MCTTP – Munich Cyber Tactics Techniques and Procedures

Dr. Martin Salfer

Security Researcher @ Technical University of Munich

Salfer is an IT security researcher at TUM and a tech lead at an automaker. He earned his Ph.D. in IT Security from TUM, completed his M.Sc. with honours in Software Engineering at UniA/LMU/TUM, and obtained his B.Sc. in Computer Science from HM, with a study abroad at KPU in Vancouver, Canada, and ESIEA in Paris, France, and a research visit at NII in Tokyo, Japan. He is the lead author of 28 publications, including five IT security patents.

Talks & Q&A

Conference | Sep 19

Automotive Security Challenges and Measures: Protecting Modern Vehicle Networks from Cyber Threats

Overview of the complex IT security in moving high tech machines

Description

Our lives depend on automotive cybersecurity, protecting us inside and near vehicles. If vehicles go rogue, they can operate against the driver’s will, potentially driving off a cliff or into a crowd. Modern vehicles are now complex computing platforms, where cybersecurity directly impacts physical safety.

This session bridges the gap between traditional IT security and automotive-specific challenges. Security professionals from non-automotive backgrounds gain insights into how vehicle systems fundamentally differ from conventional IT infrastructure and why they require specialized security approaches. Automotive security professionals face unique challenges from safety-criticality in extreme environments, regulatory homologation constraints, and the technological diversity of specialized components — all while maintaining strict cost efficiency.

To tackle these challenges, the “Automotive Security Analyzer for Exploitability Risks” utilizes innovative attack graph algorithms to improve efficiency, requiring 40-200 times less RAM and running 200-5,000 times faster than comparable implementations. It reveals how seemingly minor vulnerabilities can cascade into exploit chains that target in-vehicle assets.

Security professionals can find various inspirations tailored to their specific roles. Security architects discover strategies to shift left security in the automotive development lifecycle, enabling earlier vulnerability detection when remediation is less costly and more effective. CISOs and risk managers gain methods to quantify automotive-specific cyber threats, providing data-driven insights to prioritize risk mitigation efforts. Ultimately, security professionals ensure that everyone can enjoy greater safety and security in and around autonomous, connected, electrified, and shared vehicles.

Why the committee chose this talk

Automotive security is one of the most complex things to solve. A lot can be learned both ways.