Episodit
-
Episode Summary:
In this episode, John speaks with a cybersecurity expert Karl Schlaugh about the rising cyber threats in the automotive industry, the challenges of securing vehicles, and the impact of regulations on automotive cybersecurity. They discuss various attack vectors, the importance of patch management, and the role of regulations in enhancing vehicle security.
Key Takeaways:Cybercriminals target the automotive supply chain to amplify their reach.The automotive industry's long patch lifecycle makes it a lucrative target for cybercriminals.Regulations like UN ECE 155 and 156 are positively impacting automotive cybersecurity by requiring vulnerability management and encouraging transparency.The rise in cyber attacks on the automotive industry underscores the need for improved security measures and continuous monitoring.
Quotes:"Cybercriminals always follow money. If you have malware running in a supplier, then you amplify your targets." - Karl Schlaugh"The patch lifecycle in automotive is a hell of a lot longer, which is a good thing for cybercriminals." - Karl Schlaugh"Regulations like UN ECE 155 and 156 are encouraging vulnerability management and transparency, which is very positive." - Karl Schlaugh
Timestamps:(10:35) The long patch lifecycle in the automotive industry(16:50) Impact of regulations on automotive cybersecurity(24:10) Addressing cybersecurity in older vehicles(28:30) Key takeaways from the cybersecurity threat landscape report(36:17) Discussion on industry trends and future outlook(41:53) Monetary impact of cyber attacks on the automotive industry(43:31) Importance of reputation management for OEMs
Referenced Links:UN ECE 155 RegulationUN ECE 156 RegulationAutomotive Cyber Threat Landscape Report 2023Please leave us a rating and a review on Apple Podcast.
Connect With Karl (Kalli) Schlauch:LinkedIn
Connect With ASRG:ASRGLinkedIn
-
In this episode of the Security Breaks podcast, host John Heldreth welcomes Giuseppe Serio from Upstream Cybersecurity, a leading expert in automotive cybersecurity. The episode explores the latest developments in automotive cybersecurity, focusing on the Upstream Cybersecurity Threat Report for 2024.
Key Takeaways:
Upstream Cybersecurity Threat Report 2024: The report provides a comprehensive overview of the latest threats in automotive cybersecurity, using data from VSOCs and external sources like the dark web. It serves as a key resource for industry professionals.The episode emphasizes the importance of responsible disclosure in cybersecurity research, focusing on safety and proper communication when dealing with sensitive information.Quotes:
"VSOCs play a crucial role in monitoring, detecting, and responding to cyber threats in real-time. They're essential for maintaining the security and safety of connected vehicles.""Responsible disclosure is key in the cybersecurity industry. It’s not just about finding vulnerabilities; it's about ensuring that the information is handled properly to avoid potential risks to public safety."Timestamp:
(1:55 - 2:21): Discussion about Upstream's annual automotive cybersecurity threat report, which details the threats faced by the industry and its impact on the safety of vehicles and their operations.
(2:31 - 2:40): John discusses the length and comprehensiveness of the report, emphasizing its importance in providing insights into threats and the potential challenges facing the automotive industry.
(5:19 - 5:34): Giuseppe elaborates on the shift from calling it "Automotive SOC" to "VSOC," emphasizing that the concept has evolved from focusing on individual vehicles to the broader fleet and ecosystem.
(12:23 - 12:40): Discussion of the internal and external sources Upstream uses for research and threat intelligence, including their dedicated research team and the various sources used to compile the report.
(13:07 - 13:41): Giuseppe outlines the process of compiling the cybersecurity threat report, mentioning the significant effort and resources involved in gathering and analyzing the data to ensure accurate and comprehensive insights into the automotive cybersecurity landscape.
About the Guest:
Giuseppe is a cybersecurity expert specializing in the automotive industry. He brings a deep understanding of cybersecurity issues specific to the automotive sector, discussing topics like over-the-air (OTA) updates, electric vehicles (EVs), and autonomous driving technologies. Giuseppe's insights reflect a comprehensive grasp of current trends and emerging threats in automotive cybersecurity.
Connect with Giuseppe Serio:
LinkedIn: Giuseppe Serio
Website: Upstream
Connect With ASRG:
ASRG WebsiteASRG Facebook PageASRG LinkedInDownload report here:
-
Puuttuva jakso?
-
Welcome to Security Breaks Podcast! In this pillar episode, John Heldreth and Slava Bronfman discuss the evolution and challenges of automotive cybersecurity. They delve into the differences between functional safety and product security, highlighting the importance of understanding the dynamic nature of security in contrast to the relatively static world of safety. The conversation also explores the maturity levels of OEMs and suppliers in implementing security frameworks and the role of regulations and standards in driving industry practices forward.
Key Takeaways:Automotive cybersecurity has evolved from research-led projects to comprehensive programs within OEMs and suppliers, but there remains a wide variance in maturity levels across the industry.The distinction between functional safety and product security lies in the magnitude, practices, and dynamic nature of security compared to safety.The adoption of tools and processes, even if rudimentary like Excel, marks progress in establishing security frameworks within organizations.Achieving scalable security solutions requires a holistic approach encompassing methods, processes, organization, and technology.
Quotes:"The commitment to continuous improvement and adaptation is key to addressing the complexities of automotive cybersecurity.""The distinction between functional safety and product security lies in the magnitude, practices, and dynamic nature of security compared to safety."
Timestamps:(16:05) John starts discussing the importance of processes, methods, organization, and tooling in automotive cybersecurity.
(17:32) Slava Bronfman responds affirmatively to John's points.
(18:43) John and Slava discuss the potential consequences of OEMs being blind to vulnerabilities in their vehicles.
(20:50) They discuss the importance of proactive security measures in preventing incidents.
(21:55) Slava shares insights into the alignment between OEMs and suppliers regarding cybersecurity.
(24:42) The conversation shifts to the future of automotive cybersecurity.
(25:53) Slava discusses the challenges posed by emerging technologies such as software-defined vehicles.
(29:48) They discuss the potential impact of quantum computing and autonomous driving on cybersecurity.
(33:11) John emphasizes the importance of responsible disclosure for researchers and hackers.
(34:42) Slava provides an overview of Cybellum and its role in automotive cybersecurity.
(38:03) They discuss the future development of Cybellum and its focus on AI and ML technologies.
(42:14) The podcast concludes with closing remarks and reflections on the challenges and opportunities in automotive cybersecurity.
About The Guest:Slava Bronfman is a cybersecurity expert with a background in software engineering and extensive experience in the automotive industry. He co-founded Cybellum, a company specializing in automotive cybersecurity solutions, and has been instrumental in shaping the direction of automotive security practices.
Connect with Slava Bronfman:LinkedIn: Slava Bronfman
Website: Cybellum
Connect With ASRG:ASRG WebsiteASRG Facebook PageASRG LinkedInPlease leave us a rating and a review.