Quantum of Cyber-Multi-Dimensional Risk Analysis for E2E Product Resilience

PRESENTATION:
The cyber defenses embedded in our vehicles are more and more robust. Still, this does not mean that vehicle security incidents are a matter of the past. There are many occurences of the product related data (e.g., crypto material, firmware binaries, configuration files, etc.) outside of the vehicle ecosystem. The cybersecurity efforts of the automotive industry can be optimized with gaining the awareness of these occurences. That can prevent the bypass of technical security controls. This work uses a recent compromise of an electronic control unit to illustrate this issue. Then, it recommends an approach to mitigate the probability of such future incidents.
PRESENTER:
Jani Kovacs
Cyber Risk Analyst at Cymotive
Jani has spent his whole career in the transportation industry. From 2019 he specialized in securing automotive products as a risk analyst and a solution architect. During this journey, he became familiar with the E2E automotive cybersecurity lifecycle.
As a tutor of his competence area, he created the material of several corporate and university courses on testing and cybersecurity and also published an open-source „fighting fantasy” game on automotive security, The d1m1try Project.
Before Cymotive, Jani participated in the establishment of the cybersecurity team of a German Tier 1 based in Hungary, played a key role in the achievement of the required UNECE compliance, then contributed to the design and implementation of the global Vulnerability and Incident Management process of a German OEM.\