Abstract: Current state of the art allows secure boot of a subset of modules on the vehicle bus. To build a strong foundation for security, safety, and reliability, we start with a firmware golden list and need to understand what components can be interrogated and tested, at what assurance levels. As-built lists become out of sync by end of the line, dealer, repair shop, or customer updates and counterfeit parts may be introduced at any point. Reliability may require limp-home capabilities and R2R may allow strategies that void warranty. Autonomy validation must be performed on a module with an appropriate ISO 26262 ASIL rating. Forthcoming Cybersecurity Assurance Levels from ISO 21434 could be extended to include built-in tests of electronic components, sensors, and actuators and become a valuable tool to detect counterfeit parts, but a complex mix of different controls and capabilities can lead to emergent vulnerabilities. The golden ticket is a whole vehicle system secure boot, tied to hardware roots of trust where available. We will discuss how a secure unified solution could be implemented on the vehicle bus and in the cloud.

Bio: Chad Childers is an internationally recognized security evangelist who has spoken at RSA, InfoSec World, The European Information Security Summit, SecureWorld, BSides, the Cyber Security & Cloud Expo world series, and DevTalks Romania. He is Director of Auto Systems Solutions at Privafy, building security into advanced vehicle systems and IoT solutions. While at Ford Motor Company, he was responsible for Threat Analysis & Risk Assessment of vehicle and connectivity for embedded modules, mobility, cloud, autonomous, and electric vehicles, global risk assessment, JV security, PKI, Intranet web technology, and Failure Mode & Effects Analysis software. IntraCom Montreal said, "Reconnu pour sa vision et son caractere audacieux, M. Childers partagera avec vous son experience unique. - Recognized for his vision and audacious character, Mr. Childers will share his wealth of experience with you."