ATHENA: ADVANCE THREAT KNOWLEDGE-BASE FOR NETWORKED AUTOMOTIVES

Title:
ATHENA: ADVANCE THREAT KNOWLEDGE-BASE FOR NETWORKED AUTOMOTIVES

The ISO/SAE 21434 standard plays a critical role in ensuring cybersecurity in automotive, considering the increasing complexities and vulnerabilities associated with connected systems in vehicles. However, challenges arise during the compliance of this standard, particularly the information gaps between each phase (Concept & Design Phase, Implementation Phase, and Verification & Validation Phase) in the V-model of ISO/SAE 21434. Addressing these inconsistencies is crucial to achieving robust and cohesive cybersecurity within the automotive industry.

In this presentation, we will share our methodology for utilizing our attack knowledge base for automotive, ATHENA(Advanced THreat knowlEdge-base for Networked Automotive), which draws inspiration from and aligns with the ATT&CK framework, to overcome the challenges and ensure compliance with the standard. We will explore the specific challenges faced and highlight the significance of integrating the ATHENA. This includes obtaining a comprehensive and objective result when implementing Threat Analysis and Risk Assessment (TARA) and bridging the information gap throughout the entire lifecycle, enabling the red team validation program to incorporate information from previous phases.

A detailed case study exemplifying the encountered issues and the efficacy of our proposed methodology is presented, contributing to a comprehensive understanding of our approach. This methodology improves information consistency throughout the V-model lifecycle, thereby enhancing the effectiveness of compliance and boosting the resilience of automotive systems against cyber threats.”

SPEAKER:

Tien-Chih Lin
Research Team Lead
CyCraft Technology

Tien-Chih Lin, commonly known as Dange Lin, is a research team lead at CyCraft Technology. His focus areas include vehicle security, cloud security, machine learning, and zero trust. In addition to being proficient in attack techniques, he is also familiar with cybersecurity management strategies and holds a CACSP certification. He has spoken at various conferences, including Black Hat Europe Arsenal, HITCON CMT/ENT, USENIX Security Posters, CYBERSEC, MOPCON, and ECCWS. Additionally, he has served as an instructor at public training sessions such as AIS3, HITCON Training, NICS and is one of the designers of the well-known cybersecurity educational board game “CYBERCANs.”