MAIN STAGE DAY TWO – WEDNESDAY 29th NOVEMBER 2023

PRESENTATION AND DISCUSSION: HOW TO EFFICIENTLY SECURE PRODUCT SECURITY OVER THE VEHICLE’S LIFETIME

• Understand what lifetime means to the industry and when support is no longer needed.
• Debating how the industry can provide product updates for up to 25 years.
• Assess methods to ensure up-to-date information on vulnerabilities and how updates are received on products in the field.
• Discuss when and how product liability comes into effect in case of a cyber-attack.
• Explore the type of dependencies companies have and how to make sure it is handled properly.
• Explore how OEMs and suppliers can monetise lifetime support programs.

VSOC-FOCUSED PRESENTATION

• Understand the requirements for building and operating a VSOC and how they are different than traditional IT SOCs
• Find out how a VSOC provides real-time visibility and insights into vehicle anomalies and behaviours
• Assess how a vehicle security operations centre is set up and operated and how OEMs and suppliers can benefit from one.
• Understand how suppliers can participate in getting access to data and protect products in the best possible way.
• Learn how to monitor vehicle fleets for cyber security anomalies throughout the vehicle’s lifecycle

• Assess security measures for open-source and purchased software.
• Understand how cyber security is managed through the supply chain.
• Understand how automakers can build up a good CSMS when using open-source software platform to protect against vulnerabilities and threats.
• Learn how the latest measures and technologies can be successfully leveraged to have a fast incident response.

• Understand the status of post-quantum cryptography.
• Get an overview of different post-quantum computing technologies and new cryptographic solutions and understand the impact they can have on automotive companies.
• Find out what cryptographic algorithm the car manufacturer should use and request the Tier-1 to implement.
• Learn how to handle the transition to cryptographic algorithm security features.
• Hear how companies see the support of post-quantum cryptography when hardware is already designed.
• Understand what the choice of different actors in terms of algorithm selection would be - would they go for every algorithm, or would they select a specific post-quantum algorithm that is available today?

STPA represents a new paradigm that is being applied in safety analysis and management within our industry - It’s application in cybersecurity, to improve resilience against cyber disruptions through STPA-Sec is new to many. In this presentation we will consider "How STPA is being used in automotive cybersecurity" and we will introduce: -

• STPA-Sec, what it is and why you should care.
• How to implement TARA guidelines when using STPA-Sec.
• Where threat modelling can be used and how to do so (i.e. STRIDE and beyond).

Designing-in effective safeguards begins at the concept phase, enables the definition and refinement of precise design recommendations, and continues throughout the product lifecycle, to operations and product retirement. Discover life beyond 21434…

UNDERSTAND HORIZONTAL REGULATIONS THAT CAN HAVE A BIG IMPACT ON THE AUTOMOTIVE INDUSTRY

• Cyber Resilience Act, Radio Equipment Directive, Cyber Solidarity Act, NIS1 Regulation
• Get a complete overview of the bigger picture and the purpose of different regulations, including Cyber Resilience Act, Radio Equipment Directive, Cyber Solidarity Act and the NIS1 regulation. How do these regulations compare with ISO/SAE 21434 and R155/R156?
• Discuss how much automakers and the automotive industry is affected by different regulations.
• Learn what you need to do in your organisation to ensure that the organisation and all product lines are complying to these regulatory aspects.

CLOSING DISCUSSION GROUP: LEARN FROM OTHER/RELATED INDUSTRIES

• Deep dive into how other industry are managing cyber security programs.
• Find out how they handle long-term update capabilities, incident response, secure communications, etc.
• Learn what best practices and de facto standards are being adopted and what they are building in terms of features, including intrusion detection systems, security cameras etc.
• Hear recommendations on how to do things in a practical way when regulations are not yet defined/decided.

• Understand what AI means for cyber security and where it can help.
• Assess how AI can help automate certain tasks/make them easier.
• Demonstrating how AI be used to protect against cyber security threats and vulnerabilities.
• Understand what needs to be considered to protect attacks on products based on AI.

PANEL DISCUSSION

• Understand how to efficiently communicate changes or algorithms to suppliers for them to adapt products from a schedule perspective.
• Assess best practices for key management.
• Sharing best practices on how to maintain the required level of trust with suppliers.
• Debating how OEM/Supplier relationships will evolve when everything is open-source.
• Sharing recommendations on what automakers, Tier-1s and suppliers should be willing to invest to educate their teams and as a result, improve relationships and dependencies.