welcome to session i · what is specific to smart city cybersecurity? -1 • operates many vital...
TRANSCRIPT
Exchange on best practices and challenges
Welcome to session I
Dr. Eric Armengaud
AVL List GmbH (Headquarters) Confidential
ITEA cyber Security DayExchange on best practices and challenges
Facts and Figures
AV L C O M P A NY P R E SEN TAT I O N
Global Footprint
Represented in 26 countries
45 Affiliates divided over 93 locations
45 Global Tech and Engineering Centers (including Resident Offices)
Founded
Years of Experience
Employees Worldwide
Engineers and Scientists
Of Turnover Invested in
Inhouse R&D
Export Quota
Granted Patents in Force
ENGINEERING SERVICES
▪ Design and development services for all elements of ICE, HEV, BEV and FCEV powertrain systems
▪ System integration into vehicle, stationary or marine applications
▪ Supporting future technologies in areas such as ADAS and Autonomous Driving
▪ Technical and engineering centers around the globe
INSTRUMENTATION AND TESTSYSTEMS
▪ Advanced and accurate simulation and testing solutions for every aspect of the powertrain development process
▪ Seamless integration of the latest simulation,automation and testing technologies
▪ Pushing key tasks to the start of development
ADVANCED SIMULATIONTECHNOLOGIES
▪ We are a proven partner in delivering efficiency gains with the help of virtualization
▪ Simulation solutions for all phases of the powertrain and vehicle development process
▪ High-definition insights into the behavior and interactions of components, systems and entire vehicles
AV L C O M P A NY P R E SEN TAT I O N
ELECTRIFICATION ADAS AND AUTONOMOUS DRIVING ZERO-IMPACT EMISSION
VEHICLE ENGINEERING DATA INTELLIGENCE
AV L C O M P A NY P R E SEN TAT I O N
ERTRAC, Strategic Research Agenda, Input to 9th EU Framework Programme, March 2018, www.ertrac.org
Confidential / 5 Dr. Eric Armengaud | AVL List GmbH | 15 Januar 2021 |
From road transportation to smart mobility
Dr. Eric Armengaud | AVL List GmbH | 15 Januar 2021 |
Holistic dependability engineering for collaborative, autonomous systems
Runtime
Design Time
www.deis-project.eu
Confidential / 6
AV L C O M P A NY P R E SEN TAT I O N
We Owe It to the PlanetIt is our duty as an organization to contribute to the
resolution of social, cultural and global issues – especially
with regards to environmental protection, sustainability and
global emission reduction.
Smart mobility and cybersecurity
contacts:
F. Bodin ([email protected])
Paul-André Pincemin ([email protected])
15 January 2021
Rennes
Introduction
• The implementation of smart mobility services is a driver for metropolises
development
– Transportation is an important part of the metropolis budget
• Smart mobility increases the potential for cyber attacks
• The development of a metropolitan reference framework objective is
– To allow reasonable risk-taking (x4 in France since 2019, src: ANSSI)
– To help build an effective remediation capacity
– To set up experimental and simulation capabilities
• The general point of view taken is that of the metropolitan organising
authority
• Rennes Metropolis’ action is included in the French program CSF "Territory
of Trust".
Smart mobility -1
• Covers many sectors*
– Accessibility for people with reduced mobility
– Mobility assistance
– Transport management
– The fight against climate change
– Active modes, shared and alternative transports
– Data sharing and protection
– Protection of the environment, air quality
– Road safety
– Safety in transport
– Etc.
*http://www.mobilite-intelligente.com
Smart mobility -2
• Focus on synergies between transport modes
• Involves numerous infrastructures
– Operated by different entities
• Based on the collection and exchange of data
– From sensors, operators, etc.
– As well as personal data
• Is framed by numerous standards and norms
– But approaches to deal with transversal issues not well
defined yet for smart mobility
An illustration of the systems involved
What is specific to smart city cybersecurity? -1
• Operates many vital services (e.g. water)
• In a mix of legacy and new infrastructures
• Preserving citizen’s trust is critical
• Combines SI and IoT cybersecurity issues
• IoT devices are usually weak on security, can be stolen, etc.
• Many open buildings (e.g. city hall)
• Convergence of physical and cyber spaces
• Detains many citizen private data
• Video surveillance data, tax data, service users’ data,…
• Integration of numerous services
• Very large attack surface with “chain reactions” difficult to
identify
• Many infrastructures interdependencies
• Communication network
• Infrastructure remote control
• Backups and restoration not always optimal
• Small and large cities with very different capabilities
• Silos-based organization but transversal infrastructures
• cybersecurity is a holistic issue
• Incremental development on a long period, lack agility
• Many external operators
• Internal threat underestimated, low budget,…
• Mutualisation of CERT and other shared approach possible
• Easier to share attack (real-time) information
• Help smaller cities
What is specific to smart city cybersecurity? -2
Rennes Metropolis current composition
of the reflection committee
With support from Anssi
Identified roadblocks
• No pre-production system usually available
• Definition of contingency modes / operations
• Availability of operational data
• Securing exchange of data
• Large data volume and complex analysis
• Simulation and analysis capacity
• Managing complexity and implementation limitations
• Lacking interoperability cybersecurity-wise
Works status in Rennes
• Effort to set up a structuring framework of the metropolitan
landscape around an experimental "lab" which associates:
– cybersecurity for SMEs
– Industrial users
– Research laboratories
• Identification of structuring technical projects
– Interoperability of systems / tools
– Department-wide supervision / risk assessment
• Collaboration with the data portal project RUDI of the metropolis
• https://rudi.datarennes.fr/
The « CyberLab » setup
• Objectives
• Ensure interoperability and cybersecurity of the smart-city architectures
and provide a platform to the players in the Rennes metropolitan area that
is representative of the infrastructure of a smart city
• Key players: road infrastructure providers, transport/services
companies, IT equipment manufacturers, industrialists, etc.
• First outcome of the reflections in 2020 with AMOSSYS, KEREVAL
and WALLIX
– Create a CyberLab, the first French software-testing platform designed to
assess the Cyber resilience of intelligent mobility solutions, and more
generally, the smart city
– Implementing a defensive, joint, and anticipatory approach
– Need to manage the acceptability of residual risks
– With the support of Rennes Metropolis and Irisa
Secure OperationsEnsuring Cybersecurity to enable Industrial IoT
Unrestricted © Siemens Mobility GmbH siemens.com/dcu
Protecting the data of individuals and companies1
2 Preventing damage from people,companies and infrastructures
3 Establishing a reliable foundation on which confidence in a networked, digital world can take root and grow
Leading global companies joined forces to encourage security in a networked world.
Evolving Landscape
AutomationInformation Processing Digital Connectivity and Intelligence
1950s – 1960s
Military, governments and
other organizations implement
computer systems
1980s
Computers make their
way into schools, homes,
business and industry
2015
Industry 4.0, Internet of Things
& Big Data.
1999
The globeis
connectedby the internet
1970s
Homecomputer
is introduced
1991
The World Wide
Web becomes
publiclyaccessible
2010s
Cloudcomputing
enters the
mainstream
1990s
Digital enhancement
of electrification and
automation
2020s
Smart and autonomous
systems, Artificial Intelligence
2000s
Mobile flexibility
AOHell
Cryptovirology
Level Seven Crew hack
Denial-of-service attacks
Cloudbleed
sl1nk SCADA hacks Infinion/TPM
Meltdown/Spectre
AT&T Hack
Blue Boxing
MorrisWormMelissaWorm
ILOVEYOU
NotPetya
Industroyer/Chrashoverride
WannaCryHeartbleed
Stuxnet
Cybersecurity solutions focused on (OT) Security
OT Security
3-5 years
Forced migration (e.g. PCs, smart phone)
High (> 10 “agents” on office PCs)
Low (~2 generations, Windows 7 and 10)
Standards based (agents & forced patching)
Asset lifecycle 20-40 years
Software lifecycle Usage as long as spare parts available
Options to add security SW Low (old systems w/o “free” performance)
Heterogeneity High (from Windows 95 up to 10)
Main protection concept Case and risk based
IT SecurityConfidentiality Availability
Risk vs Budget
Your RiskEver growing risk landscape
Your BudgetWait or use your creativity
Yeste
rda
y Today
Tom
orr
ow
Yeste
rday
Today
Tom
orr
ow
?
Aft
er
a m
ajo
rin
cid
ent
…costly impacts on operations
$38-88MAverage annual spend
on unplanned downtime2
$1-2M / dayEconomic impact of
buying energy to replace
energy production
capabilities1
225,000Customers without
power due to Black
Energy attack, 20153
$300MCost of NotPetya ransom
ICS attack to single
industrial company in
20174
Sources: 1)Richmond Times, 2)GEOilandGas, 3)E-ISAC, 4)CNBC
Structure by IEC 62443
IEC 62443 - Roles and Scope
IEC 62443 - Roles and Scope
Cybersecurity Concepts for Mobility
Perimeter protection & IDS
…”installed base (legacy) and automation
products without built-in cybersecurity”
Defense in Depth - IEC 62443
…”for future deployments, with products with
built-in cybersecurity features”
Protection against
unintentional or accidental
attacks
Protection against
deliberate attacks with simple
means
Attacker type
Script Kiddie
Protection against
intentional attackswith
advanced means
Attacker type
Criminal organization
Protection against
intentional attackswith
advanced resources
Attacker type
Nations / Agencies
SL 1 SL 2 SL 3 SL 4
Cybersecurity goalIEC 62443 Security Levels
Cybersecurity Pillars
IDS JRS / SPX DCU
DCUData Capture Unit (Data Diode)
CONFIDENTIAL
© Siemens Mobility GmbH2020
Enabling connectivity while keeping networks physically isolated? …Data Diode technology
▪ Guarantees protection and network
isolation via hardware design that
lacks the vulnerability of firewalls
▪ Reliable - MTBF +16yrs
▪ Galvanic isolation & physical
separation ensures only one-way
communication
Critical network Open network
Tx
Rx
Tx
Rx PHY
Tx
Rx PHY
Tx
Rx
Tx
Rx
4Siemens
DCU
Electromagnetic induction
Connectivity Concept
Industrial Edge RuntimeOWG
Cloud Connector
Connectors
StorageApp
VPN
Rail Operator
Cloud App
Device Management
Vendor
DCU
OWG
Real-time
data collection
– OWG sender
Deploy Security
Patches
– Worldwide
0% risk of customer
operation disruption
– DCU
Diagnostics and
Local data storage
- OWG receiver
Rollout Applications
and Updates
– Worldwide
TVDIXL
OCC
3. Cloud
2. IT Network
1. OT Network (SIG)
Router + FW
Designed to be modular
OWG - Receiver
VPN
Rail Operator DCU
3. Cloud
Vendor
Cloud App
Asset Management
2. IT Network
1. OT Network (SIG)
OWG - Sender
SCADA / Interlocking
Router + FW
Safety assessmentSL3 - IEC 62443 4- 2
Vendor neutralStandard protocols
0% riskoperation disruption
USP´s
IDSIntrusion Detection System
CONFIDENTIAL
© Siemens Mobility GmbH2020
IDS Server
Syslog
Endpoints
Port mirror
IDS Sensor IDS Sensor
Industrial Switches
Topology with DCU
IT/Enterprise network
OT / Signaling (safety) network
Portmirror
Industrial SwitchesEndpoints
Security logs Security logs
Se
cu
ritylo
gs
Se
cu
ritylo
gs
JRSJuridical Recording System & Encryption
© Siemens Mobility GmbH2020
What & Why
What
JRS collects, stores and validates all critical
SIG system data.
JRS provides “Proof” that the stored data is
unaltered and complete (integrity intact).
JRS prevents the alteration and/or deletion
of data acc. to IEC 62443 security concept:
• Components
• Communication
Why
Data from juridical recorders is needed for all
legal or formal investigations of accidents or
“near-miss” situations.
CENELEC 50701 will require data integrity tools
for new railway systems.
Main features
1. Modular juridical recorder -Based on X.509 Certificates (PKI)
2. RAID 6 - High performance and
reliable of data storage
3. Secure OS – S2L2 with Certificates,
Secure Boot and Whitelisting.
4. IEC 62443 4-2 SL3 - Compliant
5. Interference Free – Compatible
with DCU
Funtionality
1 | Data collection 2 | Data Storage 3 | Evaluation & Validation
DCU / Diagnostic PCs RAID 6 JRS software
4 | Data Extraction
Customer or Siemens
Components
IXL
POLLUTION-FREE TOMORROW
WORKING FORA
…ONE JOURNEY AT ATIME
SIEMENSMobility
Disclaimer
© Siemens AG 2020
Subject to changes and errors. The information given in this document
only contains general descriptions and/or performance features which
may not always specifically reflect those described, or which may
undergo modification in the course of further development of the
products. The requested performance features are binding only when
they are expressly agreed upon in the concluded contract.
All product designations may be trademarks or other rights of
Siemens AG, its affiliated companies or other companies whose use by
third parties for their own purposes could violate the rights of the
respective owner.
Unrestricted | © Siemens Mobility 2020 | Andres G. Guilarte | SMO RI PR | 2020-12-02Page 26
ContactPublished by Siemens Mobility GmbH
Andres G. Guilarte
Global Product Manager
SMO RI PR SD
Germany
E-mail [email protected]
Page 27 Unrestricted | © Siemens Mobility 2020 | Andres G. Guilarte | SMO RI PR | 2020-12-02
Security for the Internet of Lights
Sandeep Kumar
R&D Group Manager IoT Security
Signify Research
Signify is the world leader in lightingWe provide high-quality energy efficient lighting products, systems and services
37,000people in 74 countries
No. 1Connected, LED,
Conventional
€6.2bn sales in 2019,
~ 75% professional
No. 1Industry Leader
Dow Jones Sustainability Index 2017-2019
Systems and ServicesLight sources Luminaires
68
#1 smart home lighting system to light your home and garden smarter
The Internet of Lights
It all began with LEDIFICATION
ENERGY EFFICIENCY LONG LASTING BETTER QUALITY
The next revolution: BEYOND Lighting
CONNECTIVITYSENSORSCONTROLS
REMOTE
MANAGEMENT
Indoor PositioningPerfect light, precise location
determine the real-time and exactposition and orientation of a shopperusing visual light communication
Space Management
Optimize office space through occupancy and space usage data collected over the smart lighting system
There is more to lighting beyond illumination
Internet of Lights
the most dense sensor network on the planet
largest attack surface of remotely connectable
devices
Security:Challenges and Best Practices
Challenges
1. MINDSET: Build security into formerly analog world
Requirements
• Security Risk Assessment (SRA)
• Privacy Impact Assessment (PIA)
Design
• Security Architecture Review
Implementation
• Secure code review
• Hardening
• 3rd party code analysis
Verification
• Functional Security Testing
• Penetration Testing
Release
• Security Review
• Incident Response Plan
Response
• Software updates
• Responsible Disclosure
• Security Monitoring
Security Training across Organization
Secure Development Lifecycle (SDL) Process
Not just build, but keep it secure: monitoring, patching, vulnerability management
Best practice
Challenges
HUGE
DEPLOYMEN
T SIZEs
COMMISSIONER
BASED
WORKFLOW
2. LIFECYCLE: Managing over multiple technology waves
VERY LONG
LIFETIME
Security lifecycle – security from cradle to grave
Application Running
Reconfigured
Manufactured
Installed
Commissioned
Application Running
Software update
Removed & replaced
Decommissioned
Reownership & recommissioned
Bootstrapping Operational Maintenance & re-bootstrapping
Operational Maintenance & re-bootstrapping
Key generation and storage
Authentication & Authorization
Authenticity (and Confidentiality)
Secure communication
Authorization
Key storageKey updates
Best practice
Challenges
GLOBAL
STANDARDS
UNIQUE FOR
LIGHTING:
Latency,
Synchronicity,
..
3. TECHNOLOGY and REGULATIONS: Finding the right balance
DEVICE
CONSTRAINTS
Our compliance wishlist
80
Professional lighting systems
Professional lighting services
Consumer smart homelighting systems
IEC
62
44
3-4
-1
Secu
re S
oft
war
e D
evel
op
me
nt
Life
cycl
e
Best practice
82
Investor Presentation
Security Challenges of Telecom Industry
ITEA Cyber Security Day, 15th January 2021
Dr. Emin İslam Tatlı
Turkcell Cyber Security Director
8383
Investor Presentation
About Turkcell
CYBER SECURITY
STRATEGIC FOCUS AREAS
Digital Business Solutions Techfin ServicesDigital Services
Security Management
Infrastructure Security
Security Testing
Security Monitoring
(SOC)
Telecom Services
Identity&AccessManagement
8484
Investor Presentation
Turkcell Managed Security Services
SOC(+Forensics)
Pentest Identity&AccessMng.
Consultancy
Cyber ThreatIntelligence
DDoS Attack Simulation
Turkcell DigitalSecurity Service
Turkcell Anti-Fraud
PhishingSimulation
Diameter FWGUI & Product
SEPP Cont. Vulnerability ScanSOC SOAR
SOC Log Archive SOC EDR
8585
Investor Presentation
The New Challenges
• Security complexity of Telecom Industry has increased:o Past: access network security, core network securityo Today: web security, mobile app security, security testing, 5G security (IoT
security, IIoT security), fintech security, DevSecOps
• Penetration Testing has become insufficient, new concepts are needed:o Red-teaming, Purple-teamingo Attack Surface Analysiso Continuous Security Testingo Paper-based reporting is no more adequate.
8686
Investor Presentation
The New Challenges (cont.)
• Vulnerability & Patch Management have become the number one issue of cyber security:o More and more critical vulnerabilities are published per week-month.o Critical vulnerabilities are exploited in 1-2 days via large-scale analysis.o Patching hundreds of systems in time is difficult, priority plan is
needed.o Backdoors, Supply-chain attacks
• DevSecOps/Secure SDLCo Secure SDLCs (e.g. SAMM, BSIMM etc.) need to be integrated into
Developer IDE and DevOps platforms.o Outsourced software development has become riskier.
8787
Investor Presentation
The New Challenges (cont.)
• Authenticationo Username-password still aliveo Behaviour-based authenticationo Can CAPTCHA be replaced with ML?
• DDoS (Distributed Denial of Service) o More and more enterprises and SMEs exploit Telco-grade DDoS
mitigation.o Number and size of pps-based attacks are rapidly growing compared to
bps-attacks.o Multiple customers are explicitly attacked at the same time.o Machine learning should be better exploited, especially for clean traffic
profiling.
8888
Investor Presentation
Thank You!
Twitter: @eitatliLinkedin: https://www.linkedin.com/in/tatli/