Uptane marks a pair of firsts

2021-09-07 · Posted by: Lois Anne DeLong · Categories: Uptane · Comments

The summer of 2021 was anything but slow for the Uptane project. It not only issued its second minor version of the Uptane Standard for Design and Implementation, but also published its first whitepaper and announced its first international virtual workshop.

The whitepaper, entitled Uptane: Securing delivery of software updates for ground vehicles starts with an explanation of the growing vulnerability of the computing units in cars and why security strategies developed for conventional systems may not be able to defend them. It urges manufacturers to take a realistic approach to cybersecurity, one that recognizes that it’s not a question of if an attack may occur but when. This mindset is the governing idea behind compromise resilience, a defensive strategy that aims to minimize the damage should an attack occur. As the whitepaper emphasizes, a design built for compromise resilience—an element that sets Uptane apart from most other automotive cybersecurity systems— will not disintegrate if a hacker obtains control of a repository or a signing key. In addition, compromise resilient systems like Uptane have built-in mechanisms to make a quicker recovery from such attacks.

To ensure that Uptane is also on the industry’s radar on a global level, the group is partnering with escar Europe, the world’s leading automotive cyber security conference, to offer its first international virtual workshop. The free workshop, which will be held online from 1 p.m.to 4:30 p.m. in Germany (7 a.m. to 10:30 a.m New York time, 8:00 p.m. to 11:30 Tokyo time). Note that you can register for the free workshop even if you are not attending the escar conference in November. One registration entitles you to attend both sessions.

The workshop is offered in two parts.

Part 1, hosted by Ira McDonald of High North, Inc. and Marina Moore of NYUs Tandon School of Engineering, presents an overview of Uptane’s design and the threats it is equipped to defend against. It also explains how its emphasis on compromise-resilience—or the ability to limit the damage from any potential compromise—makes it a realistic solution at a time when the rise of organized criminal enterprises and nation state attackers has greatly increased the potential consequences of such attacks, in terms of both economic and human costs.

Part 2, hosted by André Weimerskirch of Lear Corporation, and Patti Vacek of unu Motors, is designed for those who may already have some familiarity with Uptane and are interested in learning more from companies and organizations that have implemented the framework. The presentation will focus on examples/case studies, as well as recent or emerging challenges, such as supply chain security for automotive software updates, that the framework is adapting to meet.

Registration is open now through escar Europe. Details on how to access the workshop will be provided a bit later in the month.