SANS Automotive Summit Webcast

SANS Institute · Advanced ·🔐 Cybersecurity ·8y ago

Key Takeaways

Discussing key takeaways from the SANS Automotive Cybersecurity Summit and training for automotive cybersecurity

Full Transcript

hi this is Doug Wiley with the SANS Institute and it's my pleasure to be here with you today talking about our upcoming second automotive cybersecurity summit and training events our theme this year is smart vehicles and smart infrastructures and the event will take place May 1st through May 8th in Chicago this year we'll be continuing our conversation on the rapid move to new innovation technologies and capabilities that are affecting the automotive industry we'll be talking about autonomous vehicles and smart cities and the emergence of all this innovation that is beginning to affect not only the companies that that make smart vehicles but the consumers and the environment that they they all have to - of course exist in we've assembled a myriad of topics and some outstanding subject matter expert speakers who will be taking us through much of this material I'm very pleased to be joined by Kai Thompson who is this year's chair of the the summit and training event so with that I'd like to introduce Kai and we'll continue our conversation thanks Doug hi everyone this is Kai Thompson I'm a science instructor for ICS 515 so that's industrial control systems active defense and instant response and also work a German car manufacturer Audi as a neutral forensics and instant response Lee I've been with Audi for the past five years and before that I worked for 14 years in the steel industry and the reason for me to go over to the auto industry was actually this these profound changes happening in that industry so these just like three strikes of moving from gasoline engines to electric vehicles moving from old vehicles to smart fleets that you just hire or we just hitch a ride and of course two robots on wheels autonomous vehicles that are to me the most interesting thing of course being being a hacker and a nerd you love your robots on wheels yeah this this change that's happening right now in the auto industry and it's not only touching the auto industry but as we already say in the topic offer some it's more on vehicles and smart infrastructures this is touching everything that has to do with transportation especially with personal transportation and being part of this journey and being able to leave your footprints in this journey and how we do this and how we do these changes is to me really really interesting and really important that's why I wanted to join this industry great and Kaiser there's gonna be a variety of attendees to the summit itself you know we're expecting chief security officers and chief information security officers individuals that work in security operations centers even some developers and incident responders so I know as we look at the topics that we're going to be covering that we're gonna be having a mixture of both some deep technical conversations as well as some of the conversations around the standards and guidelines that are being adopted across industry and of course you know the the larger issues that every every organization in the automotive industry is grappling with so give us some thoughts about you know the keynote kickoff for instance and what we might expect from that this year I love to yeah yeah so Baron Giesler he was giving the keynote I've known him for most of my life and for the past thirty years he was one of the pioneers and bringing autonomous vehicle on the road and first of starting with with drivers assistant systems as we have to now at modern especially premium vehicles so Garonne was the the lead for autonomous driving an Audi for a number of years and then changed roles and went over to the supplier side of the industry and he's now working on on developing or running running divisions that develop autonomous systems to be put into giggles but as he'll point out is Ennis in his keynote of course this is a journey we don't go from Tribute of cars to fully autonomous vehicles overnight this is a journey and we'll live with a mixture and especially with vehicles that are remotely controlled at least some part of the time for a very long time and that that's actually what he's been working on for a couple of years already so these these touch phones will be part of this keynote which will bring us right into the whole journey that we're doing in this two-day summit like how do vehicles interact with the transportation environment so traffic lights parking spaces everything else you have as traffic system or transportation system in your city telling you when the next train will will arrive because you're moving from one transportation system to the other and then of course we have to know how to interact also with the larger environments your chart your electric vehicle charging systems as one example I already mentioned something like parking spaces and city infrastructures but also how do we make sure that the ways these systems interact are safe and secure so what's the framework for this what's the framework for assessing the risk that these different components bring onto each other so how do we go about that but also how do we respond to incidents in these environments some of this is probably as we all know all classical Incident Response we've been doing an IT for quite some time but these environments are more complicated and more interconnected and of course they're moving people so people might get hurt and we don't want that so this is a journey we all have to do together and we bring you together the different threads technology-wise planning infrastructure frameworks legal to move forward to understand ones in one another's constraints and language to move this forward into a journey that we have to take together yeah I know there's there's two particular topics that I'm especially looking forward to you know one one is relating to legacy vehicles and the fact that cars and other vehicles are on the road for such a long duration of their life and as technology continues to progress we know that we're gonna have this mixture of of old and new that has to has to co-mingle so the panel discussion around that is something that I'm really looking forward to and then and then likewise you know considering the evolution of the infrastructure itself and just talking about how we're starting to see more and more technology in the smart cities that are enabling these types of interactions amongst the vehicles that's that's also an area that I think is is really going to help pull this all together so Kai you know part of the event is much more than just the summit itself there will be training that's provided May 1st through May 6th and and there's four courses that we'll be offering this year so give us just a few thoughts around you know those four different courses and why they're relevant to somebody in the automotive industry sure love to so of course we started out with our Security Essentials boot camp seg 401 which I recommend to everyone who wants get to get to know the security landscape and the language that we I teach security guys talking and also the basic building blocks of IT security because I think yeah having this this common ground that everybody knows what we're talking about is really essential SEC 504 Heckert wells techniques exploits an incident handling is to me a very good starting point if you want to get deeper into what can actually happen to anything IT connected how do attacks work and how to do do we detect prevent or at least mitigate them so this is a great mixture of this is what an attack looks like this is how I offend against it or how at least detect it so the basic building blocks you you want to be actively defending your environment weather components they might contain network penetration testing and ethical hacking sex sex 560 yeah testing your products your IT environment and the interconnection between all these smart city vehicles leads infrastructure things will become more and more important we've been doing this at Olli for quite a while already we which has saying not only our IT environments but we run penetration tests that go all the way from the internet so we're back on right into the vehicle and sec v 6e is a very good class to learn about what we can get from pen testing how should we do it and how we should conduct it even if you're not running your own internal testing teams but hiring external people it's good to have a background in this class to just know what you can expect from pen testing know the lingo know how it works so the better shape your expectations and what you should be doing to guide pen testing and out of my favorite class for 508 advanced is old forensics into response and threat hunting which was actually the first size class I ever took myself if you want to get really deeply into how to detect advanced threats in your environment doing Incident Response or go hunting for these threats in your environment I think 508 is the best class there is and frankly if we look at how or where smart vehicle fleets will start at first these environments will be interesting targets to advanced threats because that's where you can make money as a criminal so getting your knowledge up in these kinds of things these two certain parts of the industries highly recommended to get started right now that's great guy Thanks thanks for that summary I mean we we have we have these for immersive training opportunities and then the summit to boot where people will have access and exposure to some of the leading such a subject matter experts in the field so very excited and to to be part of this and I do want to thank you Kai the time you've taken out today and hopefully we're gonna see everybody in Chicago for the summit and training event thank you very much duck yeah we need to go forward to the summit so looking forward to seeing you all in May in Chicago have a good time

Original Description

Co-chair of the SANS Automotive Cybersecurity Summit, Kai Thomsen, discusses key takeaways from the 2017 event and what to expect from the 2018 summit May 7-8 in Chicago. Thomsen also reviews training for automotive cybersecurity, the importance of pen testing, and why DFIR is his favorite curriculum. The 2nd annual Automotive Cybersecurity Summit brings together public and private-sector manufacturers, suppliers, assemblers, technology providers and V2X partners to discuss the increasingly complex and interdependent relationships between smart vehicles and ever-expanding smart infrastructures. The Summit will include two days of in-depth presentations from leading automotive industry cybersecurity experts, seasoned practitioners, industry consortia, policymakers and innovative product and system designers. Participate in hands-on demos, learning exercises and networking opportunities. About Kai Thomsen: Kai is the DFIR lead at Audi and teaches SANS ICS515: ICS Active Defense and Incident Response. After 14+ years in engineering, profound changes in the automotive industry moved him to Audi where he designs and runs Red Team exercises that integrate IT, business, and physical aspects in addition to his roles as a DFIR lead. Kai Thomsen is the co-chair of the SANS Automotive Cybersecurity Summit 2018. View the agenda here: http://bit.ly/2BMp3Ry
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from SANS Institute · SANS Institute · 36 of 60

1 SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS Institute
2 SANS Institute Cybersecurity Training Customer Stories
SANS Institute Cybersecurity Training Customer Stories
SANS Institute
3 SANS Institute UK Cyber Academy
SANS Institute UK Cyber Academy
SANS Institute
4 SANS Institute UK Cyber Academy
SANS Institute UK Cyber Academy
SANS Institute
5 CISSP® Prep Exam, MGT414, by SANS Institute
CISSP® Prep Exam, MGT414, by SANS Institute
SANS Institute
6 SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute
7 Information Security Training from SANS Institute - Student Testimonials
Information Security Training from SANS Institute - Student Testimonials
SANS Institute
8 SANS NetWars
SANS NetWars
SANS Institute
9 SANS DFIR NetWars
SANS DFIR NetWars
SANS Institute
10 Hack The Drone - SANS Cyber Academy UK
Hack The Drone - SANS Cyber Academy UK
SANS Institute
11 SANS VetSuccess Immersion Academy
SANS VetSuccess Immersion Academy
SANS Institute
12 SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Institute
13 The 2015 SANS Holiday Hack Challenge
The 2015 SANS Holiday Hack Challenge
SANS Institute
14 SANS VetSuccess Academy: Hands-on Skills
SANS VetSuccess Academy: Hands-on Skills
SANS Institute
15 SANS VetSuccess Academy Overview
SANS VetSuccess Academy Overview
SANS Institute
16 SANS ICS Security Summit & Training 2017
SANS ICS Security Summit & Training 2017
SANS Institute
17 Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
SANS Institute
18 WannaCry recap, patches, and analysis
WannaCry recap, patches, and analysis
SANS Institute
19 If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
SANS Institute
20 Graduation Day - SANS HM Gov Cyber Retraining Academy
Graduation Day - SANS HM Gov Cyber Retraining Academy
SANS Institute
21 Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
SANS Institute
22 SANS Data Breach Summit & Training 2017
SANS Data Breach Summit & Training 2017
SANS Institute
23 SANS Secure DevOps Summit & Training 2017
SANS Secure DevOps Summit & Training 2017
SANS Institute
24 How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
SANS Institute
25 SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Institute
26 SANS Cybersecurity Programs for the Department of Defense
SANS Cybersecurity Programs for the Department of Defense
SANS Institute
27 SANS Pen Test HackFest Summit & Training 2017
SANS Pen Test HackFest Summit & Training 2017
SANS Institute
28 SANS SIEM & Tactical Analytics Summit & Training
SANS SIEM & Tactical Analytics Summit & Training
SANS Institute
29 If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
SANS Institute
30 SANS Institute
SANS Institute
SANS Institute
31 ICS515: ICS Active Defense and Incident Response
ICS515: ICS Active Defense and Incident Response
SANS Institute
32 SANS Institute
SANS Institute
SANS Institute
33 Introducing the NEW SANS Pen Test Poster
Introducing the NEW SANS Pen Test Poster
SANS Institute
34 SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute
35 SANS ICS Security Training, Munich, Germany
SANS ICS Security Training, Munich, Germany
SANS Institute
SANS Automotive Summit Webcast
SANS Automotive Summit Webcast
SANS Institute
37 Privesc Playground - SANS Pen Test HackFest Summit 2017
Privesc Playground - SANS Pen Test HackFest Summit 2017
SANS Institute
38 Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
SANS Institute
39 Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
SANS Institute
40 SANS Security Operations Summit & Training 2018
SANS Security Operations Summit & Training 2018
SANS Institute
41 Sh*t Happens!  (But You Still Need to Drink the Water) – SANS ICS Summit 2018
Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018
SANS Institute
42 ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
SANS Institute
43 You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
SANS Institute
44 A Sneak Peak at the New ICS410
A Sneak Peak at the New ICS410
SANS Institute
45 Jumping Air Gaps – SANS ICS Summit 2018
Jumping Air Gaps – SANS ICS Summit 2018
SANS Institute
46 Introduction to Linux
Introduction to Linux
SANS Institute
47 Introduction to Malware Analysis
Introduction to Malware Analysis
SANS Institute
48 You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
SANS Institute
49 Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
SANS Institute
50 Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
SANS Institute
51 Apples and Oranges?:  A CompariSIEM – SANS Security Operations Summit 2018
Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018
SANS Institute
52 SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Institute
53 SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Institute
54 The Science of Security: The Psychological Impacts of Security Awareness Programs
The Science of Security: The Psychological Impacts of Security Awareness Programs
SANS Institute
55 How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
SANS Institute
56 Practical Advice for Submitting to Speak at a Cybersecurity Conference
Practical Advice for Submitting to Speak at a Cybersecurity Conference
SANS Institute
57 SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Institute
58 SANS Webcast - Zero Trust Architecture
SANS Webcast - Zero Trust Architecture
SANS Institute
59 SANS STX Cyber Range
SANS STX Cyber Range
SANS Institute
60 Part 1 – SANS Institute and Tenable talk about cloud security
Part 1 – SANS Institute and Tenable talk about cloud security
SANS Institute

Related Reads

Up next
Surfshark Review — The Honest Pros, Cons and Final Verdict (2026)
Tutorial Stack
Watch →