26–27 September 2017

Tokyo, Japan


Performing risk assessments against connected cars

Alissa V. Knight, Group Managing Partner, Brier & Thorn, Inc (USA)

Having spent several years presenting on how to hack connected cars through penetration testing of TCUs, Alissa Knight will now detail a risk-based approach to connected car cyber security through performing risk assessments, demystifying the AES J3061 standard by detailing techniques for Threat Analysis and Risk Assessment; Threat Modeling and Vulnerability Analysis (e.g., Attack Trees); and when to use them.

Further guidance will be provided along with free tools and whitepapers on performing a risk assessment according to the J3061 standard based off of, and expanded on from, existing practices which are being implemented or reported in industry, government and conference papers. The best practices are intended to be flexible, pragmatic, and adaptable in their further application to the vehicle industry as well as to other cyber-physical vehicle systems. Further, this track will cover:

  • Defining a complete lifecycle process framework that can be tailored and utilized within each organization’s development processes to incorporate Cybersecurity into cyber-physical vehicle systems from concept phase through production, operation, service, and decommissioning.
  • Providing information on some common existing tools and methods used when designing, verifying and validating cyber-physical vehicle systems.
  • Providing basic guiding principles on Cybersecurity for vehicle systems.