SAE CyberAuto Challenge™

July 22-27, 2018

Detroit, Michigan, USA

Learning goes both ways at SAE Battelle CyberAuto Challenge

The SAE Battelle CyberAuto Challenge successfully hosted 34 students for a five-day long program highlighted by a 24-hour hack-a-thon on Aug. 6-11, 2017, at Macomb Community College in Warren, MI. Now in its sixth year, the CyberAuto Challenge is a groundbreaking event in automotive cybersecurity that has been cited by the National Highway Traffic Safety Administration as a positive example of educational competitions that include cybersecurity elements.

The CyberAuto Challenge brought together teams comprised of students, industry, and cyber professionals worked on real cars to find solutions to real challenges regarding cybersecurity for automobiles providing industry professionals fresh perspectives while forging the next generation of cyber-auto engineers. Students participated in a series of instructor-led, practical learning sessions and discussions along with hands-on work and a special networking event with leading cybersecurity experts.

The Challenge fostered collaboration and creativity amongst different cross-sectors of the automotive and cybersecurity industries while identifying automotive cybersecurity trends and developing talent in a new technical discipline in a high-tech industry.

High school and college students went through an application process requiring nomination submissions and preparatory educational screening sessions online to be eligible to participate. Screening sessions included subjects such as cryptography, automotive communications protocols, and programming basics. The top-scoring applicants were then selected to participate.

Adam Moskey, a Ph.D. student at George Mason University in the Department of Mathematical Sciences, was one of those student participants. He found the networking aspect of the Challenge to be invaluable. "There were ample occasions to meet with industry leaders, government officials, and security researchers," he said. "The individual conversations that I had with them allowed me to gain valuable insight into the current state of automotive cybersecurity. After the CyberAuto Challenge, I have been in contact with a number of professionals who have offered guidance and mentorship as I seek to pursue a career in the automotive industry. Either through legal, policy, governmental, industrial, or academics, I have greatly benefited from each conversation."

The main lesson learned, Moseky reported, is that "the automotive industry is taking cybersecurity seriously. Whereas in the past, it was ‘security by obscurity.’ The [event] demonstrates the commitment that is necessary to ensure the safety, privacy, and security as automotive manufactures produce the next generation of connected vehicles. Personally, I now view vehicles through the eyes of a security researcher and penetration tester. In fact, the CyberAuto Challenge has made me keenly aware of the attack surface on my own car and, consequently, the potential vulnerabilities that could be exploited."

The CyberAuto Challenge is free for selected students to attend, but only through the support of sponsors. 2017 sponsors included Ford, General Motors, Mitsubishi Motors, Argus, Auto Alliance, Cloakware, Delphi, DENSO Corporation, DG Technologies, ESG Automotive, FusionX, IntrepidCS, Lear Corporation, Planet M, ZF Friedrichshafen AG, Fiat Chrysler Automobiles, Marcomb Community College, Michigan Cyber Range, Square One Education Network, and Wayne State University. GM has been involved with this event since its first year, 2012, with its participation and sponsorship levels increasing year over year. For the past two years, it has been an OEM sponsor providing a learning platform, instructors, and red team participants.

"This event provides significant value to GM in several ways," said Kevin Baltes, CISSP, Director & CISO - Product Cybersecurity, GM "First, it’s a great way to demonstrate our leadership and commitment to customer safety. Cybersecurity is an automotive industry challenge, and GM takes it very seriously. We’ve devoted a large global organization to address it. Second, we get to work side-by-side with some of the sharpest high school and college students who provide an inquisitive outside view on matters. So the learning goes both ways."

"It’s no secret that finding qualified engineers that want to work in the automotive industry in the Midwest is a challenge," Baltes continued. "We hope to forge relationships with the student participants and have it lead to future employment at GM."

Dave Connett and Justin Montalbano of Delph taught the "Attacking Wireless Interfaces" class to the students of the challenge. Delphi also had engineers on teams supporting the students. "Our motivation for participating in this event is multifaceted," said Montalbano. "We see it as a great opportunity for recruiting purposes—a chance to show Delphi as a leader in cybersecurity and a forum to educate the future workforce on the importance of cybersecurity in general."

Delphi expects recruiting opportunities, new business contact opportunities and raised awareness on what’s new in cybersecurity, said Montalbano. "We consider the event very successful."

Looking back at his CyberAuto Challenge participation, Moskey said "It was a privilege to have the guidance and experience from OEM and supplier engineers, government representatives, STEM educators, and security researchers. In addition to the hands-on experience for the students, we were able to network with professionals and experts in their specialized fields. The conversations proved to be insightful. We conversed about their personal experiences in automotive cybersecurity, as well as the prospects and trends for up-and-coming workforce needs; this included how we can be more involved and what types of skills are necessary to become an automotive cybersecurity specialist."

The CyberAuto Challenge was, to put it simply, some of the most fun I have ever had," Moskey said.

For information on sponsorship opportunities for the 2018 event, please contact Linda Wagner at 724-772-4062 or linda.wagner@sae.org.

By Patrick Ponticel, Update editor