SlideShare ist ein Scribd-Unternehmen logo

20161012CRITIS_ptheron_ICCF ab

D
Dr. Paul THERON
1 von 12
Downloaden Sie, um offline zu lesen
A way towards a fully bridged European certification of IACS cybersecurity. Paul THERON, PhD, FBCI
A word of introduction: an on-going struggle Source:DHS. (2015). NCCIC / ICS-CERT FY 2015 Annual Vulnerability Coordination Report. Retrieved Sept 11, 2016, from https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/NCCIC_ICS- CERT_FY%202015_Annual_Vulnerability_Coordination_Report_S508C.pdf (1311)
Introducing the ICCF... • The history of the IACS cybersecurity certification TG • The philosophy of the ICCF • Gaining support from stakeholders • The IACS Compliance & Certification Framework • The General structure of the ICCF • Principles of IACS components certification
The history of the IACS cybersecurity certification Thematic Group
The philosophy of the ICCF • A generic model for IACS products / components certification: not a standard • Helping vendors and buyers to approach the issue of certification • An agnostic framework • Freedom of choice: standards, national schemes, etc. • A way to engage stakeholders • Schemes from the least to the most demanding • Guidelines for the European Commission and Professionals • How to start? And what to do?
Gaining support from stakeholders • Stakeholders’ consultation 2015-2016 and network of contacts • ERNCIP Conference 2015; • ENISA – EICS Group and E-SCSIE; • ENISA ICT Workshop 16th of March 2016; • GIMELEC • BSI • ANSSI • ISA • NIST • ETSI Cyber TC; • EWICS (European Workshop on Industrial Computer Systems Reliability Safety and Security – www.ewics.org); • CEN/Cenelec’s Cyber Security Coordination Group (CSCG) on 27th April 2016; • ERNCIP-Improver Workshop 28th April 2016...
The IACS Compliance & Certification Framework • Proposes 4 IACS Compliance & Certification Schemes (ICCS) • ICCS-A1 (Self-declaration of compliance) • ICCS-A2 (Third-party compliance assessment) • ICCS-B (Cyber resilience certification) • ICCS-C (Full cyber resilience certification)
The IACS Compliance & Certification Framework • Involves up to 3 Evaluation Activities • Compliance Assessment (in all four ICCS) • Cyber Resilience Testing (ICCS-B & C) • Development Process Evaluation (ICCS-C)
The IACS Compliance & Certification Framework • Requires the guidelines and resources of 3 Pillars • IACS Common Cybersecurity Assessment Requirements (ICCAR) • IACS Components Cybersecurity Protection Profiles (ICCPRO) • IACS Compliance & Certification Process (ICCP) • ... And involves a 4th pillar for fostering and disseminating the ICCF • IACS C&C EU Register (ICCEUR)
The General structure of the ICCF ICCF Schemes (A1, A2, B, C) Compliance Assessment Activity Process Pillar Protection Profile Pillar Common Requirements Pillar Cyber Resilience Testing Activity Process Pillar Protection Profile Pillar Common Requirements Pillar Development Process Certification Activity Process Pillar Protection Profile Pillar Common Requirements Pillar
Principles of IACS components certification Family of products Critical assets Operating conditions Protection assumptions Residual threats Security functions Protection Profile Specific product Critical assets Operating conditions Protection assumptions Residual threats Security functions Security mechanisms Security Profile
In conclusion: Join the trials in 2017 Thank you for your attention Email: paul.theron@thalesgroup.com

Empfohlen

CRISP - Overview and results
CRISP - Overview and results CRISP - Overview and results
CRISP - Overview and results CRISP Project
 
FIWARE MEXICO WorkShop 2016 - 2. Mexico – European Union cooperation
FIWARE MEXICO WorkShop 2016 - 2. Mexico – European Union cooperationFIWARE MEXICO WorkShop 2016 - 2. Mexico – European Union cooperation
FIWARE MEXICO WorkShop 2016 - 2. Mexico – European Union cooperationFIWARE Mexico
 
Policy and Standardisation perspective - CRISP Final Conference
Policy and Standardisation perspective - CRISP Final ConferencePolicy and Standardisation perspective - CRISP Final Conference
Policy and Standardisation perspective - CRISP Final ConferenceCRISP Project
 
Euralarm - Glen Dale on security industry perspective on certification of sec...
Euralarm - Glen Dale on security industry perspective on certification of sec...Euralarm - Glen Dale on security industry perspective on certification of sec...
Euralarm - Glen Dale on security industry perspective on certification of sec...CRISP Project
 
Introduction to UKSPF Independent consultancy study on “Licence-exempt spectrum”
Introduction to UKSPF Independent consultancy study on “Licence-exempt spectrum”Introduction to UKSPF Independent consultancy study on “Licence-exempt spectrum”
Introduction to UKSPF Independent consultancy study on “Licence-exempt spectrum”techUK
 
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskCAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskSkybox Security
 
Code4Health, pop up uni, 2pm, 2 september 2015
Code4Health, pop up uni, 2pm, 2 september 2015Code4Health, pop up uni, 2pm, 2 september 2015
Code4Health, pop up uni, 2pm, 2 september 2015NHS England
 
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Skybox Security
 

Empfohlen

CRISP - Overview and results
CRISP - Overview and results CRISP - Overview and results
CRISP - Overview and results CRISP Project
 
FIWARE MEXICO WorkShop 2016 - 2. Mexico – European Union cooperation
FIWARE MEXICO WorkShop 2016 - 2. Mexico – European Union cooperationFIWARE MEXICO WorkShop 2016 - 2. Mexico – European Union cooperation
FIWARE MEXICO WorkShop 2016 - 2. Mexico – European Union cooperationFIWARE Mexico
 
Policy and Standardisation perspective - CRISP Final Conference
Policy and Standardisation perspective - CRISP Final ConferencePolicy and Standardisation perspective - CRISP Final Conference
Policy and Standardisation perspective - CRISP Final ConferenceCRISP Project
 
Euralarm - Glen Dale on security industry perspective on certification of sec...
Euralarm - Glen Dale on security industry perspective on certification of sec...Euralarm - Glen Dale on security industry perspective on certification of sec...
Euralarm - Glen Dale on security industry perspective on certification of sec...CRISP Project
 
Introduction to UKSPF Independent consultancy study on “Licence-exempt spectrum”
Introduction to UKSPF Independent consultancy study on “Licence-exempt spectrum”Introduction to UKSPF Independent consultancy study on “Licence-exempt spectrum”
Introduction to UKSPF Independent consultancy study on “Licence-exempt spectrum”techUK
 
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskCAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskSkybox Security
 
Code4Health, pop up uni, 2pm, 2 september 2015
Code4Health, pop up uni, 2pm, 2 september 2015Code4Health, pop up uni, 2pm, 2 september 2015
Code4Health, pop up uni, 2pm, 2 september 2015NHS England
 
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Skybox Security
 
Updated resume
Updated resumeUpdated resume
Updated resumeshriraam ms
 
Wcf Extensibility
Wcf ExtensibilityWcf Extensibility
Wcf ExtensibilityEyal Vardi
 
Angular 2.0 forms
Angular 2.0 formsAngular 2.0 forms
Angular 2.0 formsEyal Vardi
 
Project stake holder analysis and cultural influence on international project...
Project stake holder analysis and cultural influence on international project...Project stake holder analysis and cultural influence on international project...
Project stake holder analysis and cultural influence on international project...NICHOLAS PAUL
 
AngularJS Directives
AngularJS DirectivesAngularJS Directives
AngularJS DirectivesEyal Vardi
 
Template syntax in Angular 2.0
Template syntax in Angular 2.0Template syntax in Angular 2.0
Template syntax in Angular 2.0Eyal Vardi
 
Java J2EE Interview Questions Part-1
Java J2EE Interview Questions Part-1Java J2EE Interview Questions Part-1
Java J2EE Interview Questions Part-1javatrainingonline
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architectureuniversity of education,Lahore
 
Business Plan: Photography Business (slides)
Business Plan: Photography Business (slides)Business Plan: Photography Business (slides)
Business Plan: Photography Business (slides)Moin Sarker
 
AngularJS Forms Validation
AngularJS Forms ValidationAngularJS Forms Validation
AngularJS Forms ValidationSunny Sharma
 
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIIndustrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIJavier Tallón
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controlsEnclaveSecurity
 
AARC Assurance Profiles for Kantara Initiative
AARC Assurance Profiles for Kantara InitiativeAARC Assurance Profiles for Kantara Initiative
AARC Assurance Profiles for Kantara Initiativekantarainitiative
 
Three trends in cybersecurity
Three trends in cybersecurityThree trends in cybersecurity
Three trends in cybersecurityAlexander Deucalion
 
CA Self Regulation
CA Self RegulationCA Self Regulation
CA Self RegulationCASCouncil
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slidesSteve Arnold
 
Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessSeungjoo Kim
 
Application of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCApplication of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCSeungjoo Kim
 
Metholodogies and Security Standards
Metholodogies and Security StandardsMetholodogies and Security Standards
Metholodogies and Security StandardsConferencias FIST
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 
Towards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluationTowards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluationAxel Rennoch
 
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...Antoine Vigneron
 

Weitere ähnliche Inhalte

Andere mochten auch

Wcf Extensibility
Wcf ExtensibilityWcf Extensibility
Wcf ExtensibilityEyal Vardi
 
Angular 2.0 forms
Angular 2.0 formsAngular 2.0 forms
Angular 2.0 formsEyal Vardi
 
Project stake holder analysis and cultural influence on international project...
Project stake holder analysis and cultural influence on international project...Project stake holder analysis and cultural influence on international project...
Project stake holder analysis and cultural influence on international project...NICHOLAS PAUL
 
AngularJS Directives
AngularJS DirectivesAngularJS Directives
AngularJS DirectivesEyal Vardi
 
Template syntax in Angular 2.0
Template syntax in Angular 2.0Template syntax in Angular 2.0
Template syntax in Angular 2.0Eyal Vardi
 
Java J2EE Interview Questions Part-1
Java J2EE Interview Questions Part-1Java J2EE Interview Questions Part-1
Java J2EE Interview Questions Part-1javatrainingonline
 
Business Plan: Photography Business (slides)
Business Plan: Photography Business (slides)Business Plan: Photography Business (slides)
Business Plan: Photography Business (slides)Moin Sarker
 
AngularJS Forms Validation
AngularJS Forms ValidationAngularJS Forms Validation
AngularJS Forms ValidationSunny Sharma
 

Andere mochten auch (10)

Updated resume
Updated resumeUpdated resume
Updated resume
 
Wcf Extensibility
Wcf ExtensibilityWcf Extensibility
Wcf Extensibility
 
Angular 2.0 forms
Angular 2.0 formsAngular 2.0 forms
Angular 2.0 forms
 
Project stake holder analysis and cultural influence on international project...
Project stake holder analysis and cultural influence on international project...Project stake holder analysis and cultural influence on international project...
Project stake holder analysis and cultural influence on international project...
 
AngularJS Directives
AngularJS DirectivesAngularJS Directives
AngularJS Directives
 
Template syntax in Angular 2.0
Template syntax in Angular 2.0Template syntax in Angular 2.0
Template syntax in Angular 2.0
 
Java J2EE Interview Questions Part-1
Java J2EE Interview Questions Part-1Java J2EE Interview Questions Part-1
Java J2EE Interview Questions Part-1
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 
Business Plan: Photography Business (slides)
Business Plan: Photography Business (slides)Business Plan: Photography Business (slides)
Business Plan: Photography Business (slides)
 
AngularJS Forms Validation
AngularJS Forms ValidationAngularJS Forms Validation
AngularJS Forms Validation
 

Ähnlich wie 20161012CRITIS_ptheron_ICCF ab

Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIIndustrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIJavier Tallón
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controlsEnclaveSecurity
 
AARC Assurance Profiles for Kantara Initiative
AARC Assurance Profiles for Kantara InitiativeAARC Assurance Profiles for Kantara Initiative
AARC Assurance Profiles for Kantara Initiativekantarainitiative
 
CA Self Regulation
CA Self RegulationCA Self Regulation
CA Self RegulationCASCouncil
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slidesSteve Arnold
 
Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessSeungjoo Kim
 
Application of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCApplication of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCSeungjoo Kim
 
Metholodogies and Security Standards
Metholodogies and Security StandardsMetholodogies and Security Standards
Metholodogies and Security StandardsConferencias FIST
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 
Towards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluationTowards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluationAxel Rennoch
 
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...Antoine Vigneron
 
Building an API Security Strategy
Building an API Security StrategyBuilding an API Security Strategy
Building an API Security StrategySmartBear
 
Criterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conferenceCriterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conferenceJoe Garza
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseEnclaveSecurity
 
Symposium AFAI Cybersecurity CSX ISACA
Symposium AFAI Cybersecurity CSX ISACASymposium AFAI Cybersecurity CSX ISACA
Symposium AFAI Cybersecurity CSX ISACAAntoine Vigneron
 

Ähnlich wie 20161012CRITIS_ptheron_ICCF ab (20)

Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIIndustrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
 
AARC Assurance Profiles for Kantara Initiative
AARC Assurance Profiles for Kantara InitiativeAARC Assurance Profiles for Kantara Initiative
AARC Assurance Profiles for Kantara Initiative
 
Three trends in cybersecurity
Three trends in cybersecurityThree trends in cybersecurity
Three trends in cybersecurity
 
CA Self Regulation
CA Self RegulationCA Self Regulation
CA Self Regulation
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
 
Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC Process
 
Application of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCApplication of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLC
 
Metholodogies and Security Standards
Metholodogies and Security StandardsMetholodogies and Security Standards
Metholodogies and Security Standards
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
 
Towards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluationTowards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluation
 
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...
La gouvernance au cœur de la transformation numérique - Comment COBIT 5 peut ...
 
Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...
 
ION Hangzhou - About IETF
ION Hangzhou - About IETFION Hangzhou - About IETF
ION Hangzhou - About IETF
 
Building an API Security Strategy
Building an API Security StrategyBuilding an API Security Strategy
Building an API Security Strategy
 
Criterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conferenceCriterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conference
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for Defense
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
Symposium AFAI Cybersecurity CSX ISACA
Symposium AFAI Cybersecurity CSX ISACASymposium AFAI Cybersecurity CSX ISACA
Symposium AFAI Cybersecurity CSX ISACA
 

20161012CRITIS_ptheron_ICCF ab

  • 1. A way towards a fully bridged European certification of IACS cybersecurity. Paul THERON, PhD, FBCI
  • 2. A word of introduction: an on-going struggle Source:DHS. (2015). NCCIC / ICS-CERT FY 2015 Annual Vulnerability Coordination Report. Retrieved Sept 11, 2016, from https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/NCCIC_ICS- CERT_FY%202015_Annual_Vulnerability_Coordination_Report_S508C.pdf (1311)
  • 3. Introducing the ICCF... • The history of the IACS cybersecurity certification TG • The philosophy of the ICCF • Gaining support from stakeholders • The IACS Compliance & Certification Framework • The General structure of the ICCF • Principles of IACS components certification
  • 4. The history of the IACS cybersecurity certification Thematic Group
  • 5. The philosophy of the ICCF • A generic model for IACS products / components certification: not a standard • Helping vendors and buyers to approach the issue of certification • An agnostic framework • Freedom of choice: standards, national schemes, etc. • A way to engage stakeholders • Schemes from the least to the most demanding • Guidelines for the European Commission and Professionals • How to start? And what to do?
  • 6. Gaining support from stakeholders • Stakeholders’ consultation 2015-2016 and network of contacts • ERNCIP Conference 2015; • ENISA – EICS Group and E-SCSIE; • ENISA ICT Workshop 16th of March 2016; • GIMELEC • BSI • ANSSI • ISA • NIST • ETSI Cyber TC; • EWICS (European Workshop on Industrial Computer Systems Reliability Safety and Security – www.ewics.org); • CEN/Cenelec’s Cyber Security Coordination Group (CSCG) on 27th April 2016; • ERNCIP-Improver Workshop 28th April 2016...
  • 7. The IACS Compliance & Certification Framework • Proposes 4 IACS Compliance & Certification Schemes (ICCS) • ICCS-A1 (Self-declaration of compliance) • ICCS-A2 (Third-party compliance assessment) • ICCS-B (Cyber resilience certification) • ICCS-C (Full cyber resilience certification)
  • 8. The IACS Compliance & Certification Framework • Involves up to 3 Evaluation Activities • Compliance Assessment (in all four ICCS) • Cyber Resilience Testing (ICCS-B & C) • Development Process Evaluation (ICCS-C)
  • 9. The IACS Compliance & Certification Framework • Requires the guidelines and resources of 3 Pillars • IACS Common Cybersecurity Assessment Requirements (ICCAR) • IACS Components Cybersecurity Protection Profiles (ICCPRO) • IACS Compliance & Certification Process (ICCP) • ... And involves a 4th pillar for fostering and disseminating the ICCF • IACS C&C EU Register (ICCEUR)
  • 10. The General structure of the ICCF ICCF Schemes (A1, A2, B, C) Compliance Assessment Activity Process Pillar Protection Profile Pillar Common Requirements Pillar Cyber Resilience Testing Activity Process Pillar Protection Profile Pillar Common Requirements Pillar Development Process Certification Activity Process Pillar Protection Profile Pillar Common Requirements Pillar
  • 11. Principles of IACS components certification Family of products Critical assets Operating conditions Protection assumptions Residual threats Security functions Protection Profile Specific product Critical assets Operating conditions Protection assumptions Residual threats Security functions Security mechanisms Security Profile
  • 12. In conclusion: Join the trials in 2017 Thank you for your attention Email: paul.theron@thalesgroup.com