Vehicle (IDS) Intrusion Detection System Manager – PlaxidityX Ep 14

00:00:00:11 - 00:00:03:14 Welcome to cars, hackers and cybersecurity. 00:00:04:03 - 00:00:07:03 Here we break down the latest in automotive cybersecurity, 00:00:07:03 - 00:00:10:17 helping you stay ahead in building secure connected vehicles. 00:00:13:03 - 00:00:17:09 Hi. Today we will discuss how intrusion detection systems managers 00:00:17:09 - 00:00:43:04 address growing regulatory and cybersecurity challenges in modern vehicles. As our vehicles evolve into connected, software driven machines, they are increasingly exposed to cyber threats. In light of new automotive cybersecurity regulations, ensuring the safety, security and data privacy of software defined vehicles and their embedded components has become a must have requirement for OEMs and suppliers alike. 00:00:43:06 - 00:01:03:16 Unknown A common way to protect vehicles from cyber attacks is to embed intrusion detection and prevention systems in ECUs, which include sensors that detect security events. The potentially large volume of such events can impact the limited local memory of vehicle ECUs, as well as the connected bandwidth to send such events to the cloud for further investigation. 00:01:04:01 - 00:01:12:18 Another challenge is that X generate security events in different formats depending on the OS. For example auto SA, Linux, etc. 00:01:13:02 - 00:01:20:17 the lack of a common standard for security events makes it difficult to effectively monitor and identify potential breaches 00:01:20:17 - 00:01:22:13 From a centralized vehicle. SoC 00:01:22:13 - 00:01:24:05 or V SoC for short. 00:01:24:11 - 00:01:37:04 We will explain the need for a cross-platform standard for intrusion detection system management, and we present a new approach for integrating and streamlining security, event tracking and management across auto, SAR, and Linux based ECUs. 00:01:38:09 - 00:02:07:09 Regulations mandate tracking of in-vehicle security events. Emerging regulations require OEMs to track vehicles throughout their lifespan for vulnerabilities and cyber risk. UNR 155 already in effect for new vehicle types, mandates that OEMs implement a cybersecurity management system and include the capability to analyze and detect cyber threats, vulnerabilities, and cyber attacks from vehicle data and vehicle logs. Quoting UNR 155. 00:02:07:11 - 00:02:21:02 Thus, in order to detect and subsequently investigate attempted or successful cyber attacks as stipulated in UNR, 155 OEMs need access to the massive volumes of security event data generated by vehicle components, 00:02:21:17 - 00:02:24:10 vehicles, security, event management challenges. 00:02:24:20 - 00:02:35:05 Meeting these security tracking requirements is no easy task, as OEMs need to monitor fleets comprising up to millions of cars for potentially harmful security events. 00:02:35:07 - 00:02:57:04 Each vehicle generates a large number of local events on a regular basis, many of which are routine or insignificant and don't qualify as security events. But why are data volumes a problem? How difficult would it be to store all events in the ECS local storage and periodically upload them to an OEM cloud? There are two major limitations to this approach. 00:02:57:06 - 00:03:24:12 Storage and cost. ECUs typically have limited storage capacity and are not equipped to store the massive amounts of security events gathered on a daily basis. In addition, sending events to the cloud is expensive due to both over the air bandwidth costs and cloud storage costs, which are a direct function of data volumes. As mentioned, many events have little or no security value, and those events that are relevant are buried under mountains of data. 00:03:24:14 - 00:03:36:09 Analyzing unqualified events is inefficient and time consuming, so OEMs need a way to determine whether or not an event has security value before sending it to a back end system for investigation. 00:03:36:19 - 00:03:41:14 What is an intrusion detection system manager or IDs? SM. 00:03:41:14 - 00:03:51:00 Back in 2020, auto SA introduced an IDs automotive architecture, including the concept of an ITSM to address the above challenges. 00:03:51:00 - 00:03:54:15 ITSM creates a unified event format for Auto Syracuse. 00:03:54:15 - 00:03:59:08 collects onboard security events, and uses specified criteria to filter them. 00:03:59:08 - 00:04:18:19 The IDs SMS primary goal is to provide centralized management and control of multiple security events, while filtering out the vast majority of non relevant events. For example, maintenance related locally within the vehicle, ITSM has become an essential component to effectively monitor today's connected vehicle fleets. 00:04:18:21 - 00:04:35:11 It enables OEMs to track the fleets cybersecurity posture and detect cyber risks by focusing only on relevant security events. In this way, ITSM cuts OTA bandwidth and cloud storage costs while facilitating the V SoC integration effort. 00:04:35:20 - 00:04:54:17 IDs architecture needs to span across auto SA and Linux ECUs. ITSM was a huge step forward, but it only solves part of the problem. This is because DSM industry standards today focus solely on auto SA ECUs. Both auto SA Classic and Auto SA adaptive. 00:04:54:17 - 00:05:12:19 But what about other types of ECS? Today, a typical vehicle network includes a combination of auto SA, ECUs and Linux based ECUs, which are becoming ever more prevalent to meet the throughput needs of data intensive applications such as infotainment systems or telemetry ECUs. 00:05:12:21 - 00:05:22:17 Unknown The lack of ITSM standardization across platforms means that Linux ECU manufacturers need to build a proprietary security event management system. 00:05:22:17 - 00:05:27:08 Since auto, SAR, and Linux based ECUs generate security events in different formats. 00:05:27:08 - 00:05:32:15 a major integration effort is required on the back end in the OEM v SoC 00:05:32:15 - 00:05:36:08 To consolidate events from auto SA and Linux ECUs. 00:05:36:08 - 00:05:41:09 From a business standpoint, these efforts result in longer time to market for vehicle delivery. 00:05:42:01 - 00:05:45:02 Why Plex Cityty IDs, SM for Linux, 00:05:45:14 - 00:05:50:02 Posix based OS platforms, for example, automotive grade Linux 00:05:50:06 - 00:06:13:08 are growing in popularity with in-vehicle ECUs such as infotainment systems and telematic ECUs, increasing the need for standard IDs. SM to address this gap, the industry needs a cross-platform, for example auto SA, Linux, Android and others standard that supports the aggregation and analysis of events generated by different ECUs from different manufacturers. 00:06:13:10 - 00:06:41:22 Plac city X recognized this need and developed a breakthrough solution that extends and adapts the DSM auto SAR standard for Linux based ECUs. Our award winning IDE, DSM for Linux Solution, manages and coordinates security events from multiple intrusion detection system sensors deployed on the Linux platform. ECU. It efficiently collects security events or CV, and uses predefined rules and logic to identify qualified security events 00:06:41:22 - 00:06:47:20 Or Q sheaves can then be persisted locally in the ICU memory. 00:06:47:20 - 00:06:53:03 or sent to a cloud V SoC via an Intrusion Detection System reporter module. 00:06:53:03 - 00:06:58:06 By extending auto source specifications and capabilities to also cover Linux based devices. 00:06:58:06 - 00:07:06:13 Placidity ICS ITSM allows for streamlined and efficient monitoring of in-vehicle network traffic and potential security breaches. 00:07:07:03 - 00:07:10:00 Benefits for OEMs and tier one suppliers. 00:07:10:10 - 00:07:17:00 The first solution of its kind, our IDs SME for Linux solution, allows for seamless integration of security events 00:07:17:03 - 00:07:19:08 From auto SA and Linux ECUs. 00:07:19:10 - 00:07:39:00 offering OEMs and tier ones key commercial benefits. Meet USAR 155 regulatory requirements logging in vehicle security events and allowing for them to be effectively sent to the cloud. Simplifying and streamlining the SoC. Integration with standard security event formats across ECU platforms. 00:07:39:02 - 00:08:11:13 Lower development costs of Linux based in-vehicle software IDs. SEM for Linux is a ready made module that can be seamlessly integrated in any Linux based ECU. Faster time to market for new software defined vehicles compatible with Classic and Adaptive Auto SAR, the solution publishes similar APIs and performs qualification mechanisms according to domain accepted standards. For more information about the Plac acidity DSM for Linux solution, check out our host IDPs product page. 00:08:13:08 - 00:08:19:06 That's all for today's episode. Keep your engines running smooth and your cyber defense is sharp. 00:08:19:06 - 00:08:23:18 Stay connected by subscribing and visiting placidityX.Com. 00:08:23:19 - 00:08:27:19 Until next time, stay safe on the road and in the cloud.