietary

Broadest Cockpit Electronics Portfolio in the Industry

3

Complete and Innovative Portfolio Positions Visteon for Continued Growth

Instrumentclusters

ARWindshield

HUD

Displays

InfotainmentV2X

CockpitDomain Controller

1 24

ADASDomain Controller

Artificial Intelligence

Cybersecurity

Cloud

33


Cybersecurity – Market Trends

Automotive Industry is Going Through a Huge Transition

• Extensive use of open source software • Low powered MCUs• Dealer tools • Networked services• Increasing threat surfaces• Increasing number of ECUs• IOT explosion• Data privacy• Connected cars/devices• Software updates, certificate management• Car sharing• Autonomous/ADAS car • Research focus on automobiles

4

• Wireless• Bluetooth• NFC• Radio data system• TCP/IP network• Cellular• CarPlay/Android Auto/smartphone integration• Dealer tools• SDCard/USB/hardware devices


Industry Challenges Increasing Threats

5

Automotive Industry Trends

Analog Hybrid Digital


6

Electronic Control Unit (ECU) Consolidation

SmartCoreTM Domain Controller

Application processor

Operating system

Instrument clustersoftware stack

Vehicle informationprocessor

Application processor

Operating system

SWService

SWService

SWService

HMI

Multi-core processor

Hyp

ervi

sor

ClusterOS

InfotainmentOS

HMI

Cluster SW SW SW

All-Digital Instrument Cluster

ECU #1

Central Information Display (CID)

ECU #2

Vehicle informationprocessor

2-D / 3-D graphics 2-D / 3-Dgraphics


End-to-End Secure Development Life Cycle7

Secure Development Life Cycle

Requirements

• Security requirements

Architecture and Secure Design

• Threat analysis and risk analysis

Feature Development and Test Plans

• Security tests

Code Analysis

• Code review and static code analysis

• Security operations

Validation

• Network and fuzz testing

• Internal pen testing

• Pen testing• Security

operations

Field Operations


operations


8

ECU Threat Analysis


ECU Security

• Secure hypervisor• HSM and SHE modules• Secure boot • Verified file system• Hardened kernel• Secure OTA• TLS/IPSec for TCP/IP communication• Network firewalls• Certificate management

Multi-Layered Security4

ECUSecure system

***

Secure applications

Secure boot

Authentication &verification

Secure hardware

Secure network

4K

4K4K4K 4K

4K

4K4K4K 4K 4K4K

Secure Layers Security Architecture


End-to-End Secure Development Life Cycle10

Secure Development Life Cycle

Requirements

• Security requirements

Architecture and Secure Design

• Threat analysis and risk analysis

Feature Development and Test Plans

• Security tests

Code Analysis

• Code review and static code analysis

• Security operations

Validation

• Network and fuzz testing

• Internal pen testing


operations

Field Operations


operations


11

Open Source Software Vulnerabilities and Common Database

https://nvd.nist.gov/


12

Incident Response Process


Start of Production

Detection of the Incident

Data Collection

andAssessment

Threat Analysis and Risk

Assessment

SoftwareUpdate

• Event reporting• Penetration testing• Bug bounty• Scanning vulnerability

databases

• Bill of materials− Software− Hardware

• Code archive process

Severity Classification

Communication

Cybersecurity – Incident Response

• Incident reporting mechanism• Dedicated team

• Information collection and assessment• Hardware and software bill of materials

• Treat the information with confidentiality• Possible information security incident?

• False alarm• Information collection• Assessment• Incident categorization and severity classification

• Solutions• Short-term• Long-term• Deployment campaigns


Security Comes with Cost

• SOCs with different capabilities, different solutions, multiple ECUs• Increased hardware and software costs• Changes to manufacturing process, tools, EOL testing, etc.• Software and hardware testing tools.• New technologies, new network topologies

• Increased boot time

• Signing infrastructure, factory integration


15

Multi-Layered Cybersecurity: Process to Solutions


SECURE SYSTEMSSecure software updates

(FOTA, USB)Secure programming/diagnostics

Secure networkSecure manufacturing

methods

PROCESSJ3061 secure dev life cycle

Secure manufacturing processField monitoring

SECURE HARDWAREHardware security modules

Secure hardware extensionsOne time programmable memory

JTAG protection

SECURE SOFTWARESecure boot / application protection

Secure communicationSecure storage/access controls Trusted execution environment

Secure hypervisor multi OS

ECU