CSA Announcement
Discussion - Tesla Twitter Thread
-
- Old twitter thread from 2018 talking about how they cobbled together solutions for the infotainment system
- Telsa is aware that it was precarious, but employees are afraid of challenging the status quo
IoT Matrix v3 - https://github.com/cloudsecurityalliance/IoT-Framework
- Brian has added the guide and framework for v3 to GitHub
- Aaron will be working on adding some pages to make it look nicer
- Will require maintenance and folks interested in writing code - anyone interested can reach out to Brian or Hillary
- Benefits
- Users can file issues and we can track and fix
- Add code to test the controls
- Issue to address
- This assumes all unique MAC addresses, what do you do if you have duplicates?
- Namrata and Umesh to submit issue on GitHub
- Brian to add slides to Circle for community use
Plan for IoT Matrix v4 - Looking for volunteers!
- Add domains - Supply chain
- Add controls - Safety
- IoT specific Shared Responsibility Matrix
- Indicators of compromise
- Mappings: ENISA, NIST CF & 800-53
- A formal reference for NIST
MITRE/Telesurgery Project
- Also created a GitHub
- Need someone with threat modeling experience and anyone interested is welcome to join
Zero Trust - https://docs.google.com/document/d/1hQV47T1wc9XCo5A5gbriMN1SJkiIV6QAOZoI99gM-RI/edit
- Brian streamlined the document and updated certain sections
- New volunteers will be stepping up to complete. They will be adding more requirements and data
- Should be ready for publication in the next few months
Volunteers wanted
- Write code to test controls and maintain GitHub
- Threat modeling for MITRE/telesurgery project
------------------------------
Hillary Baron CCSK v4
Program Manager, Research
CSA
Seattle WA
------------------------------