Search Results

Addressing the challenges will require stronger collaboration within and outside the automotive ecosystem.

The 2022 COMVEC™ technical program focused on the commercial vehicle industry's crucial topics such as electrification, connectivity, off-highway, cybersecurity, autonomous and more!

The 2022 COMVEC™ technical program focused on the commercial vehicle industry's crucial topics such as electrification, connectivity, off-highway, cybersecurity, autonomous and more!

The 2022 COMVEC™ technical program focused on the commercial vehicle industry's crucial topics such as electrification, connectivity, off-highway, cybersecurity, autonomous and more!

With all that is involved in starting a new business, cybersecurity can easily be overlooked but no one can afford to put it on the back burner. Cybersecurity for Entrepreneurs is the perfect book for anyone considering a new business venture. ...Written by cybersecurity experts from industry and academia, this book serves as an all-inclusive reference to build a baseline of cybersecurity knowledge for every small business. ...Written by cybersecurity experts from industry and academia, this book serves as an all-inclusive reference to build a baseline of cybersecurity knowledge for every small business. Authors Gloria D’Anna and Zachary A. Collier bring a fresh approach to cybersecurity using a conversational tone and a friendly character, Peter the Salesman, who stumbles into all the situations that this book teaches readers to avoid.

Strategies designed to deal with these challenges differ in the way in which added duties are assigned and cybersecurity topics are integrated into the already existing process steps. Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. ...Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. A cybersecurity development approach is frequently perceived as introducing impediments, that bear the risk of cybersecurity measures receiving a lower priority to reduce inconvenience. ...For an established development process and a team accustomed to this process, adding cybersecurity features to the product initially means inconvenience and reduced productivity without perceivable benefits.

Day by day, airports adopt more IoT devices. However, airports are not exempt from possible failures due to malware’s proliferation that can abuse vulnerabilities. Computer criminals can access, corrupt, and extract information from individuals or companies. This paper explains the development of a propagation model, which started with a Delphi process. We discuss the preliminary implications for airports of the simulation model built from the Delphi recommendations.

Supply chains, now being targeted as a pathway to the vital core of organizations around the world, have become a vital part of the industry’s cybersecurity strategy, says Kirsten Koepsel, author of SAE International’s latest book, The Aerospace Supply Chain and Cyber Security – Challenges Ahead, now available.

Special guest Kirsten Koepsel, lawyer and engineer specializing in cyber security, talks with SAE International about how this new environment affects the planes and airports we use every day.

SAE International’s two-day course, DO-326A and ED-202A: An Introduction to the New and Mandatory Aviation Cyber-Security Essentials, introduces attendees to industry best practices for real-world aviation cybersecurity risk assessment, development, assurance. ...SAE International’s two-day course, DO-326A and ED-202A: An Introduction to the New and Mandatory Aviation Cyber-Security Essentials, introduces attendees to industry best practices for real-world aviation cybersecurity risk assessment, development, assurance.

Argus, a global leader in automotive cybersecurity, has upgraded its stand-alone Fleet Protection backend platform and is now providing continuous live monitoring of both automotive and commercial aircraft fleets.

Baking in protection With vehicles joining the Internet of Things, connectivity is making cybersecurity a must-have obligation for automotive engineers, from initial designs through end-of-life.

COMVEC™ conference is the only North American event that addresses vehicles and equipment spanning on-highway, off-highway, agricultural, construction, industrial, military, and mining sectors.

Join other young professionals in the mobility industry at the COMVEC™ meeting.

Here’s a unique and practical book that addresses the rapidly growing problem of information security, privacy, and secrecy threats and vulnerabilities. This authoritative resource helps you understand what really needs to be done to protect sensitive data and systems and how to comply with the burgeoning roster of data protection laws and regulations. The book examines the effectiveness and weaknesses of current approaches and guides you towards practical methods and doable processes that can bring about real improvement in the overall security environment. You gain insight into the latest security and privacy trends, learn how to determine and mitigate risks, and discover the specific dangers and responses regarding the most critical sectors of a modern economy.

This document defines a standard implementation for strong client authentication and encryption of Wi-Fi-based client connections to onboard Wireless LAN (WLAN) networks. WLAN networks may consist of multi-purpose inflight entertainment system networks operating in the Passenger Information and Entertainment System (PIES) domain, dedicated aircraft cabin wireless networks or localized Aircraft Integrated Data (AID) devices operating in the Aircraft Information Services (AIS) domain. The purpose of this document is to focus on the client devices requiring connections to these networks such as electronic flight bags, flight attendant mobile devices, onboard Internet of Things (IoT) devices, AID devices (acting as clients) and mobile maintenance devices. Passenger devices are not within the focus of this document.

Abstract Connected vehicle technology consisting of Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) communication falls under the umbrella of V2X, or Vehicle-to-Everything, communication. This enables vehicles and infrastructure to exchange safety-related information to enable smarter, safer roads. If driver alerts are raised or automated action is taken as a result of these messages, it is critical that messages are trustworthy and reliable. To this end, the Security Credential Management System (SCMS) and Cooperative Intelligent Transportation Systems (C-ITS) Credential Management System (CCMS) have been proposed to enable authentication and authorization of V2X messages without compromising individual user privacy. This is accomplished by issuing each vehicle a large set of “pseudonyms,” unrelated to any real-world identity. During operation, the vehicle periodically switches pseudonyms, thereby changing its identity to others in the network.

This SAE Aerospace Recommended Practice (ARP) provides insights on how to perform a Cost Benefit Analysis (CBA) to determine the Return on Investment (ROI) that would result from implementing a blockchain solution to a new or an existing business process. The word “blockchain” refers to a method of documenting when data transactions occur using a distributed ledger with desired immutable qualities. The scope of the current document is on enterprise blockchain which gives the benefit of standardized cryptography, legal enforceability and regulatory compliance. The document analyzes the complexity involved with this technology, lists some of the different approaches that can be used for conducting a CBA, and differentiates its analysis depending on whether the application uses a public or a private distributed network.

Access mechanisms to system data and/or control is a primary use case of the hardware protected security environment (hardware protected security environment) during different uses and stages of the system. The hardware protected security environment acts as a gatekeeper for these use cases and not necessarily as the executor of the function. This section is a generalization of such use cases in an attempt to extract common requirements for the hardware protected security environment that enable it to be a gatekeeper. Examples are: Creating a new key fob Re-flashing ECU firmware Reading/exporting PII out of the ECU Using a subscription-based feature Performing some service on an ECU Transferring ownership of the vehicle Some of these examples are discussed later in this section and some have detailed sections of their own. This list is by no means comprehensive.

Abstract This work introduces the concept of a dual-layer specification structure for standards that separate interoperability functions, such as backward compatibility, localization, and deployment, from those essential to reliability, security, and functionality. The latter group of features, which constitute the actual standard, make up the baseline layer for instructions, while all the elements required for interoperability are specified in a second layer, known as a Protocols, Operations, Usage, and Formats (POUF) document. We applied this technique in the development of a standard for Uptane [1], a security framework for over-the-air (OTA) software updates used in many automobiles. This standard is a good candidate for a dual-layer specification because it requires communication between entities, but does not require a specific format for this communication.