Industrial Talk is onsite at IoT Solutions World Congress and talking to Giuseppe Serio, Vice President at Upstream Security about "Active cybersecurity visibility into your connected assets!".
Scott MacKenzie and Giuseppe from Upstream Security discussed the critical importance of cybersecurity in the rapidly evolving field of autonomous vehicles. Giuseppe highlighted that modern vehicles, with up to 100 million lines of code, are incredibly complex and vulnerable to cyber attacks. He emphasized the need for proactive measures, such as secure-by-design principles, continuous monitoring, and resilient systems. Giuseppe also stressed the importance of education and awareness among consumers and professionals. The conversation underscored the necessity of integrating cybersecurity from the outset of connected technologies to ensure safety and security.
Action Items
[ ] Connect with Giuseppe Serio on LinkedIn to further discuss cybersecurity in the automotive and IoT industries.
[ ] Explore the services and solutions offered by Upstream.auto to address cybersecurity challenges.
Outline
Welcome and Introduction to Industrial Talk Podcast
Scott MacKenzie and the Industrial Talk Podcast, emphasizing its focus on industry professionals and innovations.
Scott MacKenzie thanks listeners and highlights the importance of industrial professionals in solving global problems.
The podcast is being recorded at the IoT Solutions World Congress in Barcelona, Spain, with a strong recommendation for attendees to mark their calendars for the next event.
Scott MacKenzie introduces Giuseppe from Upstream Security, focusing on cybersecurity in the automotive industry.
Giuseppe's Background and Role in Cybersecurity
Giuseppe introduces himself, mentioning his work with Upstream Security in Frankfurt, Germany, and their focus on making mobility safe and secure.
Giuseppe explains his 20-year background in the automotive industry, including roles at IBM and consulting.
The conversation shifts to the complexity of modern vehicles, with up to 100 million lines of code, compared to the 2 million lines in an F-15 fighter jet.
Giuseppe emphasizes the importance of cybersecurity in the context of autonomous vehicles, given their increasing complexity and potential vulnerabilities.
The Necessity of Cybersecurity in Autonomous Vehicles
Scott MacKenzie and Giuseppe discuss the sophistication of autonomous vehicles and the need for robust cybersecurity measures.
Giuseppe highlights the potential risks associated with cyber attacks on autonomous vehicles, including the possibility of causing widespread congestion or harm.
The conversation touches on the importance of continuous monitoring and understanding of cyber threats to ensure vehicle safety.
Giuseppe mentions the regulatory changes in 2022 and 2024, requiring compliance and risk management in the automotive industry.
Approaches to Cybersecurity in the Automotive Industry
Giuseppe outlines the steps for building resiliency against cyber attacks, including raising the bar, building secure by design, and constant monitoring.
The discussion includes the importance of understanding and addressing anomalies, as sophisticated cyber attacks can be difficult to distinguish from normal vehicle behavior.
Giuseppe provides examples of how cyber attacks can manifest in real-world scenarios, such as remote car control and the potential for misuse.
The conversation emphasizes the need for a proactive approach to cybersecurity, with regular training and preparedness for potential attacks.
The Role of Digital Twins in Cybersecurity
Scott MacKenzie and Giuseppe discuss the use of digital twins to simulate and test potential cyber attacks on autonomous vehicles.
Giuseppe explains how Upstream Security provides stateful digital twins to understand vehicle behavior and perform forensic investigations.
The conversation highlights the importance of fixing the root cause of problems rather than just addressing symptoms.
Giuseppe shares an example of how safety and security measures in vehicles can have unintended cybersecurity implications, such as the consolidation of functions in the head unit.
The Importance of Cybersecurity in Connected Assets
Scott MacKenzie and Giuseppe agree that cybersecurity must be a priority from the design phase of connected assets, not an afterthought.
The conversation emphasizes the interconnectedness of cybersecurity and digital connectivity, with cybersecurity being essential for successful IoT implementation.
Giuseppe compares the current state of cybersecurity in the automotive industry to the early days of space exploration, acknowledging the challenges and the need for continuous improvement.
The discussion concludes with a call to awareness and preparedness for cybersecurity risks, encouraging listeners to stay informed and proactive.
Closing Remarks and Contact Information
Scott MacKenzie thanks Giuseppe for the insightful conversation and provides contact information for listeners to connect with him.
The podcast reiterates the importance of cybersecurity in the context of connected assets and encourages listeners to reach out to Giuseppe for further discussions.
Scott MacKenzie promotes the IoT Solutions World Congress as a must-attend event for industry professionals.
The podcast wraps up with a reminder to stay tuned for future conversations and to continue supporting the Industrial Talk Podcast.
Finally, get your exclusive free access to the Industrial Academy and a series on “Why You Need To Podcast” for Greater Success in 2023. All links designed for keeping you current in this rapidly changing Industrial Market. Learn! Grow! Enjoy!
Industrial Academy (One Month Free Access And One Free License For Future Industrial Leader):
Business Beatitude the Book
Do you desire a more joy-filled, deeply-enduring sense of accomplishment and success? Live your business the way you want to live with the BUSINESS BEATITUDES...The Bridge connecting sacrifice to success. YOU NEED THE BUSINESS BEATITUDES!
TAP INTO YOUR INDUSTRIAL SOUL, RESERVE YOUR COPY NOW! BE BOLD. BE BRAVE. DARE GREATLY AND CHANGE THE WORLD. GET THE BUSINESS BEATITUDES!
Welcome to the Industrial Talk Podcast with Scott. MacKenzie. Scott is a passionate industry professional dedicated to transferring cutting edge industry focused innovations and trends while highlighting the men and women who keep the world moving. So put on your hard hat, grab your work boots, and let's go all right. Thank you very
00:22
much for joining Industrial Talk and thank you for your continued support of this platform. This platform is dedicated to you, industrial professionals all around the world. You are bold, brave, you dare greatly, you innovate. You're solving problems, you're making the world a better place. That's why Industrial Talk is celebrating you. Thank you very much for joining and again, thank you for your continued support. We are at IoT solutions, World Congress right now, broadcasting on site Barcelona, Spain, and it is a wonderful event. This event needs to be put on your calendar. It is a must attend event. So if you're not here at 24 put it in 25 make that a priority. Put it in your budget. Make it happen. You will not be disappointed you get to meet people like Giuseppe, Upstream, auto. Upstream, dot auto. Let me get that correct. Is the organization we're going to be talking about cybersecurity and the importance of cybersecurity. Yeah, you're saying to yourself, Scott, I understand. No, you don't understand. You need more information around cybersecurity. Let's get cracking. All right, Giuseppe, thank you for your flexibility. From last night. We were supposed to have this conversation last night, but Giuseppe said, Scott, I understand you're busy, and I'm flexible and I'll come back tomorrow.
01:36
Absolutely, you're awesome. I'm really excited to be here today with you. Yeah,
01:41
I was excited too. I said, All right, man, he's on my calendar, and I'm going, Oh yeah, I want to talk. I'm looking forward to this conversation in a big way. You having a good conference,
01:51
very good conference. So it's the first time for me here at the IoT solution world. I enjoyed it because I think this is a great place to be if you are in the IoT and cybersecurity space, as I do
02:06
see, I like the fact that it's it's the two. It's like there is a real connection between that connectivity, that digital connectivity, that that IoT space and cyber. I don't think the two conversations can be sort of had in a vacuum. I think you need to be able to have both conversations to be truly to ensure proper connectivity.
02:30
Couldn't agree more, that is exactly why I choose to be here, because it's both one coin, and you have two sides. One is the enabling technology, and the other is, hey, that is kind of risky place to be because it's operated by the Internet. We know it's one, if not, the most insecure place that we do things with, and therefore security needs to be a top priority. And
02:55
well, we're not going to get into it before we get into that conversation. Just just give us a little background on who you are.
03:02
Yeah, sure. So my name is Giuseppe Serio. I'm based Frankfurt in Germany. I work for a company. His name is Upstream Security. We are passionate about making mobility safe and secure, and what that means we look at everything that is connected, predominantly automotive transportation at large, and try to make companies more resilient against cyber attacks. So I spent, like the last 20 years in the automotive industry, of background, working with big blue IBM, also coming from the consulting side, strategy consulting, and now I help clients to make themselves more resilient against cyber
03:48
attacks. I like it. I think you brought up something that was really that piqued my. My interest was the the autonomous car, the vehicle. Autonomous vehicle is the most sophisticated IoT device out there. Is that? Is that an accurate description? Because there's IoT devices, but as I want my car absolutely,
04:11
absolutely Now, here's the thing, so today's more sophisticated vehicle, which are not autonomous, they can have up to 100 million lines of code. To give you a perspective, a F 15 fighter jet has 2 million now that tells you something. It's the most complex device that we have built. And therefore, in looking forward, when we talk about autonomous, that 100 million lines of code will be, sooner or later, around 600 million lines of code, and there's inherently vulnerabilities in software, because people suck, we are not good in doing code. As a matter of fact, there will be vulnerabilities, and therefore we need to be very, very careful. Are passionate on one hand, on the other hand side, we're cautious in the evolution of technology that moves people, because it's not a technology that breaks up, it's not the computer that's not working. It's people life that is at stake, and ultimately also critical infrastructure, because imagine you could attack and there's movie out there, like the world is not enough, or something like that, where you direct all the vehicles into congestion, and there you go. So what to do about that?
05:36
The topic of autonomous vehicles have been out for some time now, do you find that there's a greater appreciation or recognition for the necessity to protect these, these complicated, you know, assets, or is that sort of an afterthought? Or do we need to do we need to sort of change our thinking in
06:01
ew regulation that came up in:
07:04
We do. How do you approach that? I don't it seems, well, it seems bigger than a bread box. How do you, I don't know, how do you begin that's,
07:18
yeah, you begin to understand what are the risks? And one thing is to raise the bar. So there's constant effort involved in raising the bar against the bad guys, right? So making it really hard and tough, so building secure by design in is imperative right on top of it, because the nature of cyber attacks is such that you're never secure, or at least the mindset needs to be that no matter how good the protection is today tomorrow, it can be obsolete. So it becomes really important to constantly monitor, understand what's going on, spot, any anomalies that are ongoing, and I say anomalies on purpose, and not cyber because sometimes cyber attacks are so sophisticated that you can't distinguish it. Is it now something that is misbehaving on the vehicle side? Is it something that gives you a trouble code, like a light that pushes up in your car, or is it really a cyber attack that and you understand cyber security only in the context, so there is no 100 security, person security, and it's really hard to upfront say this is cyber and I give you an example. So today, you can do all sorts of thing with application. Now you can open, start the car, start the engine. Now, if I do that in the proximity of the vehicle, that's a legitimate use case. We want this to happen, right? Yeah. But if I do this from being in, I don't know, Australia, maybe I want, I'm a show up, and I want to show those guys hanging out. Hey, look, I have a camera installing my house. I can show you that I can hold the horn. So context is important. Also, it's just one car that is being turned on and off, or is it multiple? So you want to have that visibility. And the hardest thing in cyber security is to make a visit, because the bad guys, obviously, they don't just do the attack by Hey, I launch an attack and it will be successful. The way it works is sometimes it takes years, and they're already in the system, waiting for that moment where they can do harm. I more.
09:43
Every time I have conversations around cybersecurity, I just want to curl up in a ball and like, how do we? Because the reality here using the use case of autonomous vehicles, it's happening. It's going to happen more. It's going to it's going to be the. And ubiquitous, and it's just going to be there. It's just as and I thought your point of our senses will start to just numb a little bit. We don't. We're just not tuned in as much. So we just don't know, how do we how do we create or build security for that resiliency. How do we where do we do I don't
10:27
know. So resiliency, from my perspective, has two sides. One is the companies that are putting out products and services, either there's regulation and there's a ton of regulation in the mobile world, for sure, for obvious reasons, companies need to be proactive. The meaning of it is resiliency. Is a combination of people who understand the problem processes in order to mitigate whenever there is a normally and then how to react to that. And an example I use is, how do you know your fire brigade is good? How do you know when there is a fire they will be doing their job brilliantly? It's because they train it. And what I'm mandating for is that needs rehearsal. It needs to be repetitive, as if a cyber attack has happened, so that one is prepared for when that happens. And the last thing is the technology. So the technology needs to be as sophisticated as the technology that the bad guys are using, because these are not isolated people who are sitting in the background, these are acting like corporations without the boundaries of having to do things legal. That is how you build resiliency. And the other thing is, and this is also something I'm advocating most of the time, the burden of, Hey, make that product and service secure is on the consumer is on the ones who produce it. I'm a big fan of saying, hey, we need literacy. We need education. So the moment I go into my car and there's something that is not normal, I shouldn't click and say, Yes, like we do it with click somewhere, click, click, click, yes, and that's it. We need to have that mindset that everything is potentially an
12:28
issue. Does digital twin, virtual twin, enter into the cut where you're simulating those vehicles, autonomous vehicles, being able to simulate those potential attacks. Yeah, absolutely.
12:42
That's part of the technology that my company provides, a stateful digital twin, which is understanding the context of where and how vehicles behave and operate, and thereby you have the ability to do forensic investigation. The meaning of it is, I have a symptom. Red light flashes up, okay. How do you switch it off? How do you go backwards and understand the source? Because at the end, we want to fix the problem and not the symptom.
13:16
I'm a big fan of that ability to simulate, to be able to sort of test and and, you know, take into consideration maybe some variables that are just a little far fetched, but you need to, you need to know what it is. So how do you consult your client base? How do you, how do you begin them on that journey and saying, this is, this is sort of something that you need to be considering.
13:45
Well, most of the company, for all the companies, as I said, there's regulatory environment where that's new. It's, it's a, yeah, it's somewhat new. But, you know, for automotive in general, safety has been always concerned. So that is something that probably the last 30 years, has been activated in companies to build more and more safe vehicles. Now, security and safety go hand in hand. They cannot be separated. I think the important is to understand and acknowledge that. And I give you also another example on that. Now, for safety reasons, the head unit is now. Everything is software based. It used to be buttons, so you would separate functions. Now, in order to reduce distraction, we have everything in one place. Now, guess what? From a security perspective, that's the Holy Grail, because you have one point of failure. So one point that the attacker can attack, it's not a separate function, and you have just a limited possibility to attack. That's a great example where the mindset needs. A shift where, okay, I do something in favor of safety. What does it mean, actually, for cyber security? Yeah,
15:05
I I just think that it's such an important conversation, not just and it goes beyond the the the industry that you focus in on it. I mean, I just think, from a, from a truly connected, you know, business that the cyber conversation needs to be upfront, not after the fact, not after the fact that you've installed all these devices, or you've you're starting to pull data and you're connected and all of that stuff, and then have that conversation. I don't think that that's the right approach, and I think, I think it's becoming more and more apparent. It's a part of the success. You want to connect. You want to be able to access all of the wonderful technology that exists out there. You cannot do it without that cyber conversation. Great, yes,
15:57
but goes hand in hand with what I said earlier. So on one hand, raise the bar. This is the design it in from the beginning. But we need to acknowledge, and this is really, really important, that it's not enough. We need to monitor it. We need to have visibility of what we what did we not think about and attackers were smart in attacking in ways that we never thought it was possible, but then it's possible. So that is the conversation. It's like, it's still in the infancy. Cyber security for automotive news, like going to the moon in the end of 60s, right? So nobody did that before, yeah. So how do you know how you don't have that experience that you can build upon and weave into the conversation. So it's trial and error. At the end of the day, I don't want to scare anybody, because the industry is putting a lot a lot of emphasis in cybersecurity, but it's for people. Awareness is important, so be aware that the risk is there.
16:57
Yeah, see, I like that. Giuseppe, thank you very much. How do people get a hold of you if they want to
17:01
know more about I'm on LinkedIn Giuseppe zero, and I'm eager to have that discussion with
17:08
him while I was interested. I love it. All right. Listeners, cybersecurity, you can't ignore it. It's your best friend. Let's just accept the fact that it is your best friend. All right. We're gonna have all the contact information for Giuseppe out on Industrial Talk. You know that? Reach out to him, find out more. It's an important conversation to have. We are once again broadcasting from IoT solutions World Congress, Barcelona, Spain is the location, and put this on your calendar for next year. It is a great event with great people like Giuseppe solving problems. All right, we're going to wrap it up on the other side. Stay tuned. We will be right back.
17:42
You're listening to the Industrial Talk Podcast Network.
17:50
That was great conversation. The event was IoT solutions, World Congress, as you know, Giuseppe was his name, Serio, S, E, R, I, O. The company is Upstream.auto. So make note of that, Upstream dot auto. So I went out to their website. You know what they they do a lot in cybersecurity. They've got mad services and solutions. You just got to go out there check them out. Because if you're in the world of connected assets, IoT cybersecurity, hand in glove must happen. You must do it. Find out more. Connect with Giuseppe. He would be more than happy to have a conversation. All right, Industrial Talk is here for you. You have a podcast that you are doing, and you want greater traction and attention, put it out on Industrial Talk. If you want to do a podcast. Go out to Industrial Talk. If you have any desire to create a podcast, come talk to me. I'll tell you how to get it done. All right, be bold, be brave. Dare greatly. Go to IoT Solutions, World Congress, and you're going to change the world. We're going to have another great conversation shortly. So stay tuned.
