SlideShare ist ein Scribd-Unternehmen logo

6 martin heininger - security in embedded systems - the upcoming challenge

I
Ievgenii Katsan

martin heininger - security in embedded systems - the upcoming challenge

Technologie
1 von 20
Downloaden Sie, um offline zu lesen
1© HEICON – Global Engineering GmbH HEICON Global Engineering GmbH Kreuzweg 22, 88477 Schwendi Internet: www.heicon-ulm.de Blog: http://blog.heicon-ulm.de Security in Embedded Systems – The upcoming challenge
2© HEICON – Global Engineering GmbH HEICON is a specialized engineering company which provides consulting- and development support with a focus on software-based embedded systems. The efficient implementation of methods and processes is the area of our engagement. Founding: 2018 Headquarter: South of Germany (Memmingen) Membership: Employees: 1 Legal form: GmbH Revenue Distribution: HEICON 71% 72% 39% 16% 23% 20% 28% 36% 35% 6% 18% 14% 4% 3% 10% 11% 19% 1% 2% 8% 19% 18% 2% 8% 4% 5% 7% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2013 2014 2015 2016 2017 Other Sectors Military Space Railway Industrial Automation Automotive Aerospace
3© HEICON – Global Engineering GmbH HEICON Aero- space Auto- motive Railway Industry Defence Agri- culture HEICON - Starter HEICON - Consulting HEICON - Services HEICON - Training HEICON - Webinars
4© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
5© HEICON – Global Engineering GmbH Megatrends - Security
6© HEICON – Global Engineering GmbH Megatrends - Security
7© HEICON – Global Engineering GmbH  Massive interconnection of previously independent embedded systems  Enabling malicious attacks on almost all existing embedded systems  Functional Safety relevant Products have to be made secure  Embedded systems have to be made secure against external attacks Megatrends - Security
8© HEICON – Global Engineering GmbH Some futuristic (?) scenarios:  Mass shutdown of private household heating systems by attacking software systems from market leaders  Malicious remote control of highly automated cars Collapse of the electricity supply in Europe due to deliberate wrong connection and disconnection of large power plants or consumers  Damage to health through intentional wrong control of medical devices  Remote-controlled crash of aircrafts Megatrends - Security
9© HEICON – Global Engineering GmbH Megatrends - Security Attack scenarios  Denial of Service  Men in the Middle
10© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
11© HEICON – Global Engineering GmbH Current situation on Standards and Norms Federal Office for Information Security Act: German Federal Office for Information Security developed a procedure for identifying and implementing security measures of the company's own information technology (IT). The aim of basic protection is to achieve an adequate level of protection for IT systems; The basic IT protection catalogues recommend technical security measures and infrastructural, organizational and personnel protection measures.
12© HEICON – Global Engineering GmbH Current situation on Standards and Norms ISO 27001:  Definition of security requirements and objectives for information security  Cost-efficient management of security risks  Ensuring compliance with laws and regulations  Process framework for the implementation and management of measures to ensure specific information security objectives  Definition of new information security management processes  For auditors to determine the degree of implementation of guidelines and standards
13© HEICON – Global Engineering GmbH Terminology, concepts and models Master glossary of terms and abbreviations System security compliance metrics IACS security lifecycle and use-case 1-1 1-2 1-3 1-4 Req. for an IACS security mgt system Implement. guid- ance for an IACS security mgt syst. Patch manage- ment in the IACS environment Installation and maintenance req. for IACS suppliers 2-1 2-2 2-3 2-4 Security technologies for IACS Security risk assessment and system design System sec req. and security levels 3-1 3-2 3-3 Technical security req. for IACS components 4-2 General Policy and Procedures System Component Product development requirements 4-1 Current situation on Standards and Norms IEC62443:
14© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
15© HEICON – Global Engineering GmbH Solution approaches Security Safety  Security Analyse  Security Plan  Design Security into the systems  Minimize systematic failure  Hazardous and Risk Analysis  Safety Plan  Design Safety into the System  Minimize systematic failure
16© HEICON – Global Engineering GmbH Solution approaches Security  Security Analyse  rather difficult as systems to be analysed are not fixed  Security Plan  Open point how much effort should be spent as much more dynamic is there compared to safety  Design Security into the systems  Probably the most important point  Minimize systematic failure  Probably also very important
17© HEICON – Global Engineering GmbH Solution approaches Security Design Security into the systems: Examples  Avoid back door attacks by making the RTOS interfaces secure  Limit the times when embedded system is online  Use the IT-Security mechanisms to make your Embedded System secure  Create technical mechanisms to speed up security updates for you Embedded Systems (Functional Saftey constraints have to be solved)
18© HEICON – Global Engineering GmbH Solution approaches Security Minimize systematic failure: Example  Use Security Coding guidelines (e.g. MISRA Security guidelines)  Specify your system by professional requirements including the Security aspects  Do systematic and professional security testing
19© HEICON – Global Engineering GmbH Solution approaches Defense in depth strategy Security Guidelines Security Require- mentsSecurity V&V Testing Security By design Security Imple- mentation Security Management Defense in depth strategy
20© HEICON – Global Engineering GmbH Contact - Publications Contact: HEICON – Global Engineering GmbH Martin Heininger Dipl.-Ing(FH) Kreuzweg 22 D-88477 Schwendi Tel.: +49 7353 - 98 17 81 Mobil: +49 176 - 24 73 99 60 martin.heininger@heicon-ulm.de http://www.heicon-ulm.de Publications: Testing power electronics according ISO26262, ATZ 04/15 Monthly: Blog article about Functional Safety Topics: http://blog.heicon- ulm.de

Empfohlen

Security policy and standards
Security policy and standardsSecurity policy and standards
Security policy and standardsWilson Musyoka
 
Ch.5 rq (1)
Ch.5 rq (1)Ch.5 rq (1)
Ch.5 rq (1)anthnydvs
 
I-CERT
I-CERTI-CERT
I-CERTSyed Ahmad Raza
 
ADDRESSING CORPORATE CONCERNS
ADDRESSING CORPORATE CONCERNSADDRESSING CORPORATE CONCERNS
ADDRESSING CORPORATE CONCERNSzohaibqadir
 
ISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiMike Walker
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnelDhani Ahmad
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
AI for Resilient Infrastructures
AI for Resilient InfrastructuresAI for Resilient Infrastructures
AI for Resilient InfrastructuresADTELLIGENCE GmbH
 

Empfohlen

Security policy and standards
Security policy and standardsSecurity policy and standards
Security policy and standardsWilson Musyoka
 
Ch.5 rq (1)
Ch.5 rq (1)Ch.5 rq (1)
Ch.5 rq (1)anthnydvs
 
I-CERT
I-CERTI-CERT
I-CERTSyed Ahmad Raza
 
ADDRESSING CORPORATE CONCERNS
ADDRESSING CORPORATE CONCERNSADDRESSING CORPORATE CONCERNS
ADDRESSING CORPORATE CONCERNSzohaibqadir
 
ISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiMike Walker
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnelDhani Ahmad
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
AI for Resilient Infrastructures
AI for Resilient InfrastructuresAI for Resilient Infrastructures
AI for Resilient InfrastructuresADTELLIGENCE GmbH
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Craig Thornton
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?Storage Switzerland
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegifyflashnewsrelease
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information PolicyMLG College of Learning, Inc
 
Specialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsSpecialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsGeorges Ataya
 
Privacy & security in heath care it
Privacy & security in heath care itPrivacy & security in heath care it
Privacy & security in heath care itDhani Ahmad
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementationhimalya sharma
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Securityanilchip
 
Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?Fairuz Rafique
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?ESET
 
Flipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in CyberFlipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in Cyberscoopnewsgroup
 
Hima cyber security
Hima cyber securityHima cyber security
Hima cyber securityie-net ingenieursvereniging vzw
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)NoCodeHardening
 
Hardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyHardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyNoCodeHardening
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 

Weitere ähnliche Inhalte

Was ist angesagt?

ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Craig Thornton
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?Storage Switzerland
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegifyflashnewsrelease
 
Specialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsSpecialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsGeorges Ataya
 
Privacy & security in heath care it
Privacy & security in heath care itPrivacy & security in heath care it
Privacy & security in heath care itDhani Ahmad
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementationhimalya sharma
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Securityanilchip
 
Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?Fairuz Rafique
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?ESET
 
Flipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in CyberFlipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in Cyberscoopnewsgroup
 

Was ist angesagt? (18)

ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
 
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
 
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegify
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
 
Specialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsSpecialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionals
 
Privacy & security in heath care it
Privacy & security in heath care itPrivacy & security in heath care it
Privacy & security in heath care it
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementation
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Security
 
Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?
 
Flipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in CyberFlipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in Cyber
 

Ähnlich wie 6 martin heininger - security in embedded systems - the upcoming challenge

Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)NoCodeHardening
 
Hardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyHardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyNoCodeHardening
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 
Medtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the HorizonMedtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the Horizonteam-WIBU
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxSigfox
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpointe-Xpert Solutions SA
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityA. V. Rajabahadur
 
How to implement security compliance with SanerNow
How to implement security compliance with SanerNowHow to implement security compliance with SanerNow
How to implement security compliance with SanerNowSecPod
 
111.pptx
111.pptx111.pptx
111.pptxJESUNPK
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle1&1
 
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to knowISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to knowPECB
 
Security as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionSecurity as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionMarketingArrowECS_CZ
 
How to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded SystemsHow to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded SystemsIntland Software GmbH
 

Ähnlich wie 6 martin heininger - security in embedded systems - the upcoming challenge (20)

Hima cyber security
Hima cyber securityHima cyber security
Hima cyber security
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)
 
Hardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyHardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security Strategy
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Medtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the HorizonMedtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the Horizon
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - Sigfox
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
Infosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.pptInfosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.ppt
 
GoSecure
GoSecureGoSecure
GoSecure
 
Khas bank isms 3 s
Khas bank isms 3 sKhas bank isms 3 s
Khas bank isms 3 s
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber Security
 
How to implement security compliance with SanerNow
How to implement security compliance with SanerNowHow to implement security compliance with SanerNow
How to implement security compliance with SanerNow
 
111.pptx
111.pptx111.pptx
111.pptx
 
ISO/IEC 27001.pdf
ISO/IEC 27001.pdfISO/IEC 27001.pdf
ISO/IEC 27001.pdf
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
 
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to knowISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
 
Security as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionSecurity as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud Adoption
 
How to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded SystemsHow to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded Systems
 

Mehr von Ievgenii Katsan

8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love you8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love youIevgenii Katsan
 
5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teams5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teamsIevgenii Katsan
 
4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterprise4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterpriseIevgenii Katsan
 
3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s products3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s productsIevgenii Katsan
 
7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinity7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinityIevgenii Katsan
 
3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...Ievgenii Katsan
 
5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysis5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysisIevgenii Katsan
 
5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...Ievgenii Katsan
 
3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product owner3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product ownerIevgenii Katsan
 
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...Ievgenii Katsan
 
3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...Ievgenii Katsan
 
4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employees4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employeesIevgenii Katsan
 
9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...Ievgenii Katsan
 
7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...Ievgenii Katsan
 
6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 days6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 daysIevgenii Katsan
 
5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our reality5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our realityIevgenii Katsan
 
2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking game2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking gameIevgenii Katsan
 
3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product owner3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product ownerIevgenii Katsan
 
4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...Ievgenii Katsan
 

Mehr von Ievgenii Katsan (20)

8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love you8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love you
 
5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teams5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teams
 
4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterprise4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterprise
 
3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s products3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s products
 
7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinity7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinity
 
1 hans van loenhoud -
1 hans van loenhoud - 1 hans van loenhoud -
1 hans van loenhoud -
 
3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...
 
5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysis5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysis
 
5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...
 
3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product owner3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product owner
 
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
 
3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...
 
4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employees4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employees
 
9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...
 
7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...
 
6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 days6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 days
 
5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our reality5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our reality
 
2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking game2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking game
 
3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product owner3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product owner
 
4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...
 

Kürzlich hochgeladen

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Kürzlich hochgeladen (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

6 martin heininger - security in embedded systems - the upcoming challenge

  • 1. 1© HEICON – Global Engineering GmbH HEICON Global Engineering GmbH Kreuzweg 22, 88477 Schwendi Internet: www.heicon-ulm.de Blog: http://blog.heicon-ulm.de Security in Embedded Systems – The upcoming challenge
  • 2. 2© HEICON – Global Engineering GmbH HEICON is a specialized engineering company which provides consulting- and development support with a focus on software-based embedded systems. The efficient implementation of methods and processes is the area of our engagement. Founding: 2018 Headquarter: South of Germany (Memmingen) Membership: Employees: 1 Legal form: GmbH Revenue Distribution: HEICON 71% 72% 39% 16% 23% 20% 28% 36% 35% 6% 18% 14% 4% 3% 10% 11% 19% 1% 2% 8% 19% 18% 2% 8% 4% 5% 7% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2013 2014 2015 2016 2017 Other Sectors Military Space Railway Industrial Automation Automotive Aerospace
  • 3. 3© HEICON – Global Engineering GmbH HEICON Aero- space Auto- motive Railway Industry Defence Agri- culture HEICON - Starter HEICON - Consulting HEICON - Services HEICON - Training HEICON - Webinars
  • 4. 4© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
  • 5. 5© HEICON – Global Engineering GmbH Megatrends - Security
  • 6. 6© HEICON – Global Engineering GmbH Megatrends - Security
  • 7. 7© HEICON – Global Engineering GmbH  Massive interconnection of previously independent embedded systems  Enabling malicious attacks on almost all existing embedded systems  Functional Safety relevant Products have to be made secure  Embedded systems have to be made secure against external attacks Megatrends - Security
  • 8. 8© HEICON – Global Engineering GmbH Some futuristic (?) scenarios:  Mass shutdown of private household heating systems by attacking software systems from market leaders  Malicious remote control of highly automated cars Collapse of the electricity supply in Europe due to deliberate wrong connection and disconnection of large power plants or consumers  Damage to health through intentional wrong control of medical devices  Remote-controlled crash of aircrafts Megatrends - Security
  • 9. 9© HEICON – Global Engineering GmbH Megatrends - Security Attack scenarios  Denial of Service  Men in the Middle
  • 10. 10© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
  • 11. 11© HEICON – Global Engineering GmbH Current situation on Standards and Norms Federal Office for Information Security Act: German Federal Office for Information Security developed a procedure for identifying and implementing security measures of the company's own information technology (IT). The aim of basic protection is to achieve an adequate level of protection for IT systems; The basic IT protection catalogues recommend technical security measures and infrastructural, organizational and personnel protection measures.
  • 12. 12© HEICON – Global Engineering GmbH Current situation on Standards and Norms ISO 27001:  Definition of security requirements and objectives for information security  Cost-efficient management of security risks  Ensuring compliance with laws and regulations  Process framework for the implementation and management of measures to ensure specific information security objectives  Definition of new information security management processes  For auditors to determine the degree of implementation of guidelines and standards
  • 13. 13© HEICON – Global Engineering GmbH Terminology, concepts and models Master glossary of terms and abbreviations System security compliance metrics IACS security lifecycle and use-case 1-1 1-2 1-3 1-4 Req. for an IACS security mgt system Implement. guid- ance for an IACS security mgt syst. Patch manage- ment in the IACS environment Installation and maintenance req. for IACS suppliers 2-1 2-2 2-3 2-4 Security technologies for IACS Security risk assessment and system design System sec req. and security levels 3-1 3-2 3-3 Technical security req. for IACS components 4-2 General Policy and Procedures System Component Product development requirements 4-1 Current situation on Standards and Norms IEC62443:
  • 14. 14© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
  • 15. 15© HEICON – Global Engineering GmbH Solution approaches Security Safety  Security Analyse  Security Plan  Design Security into the systems  Minimize systematic failure  Hazardous and Risk Analysis  Safety Plan  Design Safety into the System  Minimize systematic failure
  • 16. 16© HEICON – Global Engineering GmbH Solution approaches Security  Security Analyse  rather difficult as systems to be analysed are not fixed  Security Plan  Open point how much effort should be spent as much more dynamic is there compared to safety  Design Security into the systems  Probably the most important point  Minimize systematic failure  Probably also very important
  • 17. 17© HEICON – Global Engineering GmbH Solution approaches Security Design Security into the systems: Examples  Avoid back door attacks by making the RTOS interfaces secure  Limit the times when embedded system is online  Use the IT-Security mechanisms to make your Embedded System secure  Create technical mechanisms to speed up security updates for you Embedded Systems (Functional Saftey constraints have to be solved)
  • 18. 18© HEICON – Global Engineering GmbH Solution approaches Security Minimize systematic failure: Example  Use Security Coding guidelines (e.g. MISRA Security guidelines)  Specify your system by professional requirements including the Security aspects  Do systematic and professional security testing
  • 19. 19© HEICON – Global Engineering GmbH Solution approaches Defense in depth strategy Security Guidelines Security Require- mentsSecurity V&V Testing Security By design Security Imple- mentation Security Management Defense in depth strategy
  • 20. 20© HEICON – Global Engineering GmbH Contact - Publications Contact: HEICON – Global Engineering GmbH Martin Heininger Dipl.-Ing(FH) Kreuzweg 22 D-88477 Schwendi Tel.: +49 7353 - 98 17 81 Mobil: +49 176 - 24 73 99 60 martin.heininger@heicon-ulm.de http://www.heicon-ulm.de Publications: Testing power electronics according ISO26262, ATZ 04/15 Monthly: Blog article about Functional Safety Topics: http://blog.heicon- ulm.de