design, build, drive - think...

© 2015 IBM Corporation

Design, build, drive Ensure safety and security throughout the entire lifecycle process of a connected vehicle

Dr. Sebastian Wedeniwski IBM Distinguished Engineer, CTO Automotive Industry

© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry

IT Security for Vehicles Conference – Why IBM? What do you think about IBM?

2


The traditional IBM business might be known…

3

Geographies

North America

Europe

Japan

Growth Markets

Sales & Distribution

Global Business Services

Business Units

Software Group

Global Technology Services

Systems & Technology Group

Public

Communications

Sectors

Distribution

Financial Services

Industrial

General Business

IBM is known for: !  IT products across industries

! Hardware for data centers

! Software like Middleware, Analytics, Information Management, Development tools, Systems Management, …

! Building IT solutions based on enterprise systems


The IBM era of now is defined by three shifts

4

SHIFT 1Data is becoming the world’s new natural resource, transforming industries and professions.

SHIFT 2The emergence of cloud is transforming IT and business processes into digital services.

SHIFT 3Mobile and social are transforming individual engagement – creating expectations of security, trust and value in return for personal information.

OUR POINT OF VIEWData is the new basisof competitive advantage.

OUR POINT OF VIEWCloud is the path to new business models.

OUR POINT OF VIEWA systematic approach to engagement isnow required.

What IBM is making of this moment:

!  Transforming industries and professions with data.

!  Remaking enterprise IT for the era of cloud.

!  Reimagining work through mobile and social technologies.

!  Rethinking the challenge of security.

!  Creating new infrastructure for a new era.


Enterprise innovation in the new era of Automotive & Mobility

5

IBM CAMSS (Cloud, Analytics, Mobile, Social, and Security) is the invisible Internet of Things foundation to transform and differentiate Connected Vehicle business of IBM’s clients.

✓ New Business Models ✓ Scalable Operation ✓ Integration

IBM Connected Vehicle Services Platform


Enterprise innovation in the new era of Automotive & Mobility

6

IBM CAMSS (Cloud, Analytics, Mobile, Social, and Security) is the invisible Internet of Things foundation to transform and differentiate Connected Vehicle business of IBM’s clients.

✓ New Business Models ✓ Scalable Operation ✓ Integration

IBM Connected Vehicle Services Platform

Focus of today


IBM Security Strategy

7

Buyers

CISO, CIO, and Line-of-Business Deliver a broad portfolio of solutions differentiated

through their integration and innovation to address the latest trends

HELP!

Key Security Trends

Advanced Threats

Skills Shortage

Cloud Mobile and Internet of Things

Compliance Mandates

IBM Security Portfolio

Strategy, Risk and Compliance Cybersecurity Assessment and Response

Security Intelligence and Operations

Advanced Fraud

Protection

Identity and Access

Management

Data Security

Application Security

Network, Mobile and Endpoint

Protection

Advanced Threat and Security Research

Support the CISO agenda 1

Innovate around megatrends 2

Lead in selected segments 3


What is secure by design in IT? What would be secure by design in the automotive industry?

8

Secure by Design is about designing the right level of safety and security into a solution, and address safety and security throughout the solution lifecycle.

Secure Engineering is at the core of Secure by Design. Its goal is producing predictably secure software.

http://www.redbooks.ibm.com/abstracts/redp4641.html


Set of essential IT development practices exist

9

Risk Assess & Threat

Modeling

Security Reqmts

Secure Coding

Security Document

Security Tes<ng

Incident response

Project Planning

Development Supply Chain

Source: IBM Secure Engineering Framework

Development Process and Lifecycle

Deployment Lifecycle

External Standards / Compliance Frameworks Links

ISO 27001 Informa(on Security Mgmt System h5p://www.iso.org/iso/home/standards/management-‐standards/iso27001.htm

ISO 27002 Code of Prac(ce-‐Security h5p://www.iso.org/iso/catalogue_detail?csnumber=54533

ISO 27018 Code of Prac(ce-‐Handling PII / SPI (Privacy) h5p://www.iso.org/iso/catalogue_detail?csnumber=61498

ISO 29101 Privacy architecture framework h5p://www.iso.org/iso/catalogue_detail?csnumber=45124

IEC 62443 Industrial Network and System Security

ISO/IEC 9797-‐1 Security techniques – Message Authen(ca(on Codes

CC Common Criteria for Informa(on Technology Security Evalua(on h5p://www.commoncriteriaportal.org/

CJIS US Criminal Jus(ce Info Security h5p://www.[i.gov/about-‐us/cjis/cjis-‐security-‐policy-‐resource-‐center

FedRAMP US Federal Risk and Authoriza(on Program h5p://www.fedramp.gov/

FISMA US Federal Informa(on Security Management Act h5p://www.dhs.gov/federal-‐informa(on-‐security-‐management-‐act-‐fisma

FIPS Federal Informa(on Processing Standards h5p://www.nist.gov/itl/fips.cfm

FFIEC US Federal Financial Ins(tu(ons Examina(on Council h5p://www.ffiec.gov/

HIPAA US Healthcare Informa(on Portability and Accountability Act h5p://www.hhs.gov/ocr/privacy/

O-‐TTPS Open Group Trusted Technology Provider h5p://www.opengroup.org/accredita(on/o-‐5ps

PCI-‐DSS Payment Card Industry h5ps://www.pcisecuritystandards.org/

SSAE16 Statement on Standards for A5esta(on Engagements h5p://ssae16.org/

SOC2 Service Organiza(on Control Reports h5p://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/AICPASOC2Report.aspx

Safe Harbor US-‐EU Safe Harbor Framework US-‐Switzerland Harbor Framework

h5ps://safeharbor.export.gov/list.aspx

Examples of diverse standards


For example The concept of security risk assessments can be adapted for vehicles

10

Components: ・Communica<on ・Connec<on I/F

Use Case Descrip<ons

Major Vulnerabili<es

Examples of Malicious Actors & Assumed Threats AZack

Scenarios (black & white box)

Affected Resources

Importance of protected resources = Probability of attacks Severity of impact x Risk

Security Requirements

Inventory of systems a.  On board b.  Infrastructure c.  Support and service

Characterization of systems a.  Functionality b.  Data access and privileges c.  Provenance

x

Characterization of threats a.  Attack types b.  Logical attackers c.  Likelihood

Characterization of impact a.  Safety b.  Functionality c.  Privacy d.  Financial

Mi<ga<on Plan

Mitigation Actions "  Modified design "  Modified coding practices "  Modified configuration "  Use of alternate technologies "  Improved documentation "  Additional tests

BUT threat analysis is like focus on sickness and not focus on “wellness” (ongoing integrity of the whole system)


What is the entire lifecycle process of a connected vehicle? It is NOT the traditional product creation process in automotive industry

11

http://www.ipa.go.jp/files/000033402.pdf

Internet is a feature of the connected cars

Source:

Pre- development

Series development

Module fabrication

Module assembly

Vehicle assembly

Source: Mercer Value Creation Model 2015

64%

36%

68%

32%

90%

10%

87%

13%

4%

96%

S2 S3 M C1 S1

Multi-organization Supply Chain and Fulfillment Systems from multiple suppliers (Sn) to manufacture (M) delivered to consumers (Cn)

s21 s31 c11 • Asset Control ? • Accountability?

Supplier

OEM


Assuming the in-vehicle architecture will be solved to create a platform to secure application and communication…

12

Source: OVERSEE – An open and secure application and communication platform


…assuming product design and build can be secured in the wide range of threats from local, remote and supply chain…

13

Software Development

Infotainment SW Supply Chain

Vehicle Support

Enterprise Suppliers Consumer

Manufacturing Systems

Internet Internet

Vehicle Maintenance

ECU SW Supply Chain

Asset Actor

Technology Policy/ Process


…a designed secure infrastructure for vehicles as we know today…

14

LTE Network

Infrastructure (V2I) & Vehicle (V2V)

Connected Home Maintenance Services

Automaker’s Network

Connected Car

Music, video, weather news, apps, traffic/nav

App Stores 1

Remote Services 2

Telematics 3

Policy Monitoring 4

Adv Diagnostics 5

Vehicle Updates 6

Connected Home 7

Smartphone / Tablet

5

5 2

6 1

4 7

3 2

Engineering (R&D)


…then still other security models are needed in the broader scope of connectedness which is not equal to security in the sense of V2V, V2X, built into, bring into devices

15

Internet is a feature of the connected cars

Vehicle as an integral part of the customer’s personalized network

Different Security Models

Source: http://blogs.hbr.org/2014/10/the-sectors-where-the-internet-of-things-really-matters

Source: IBM Institute for Business Value “Driving security: Cyber assurance for next-generation vehicles”


The IBM model for the Internet of Things

16

At IBM, we’ve created a model of the IoT that’s useful for understanding the security threats at various data flow and control transition points.


The Internet of Things brings a range of threats and attack vectors.

17

A.  Password attacks B.  Web application vulnerabilities C.  Rogue clients / malicious firmware D.  Man in the middle attacks E.  Information gathering / data leakage /

eavesdropping F.  Command injection and data corruption

Things

Local network

Global network

Cloud service

Controlling device

A

A

B

A

A

B

B

D

D

D

C

C

F

E

E

E


Will one unified security model work for anomaly detection?

18

!  Unified security operation for prompt response and continuous improvement –  Building on top of security policy –  Scalable security monitoring – Multiple mode of operation (normal, cyber-attack, disaster etc) – Consideration of privacy

Unified Security

Operations

Operations Manufacturing

Development

Services

Secure provisioning

Secure by design (from requirements to test)

Security monitoring

Security monitoring

External threats

Internal threats

Robots, servers and data centers

Mobile devices, laptops and PCs

Internet, Web pages and Apps

Connected Vehicles

Infrastructure and Networks


Integrated Security Operation Center as a Unified Security Operations Overlaps of R&D and IT responsibilities

19

Threat Response Level 2 Event Analysis Escalations Incident Management on premise

Structured (IT Transactional Logs) Probe Data (Vehicle) Unstructured (Big Data)

IT Operations

Service Mgmt Health checking Monitoring

Threat Monitoring

L1 Threat Analysis L1 Triage Dedicated Team 24x7

SOC Service Delivery Management Governance, Service Level Management, Service Reporting, Security Policy Recommendations, Escalation

SOC / SIEM Platform Components Security Device Data, Event Data (Int./Ext.) Event Patterns Correlation Aggregate Security Events Log Data (Transactional) Unstructured Data (Big Data) Custom Rules

Emergency Response Team

Cyber-Security Command Center (CSCC) Executive Security Intelligence Briefings Correlation Rule Design Local Reg. Security Oversight Consolidated Monitoring/Security Metrics Governance Local/Reg. Intel. Briefings

SOC Platform

May be combined depending on requirements

Security Intelligence Internal Anomaly / External news / New Use Cases

SOC/SIEM Admin. Support Services

Tool / Log Integration Operational Reporting Dashboards Rule Administration Device Administration

CSIRT Management

Maintain Playbook Manage Incident Resp.

Data Sources

SIEM Tool (IT & Vehicle)

Ticket Tool (e.g. Remedy)

Portal / Help Desk Integration Tools Reporting /

Dashboard Big Data (e.g. Hadoop)

SOC Operations

User Support

Incident Mgmt Acceptance Q&A Mgmt

Vehicle Operations

Health checking Monitoring

Legend

SOC/SIEM

IT

Vehicle


IBM X-Force® delivers expert analysis and threat intelligence

20

Client Side Attacks

Botnets

Buffer Overflow Attacks

Distributed Denial of Service (DDoS)

SQL Injection

Backdoors

Cross-site Scripting (XSS)

Malicious Content

Protocol Tunneling

Reconnaissance

Trojans

Worms

Exploit Toolkits

Peer-to-Peer Networks

IBM Security Operations Centers and Security Products

Sharing real-time and anonymized threat intelligence


IBM Security has global reach

21

monitored countries

service delivery experts

devices under contract +

endpoints protected +

events managed per day +

IBM Security by the Numbers

+

+


An integrated, unified architecture delivered in a single console

22

Log Management

Security Intelligence

Network Activity

Monitoring

Risk Management

Vulnerability Management

Network Forensics


Answering questions to help prevent and remediate attacks

23


Anomaly detection inside the vehicles is a special case

24

Cellular/ WiFi

MQTT client

Compres. engine

Minimized anomaly detector

In cloud: Context-‐based anomaly detec(on. Correlates loca(on, speed and other proper(es of neighboring vehicles to determine reports reliability.

In-‐vehicle agent

RAE2

Context based anomaly detector

Regional Analysis Engine

Decomp. engine

MQTT client

In-‐Vehicle: minimal rule-‐based anomaly detector that accommodates the limita(ons (resources, perspec(ve) -‐  Filtering needed but research challenge -‐  Source of data/event is difficult to iden(fy on CAN -‐  End-‐to-‐end from sensor raw data to back end can’t be implemented without partnerships

Extensive Data Sources


In Summary: The Emergence of Connected Ecosystems

25

Traditional industry verticals limit opportunity. Companies must reconstitute their value propositions based upon their customer value chain and plan a broader more integrated approach across multiple verticals

Hos

pita

l

Hot

el /

Lodg

ing

Res

taur

ants

/ N

ight

club

s

Even

t Pla

nnin

g

Them

e Pa

rks

Cru

ise

Line

Tour

ism

Hos

pita

l Sys

tem

s

Phys

icia

n G

roup

s

Aca

dem

ic M

edic

ine

/

Ret

ail

Ener

gy/U

tiliti

es

Hot

el /

Lodg

ing

Medi

a/En

tert

ainm

ent

Tran

spor

tatio

n

Cons

umer

Elec

troni

cs

Hea

lthca

re

Publ

ic S

ecto

r

Phar

mac

eutic

al

Aer

ospa

ce &

Def

ense

Oil

& G

as

Cons

umer

Pac

kage

d Go

ods

Fina

ncia

l Ser

vice

s

Traditional Industry Verticals

Products

Services

Solutions

Evolving Solutions Based Ecosystems

IBM Bluemix


Stay connected with IBM Security

26

Visit the IBM Security Intelligence Website

Watch the videos on the IBM Security Intelligence YouTube Channel

Read new blog posts SecurityIntelligence.com

Follow us on Twitter @ibmsecurity

© 2015 IBM Corporation Dr. Sebastian Wedeniwski, IBM Distinguished Engineer, CTO Automotive Industry © 2014 IBM Corporation

IBM Security Systems

27

www.ibm.com/security

© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

www.ibm.com/security

© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

design, build, drive - think...

Documents