9:00 - 9:30 am
Opening Address: Driving the Future Securely -- An Overview of EV & Connected Vehicle Cybersecurity

An overview of the of the technical, regulatory, and operational challenges that define current best practices and emerging frontiers in mobility security

• The convergence of EV and telematics systems and their shared cyber-risk profile

• How vehicle electrification changes traditional threat models

• Core pillars of a robust mobility cybersecurity strategy

• The broader socio-economic impacts of vehicle cyber incidents

9:30 - 10:30 am
Navigating Today’s Threat Landscape: EV & CV Attack Vectors

From remote key-fob replay to over-the-air (OTA) firmware manipulation, adversaries are inventing ever more sophisticated ways to compromise vehicles. This session will map out the most prevalent and emerging attack vectors in electric and connected vehicles, drawing on real-world case examples. We will explore how vulnerabilities in charging infrastructure, telematics units, battery management systems, and third-party apps can be chained into full-blown exploits.

• Top five EV/CV attack vectors observed in recent penetration tests

• How independent researchers are uncovering multi-stage exploits

• The role of the wider mobility ecosystem (chargers, apps, cloud) in introducing risk

• Defensive countermeasures tailored to each attack class

10:30 - 11:00 am
Networking Coffee Break

11:00 - 12:15 pm
Secure by Design: Building Resilient EV Architectures

Designing security in from Day 1 is crucial to preventing costly retrofits and recalls down the line. This session delves into architectural best practices for EV and connected-vehicle platforms. Topics include secure hardware root-of-trust, zonal vs. domain-based ECUs, hardware isolation techniques, and secure boot chains. Attendees will walk away with practical blueprints for integrating security controls into powertrain, telematics, and infotainment subsystems without compromising performance or user experience.

• Zonal and domain controller approaches from a security standpoint

• Hardware root-of-trust and secure boot in EV control systems

• Fail-safe mechanisms for detecting and isolating compromised modules

• Balancing security controls with performance, cost, and usability constraints

12:15 - 1:15 pm
Lunch

1:15 - 2:30 pm
Over-the-Air Updates & Supply Chain Integrity

OTA updates are a double-edged sword: they enable rapid vulnerability patching but also widen the window of opportunity for supply-chain attacks. This session examines end-to-end OTA pipelines, from vendor code signing and secure distribution to in-vehicle validation. We’ll explore strategies to validate firmware provenance, detect tampering, and implement rollback protection. Key challenges around managing third-party libraries, open-source components, and subcontractor code will also be addressed.

• Mapping an end-to-end OTA update workflow with integrated code signing and attestation

• Deploying mechanisms to ensure firmware integrity and authenticity in the field

• Mitigating risks posed by third-party and open-source dependencies

• Establishing rollback and “fail-safe” policies to prevent bricked vehicles

2:30 - 3:00 pm
Networking Coffee Break

3:00 - 4:00 pm
Incident Response & Forensics for EVs

When cyber incidents strike, rapid detection and investigation are vital to safety and brand reputation. This session looks at advances in incident response processes tailored to electric and connected vehicles. We will discuss ECUs for logging, leveraging telematics data for anomaly detection, and applying forensic tools to extract evidence from compromised modules. The session will also cover crisis communication, legal considerations, and cross-industry collaboration best practices.

• Incident response playbook specific to EV/CV scenarios

• Instrument vehicles and backend services for effective logging and telemetry

• Forensic extraction from in-vehicle networks and ECUs

• Coordinating with legal, regulatory, and PR stakeholders post-incident

4:00 - 5:00 pm
Securing In-Vehicle Networks & Telematics

Modern vehicles host complex, high-speed networks—CAN, FlexRay, Automotive Ethernet—interconnecting powertrain, ADAS, and infotainment domains. This session discusses advances in security mechanisms and segmentation strategies needed to protect in-vehicle buses. Panelists will dicuss message authentication, intrusion detection for CAN/DoS, microsegmentation via Ethernet VLANs, and hardened telematics gateways. Real-world examples will illustrate how robust network design can thwart lateral attacker movement.

• Message authentication and anomaly detection on CAN and FlexRay

• Segmenting high-risk domains using automotive Ethernet VLANs and firewalls

• Hardening telematics gateways against protocol-level exploits

• Integrating network-level security with ECU-level protections

5:00 - 6:30 pm
Networking Reception

Wednesday, January 28, 2026

8:00 am - 9:00 am
Registration and Continental Breakfast

9:00 - 10:30 am
AI & Machine Learning for Real-Time Threat Detection

As the velocity and volume of vehicle data explode, AI and ML offer powerful tools for spotting anomalies and predicting attacks. This session explores state-of-the-art ML models for detecting sensor spoofing, firmware tampering, and network intrusions in real time. Panelists will discuss data requirements, model validation, adversarial robustness, and edge-deployment constraints, among other topics.

• Appropriate ML algorithms for automotive anomaly detection

• Gathering and curating training data from diverse sensor and network sources

• Model performance under adversarial conditions

• Lightweight inference engines for resource-constrained ECUs

10:30 - 11:00 am
Networking Coffee Break

11:00 - 12:15 pm
Case Studies & Lessons Learned

Nothing beats learning from real deployments. In this interactive session, panelists will share anonymized case studies spanning recent vulnerability disclosures, security-driven recalls, and successful mitigation programs. Participants will discuss what went right, what went wrong, and how cross-functional teams overcame organizational and technical hurdles to strengthen their security posture.

• Best practices from recent EV/CV security incidents

• Common organizational pain points in security rollout

• Cross-team collaboration to accelerate remediation

• Translating lessons learned into actionable policy and process improvements

12:15 - 1:15 pm
Lunch

1:15 - 2:30 pm
Regulatory & Standards Roadmap

With evolving regulations—from UNECE WP.29 to NHTSA cyber guidance—compliance has become a moving target. This session unpacks the current regulatory landscape and previews upcoming standards, certifications, and liability frameworks worldwide. Experts from regulatory bodies and standards organizations will discuss key requirements, timelines, and how to align product development and cybersecurity management systems (CSMS) for global market access.

• UNECE WP.29, ISO/SAE 21434, and regional regulations

• Integrating CSMS requirements into existing quality and safety processes

• Future regulatory trends in EV and CV security

• Preparing audit-ready documentation to demonstrate compliance

2:30 - 3:00 pm
Networking Coffee Break

3:00 - 4:00 pm
Closing Panel: Roadmap to Resilience: Charting the Next Decade

This closing discussion will synthesize insights from the past two days and envision a cybersecurity roadmap for the next ten years of electric and connected mobility. Topics include the role of V2X security, zero-trust principles on wheels, quantum threats, and how ecosystem partnerships will shape a resilient mobility future. The goal is to leave attendees with a clear set of priorities to guide their R&D, product planning, and policy engagement.

• Next-gen R&D themes: V2X, zero-trust, quantum-safe cryptography

• Cross-industry collaboration for end-to-end ecosystem security

• Aligning enterprise roadmaps with anticipated regulatory shifts

• Continuous improvement through red-teaming and threat intelligence