Weitere ähnliche Inhalte Ähnlich wie Cybersecurity Implementation and Certification in Practice for IoT Equipment (20) Kürzlich hochgeladen (20) Cybersecurity Implementation and Certification in Practice for IoT Equipment1. Leading Brand in Cybersecurity Compliance Solutions
www.onwardsecurity.com
Cybersecurity
Implementation and
Certification in Practice for
IoT Equipment
Onward Security
2. 1© 2020 Onward Security Corp. All rights reserved.
Notice01
FAQ02
Use Case03
Conclusion and Suggestion04
Q&A05
CONTENTS
3. © 2020 Onward Security Corp. All rights reserved. 2
01.
Notice
for IoT security standard adoption and certification
4. © 2020 Onward Security Corp. All rights reserved. 3
5 notices
Explicitly define the classification of IoT
security standardsN1
Determine the standard(s) you needN2
What do you need to invest in or prepare
for?N3
Cooperation items for adoption or
certificationN4
The benefits of obtaining the trademark /
certificateN5
5. © 2020 Onward Security Corp. All rights reserved. 4
N1. Explicitly define the classifications of IoT
security standards
• Laws and regulations
• U.S. :FIPS-140-3, …
• U.K. :CPA, …
• Brand compliance
• Amazon、Apple、Google, …
• AT&T, Nokia, Siemens, …
• Industry requirements
• ICT products: ISO/IEC 15408, …
• IoT devices:CTIA, …
• IIoT:IEC 62443, …
Explicitly define the classifications of
IoT security standardsN1
Determine the standard(s) you needN2
What do you need to invest in or
prepare for?N3
Cooperation items for adoption or
certificationN4
The benefits of obtaining the
trademark / certificateN5
A growing number
of third-party NPOs
are releasing
standards /
certifications /
trademarks
programs
6. © 2020 Onward Security Corp. All rights reserved. 5
N2. Determine the standard(s) you need
• Do the customers have any
requirements?
• Regulatory requirements: Governments
• Purchasers: Enterprises & consumers
• Bosses: Department managers, senior
managers
• Where are your products sold? To
whom?
• Countries, regions, industries
• Governments, brands, bids
As long as the
customers are
willing to
accept
Explicitly define the classifications of
IoT security standardsN1
Determine the standard(s) you needN2
What do you need to invest in or
prepare for?N3
Cooperation items for adoption or
certificationN4
The benefits of obtaining the
trademark / certificateN5
7. © 2020 Onward Security Corp. All rights reserved. 6
N3. What do you need to invest in or prepare
for?
• Confirm the scope of adoption or
requirement
• Management processes, design and
development processes, products
• Confirm the accountability units
• Estimate the schedule and cost
• Interdepartmental cooperation
• Do you need the assistance of a
consulting firm?
• Look for the accredited
organization/LAB
The integration
of internal
specialists and
external
resources
Explicitly define the classifications of
IoT security standardsN1
Determine the standard(s) you needN2
What do you need to invest in or
prepare for?N3
Cooperation items for adoption or
certificationN4
The benefits of obtaining the
trademark / certificateN5
8. © 2020 Onward Security Corp. All rights reserved. 7
N4. Cooperation items for adoption or
certification
• The accountability managers or units
• The approaches for interdepartmental
communication and operation
• The adopting information related to
certification
• Departments, fields, systems, products,
devices
• The cooperation with software
technology team
Control your
schedule
effectively and
reserve more
time for
improvement
Explicitly define the classifications of
IoT security standardsN1
Determine the standard(s) you needN2
What do you need to invest in or
prepare for?N3
Cooperation items for adoption or
certificationN4
The benefits of obtaining the
trademark / certificateN5
9. © 2020 Onward Security Corp. All rights reserved. 8
N5.The benefits of obtaining the trademark /
certificate
• Conform to customer requirements
• Guarantee the quality and security
of products
• Obtain the competitive advantages
of business and marketing
promotion
Any other
benefits?
Explicitly define the classifications of
IoT security standardsN1
Determine the standard(s) you needN2
What do you need to invest in or
prepare for?N3
Cooperation items for adoption or
certificationN4
The benefits of obtaining the
trademark / certificateN5
10. © 2020 Onward Security Corp. All rights reserved. 9
02.
FAQ
of IoT security standard adoption and certification
11. © 2020 Onward Security Corp. All rights reserved. 10
5 FAQs / 5 Suggestions
Q1
Q2
Q3
S1
S2
S3
Why adopt IoT security standard?
How does it help?
Achieve security management
consensus, training
Q4
Q5
How to increase the success rate?
Senior representatives,
accountability specialists, and
cooperation mechanisms
Interdepartmental cooperation
issues?
Accountability units, automated
systems or products assistance
S4
S5
O2O courses, external
consultants, products
Choose a qualified excellent
provider
Lack of professional human
resources?
If any guarantees for obtaining
the certificates?
12. © 2020 Onward Security Corp. All rights reserved. 11
03.1.
Use case of IoT devices
13. © 2020 Onward Security Corp. All rights reserved. 12
Use case of IoT devices
Secure smart
home IoT
devices
Equipped
wireless network
function
Intended to enter
the U.S. market
The customer
didn’t know what
to do
Limited time and
budget
Must have the
certificate or the
trademark
14. © 2020 Onward Security Corp. All rights reserved. 13
Three levels of certification
Level 1
Core security
Level 2
Enhanced security
Level 3
Advanced security
GPS dog collars
Washing machines
GPS trackers
Smart home security systems
Mobile payment
devices
Connected
streetlights
Traffic controllers
Blood glucose
meters
Gas meters
* Reference from CTIA certification
15. © 2020 Onward Security Corp. All rights reserved. 14
Submit paperwork
Least 3 samples to CATL
Eliminate inconsistencies or resend
samples
Receive the notification Device has been certified
Samples are
consistent with the
application
No
PASS
Receive the samples
Receive and test
Pass / Fail
Upload test report
Document and
payment
checking
Resubmit the samples
Fail
All completed
Incomplete
IoT OEM CTIA
Submission process
16. © 2020 Onward Security Corp. All rights reserved. 15
03.2.
Use case
of IIoT development process
17. © 2020 Onward Security Corp. All rights reserved. 16
USe case of IIoT development process
Self-developed
industrial control
products
Equipped
networking
function
Intended to
export to Europe
and the U.S.
Had a certain
amount of
shipment
Limited time and
budget
Must have the
certificate or the
trademark
18. © 2020 Onward Security Corp. All rights reserved. 17
IEC 62443 standards
IEC 62443-1-1
Terms / concept /
model
IEC 62443-1-2
Terms /
abbreviations /
glossary
IEC 62443-1-3
System security
compliance
standards
IEC 62443-1-4
IACS security
lifecycle and
adoption cases
IEC 62443-2-1
Security plans and
requirements of
IACS asset owner
IEC 62443-2-2
IACS protection
grading
IEC 62443-2-3
The IACS environment
patches / vulnerabilities
management
IEC 62443-2-4
Security plans and
requirements
of IACS service
provider
IEC 62443-2-5
System security
management
implementation guide
for IACS asset owner
IEC 62443-3-1
IACS security
technologies
IEC 62443-3-2
Security risk
assessment
and system design
IEC 62443-3-3
System security
requirements
and grading
IEC 62443-4-1
Secure product
development lifecycle
requirements
IEC 62443-4-2
IACS components
technical security
requirements
19. © 2020 Onward Security Corp. All rights reserved. 18
Maturity Level Category
ML 1 Initial
ML 2 Managed
ML 3
Defined
(Practiced)
ML 4 Improved
Participants & maturity levels
Participant Work Content
CIIP/ IIOT Owner
Determine the maturity level
for the equipment provider
SI
Determine the maturity level
for the developer
Vendor
Comply with the required
maturity level
20. © 2020 Onward Security Corp. All rights reserved. 19
Pre-SDL
Training
Phase 1
Requirement
Phase 2
Design
Phase 3
Implementation
Phase 4
Verification
Phase 5
Release
Post-SDL
Requirement
response
Security policy delivery or
training
Security standard &
industrial
requirement
Risk and impact analysis
Security implementation
Security testing and
analysis
Security maintenance
Incident
response
Source: http://hwang.cisdept.cpp.edu/swanew/SDLC.aspx?m=SDLC-Microsoft-SDL
Security management (SM)
Secure development lifecycle
21. © 2020 Onward Security Corp. All rights reserved. 20
IEC 62443 certification process
Manufacturer Consulting company CBTL/NCB
Determine the scope
and certification level
Perform consulting and
testing service
Submit the application
Perform assessment of
certification
Certification acquired
22. © 2020 Onward Security Corp. All rights reserved. 21
Conclusion and suggestion
04.
23. © 2020 Onward Security Corp. All rights reserved. 22
Conclusion and suggestion
Why do IoT devices need security
standard adoption and certification?
Conform to
customer’s
requirements
Sales
Enhance product
competitiveness
Sales/PM/RD
Build a good
corporate image
Marketing
Increase
enterprise sales
revenue
Convert security
costs into benefits
24. © 2020 Onward Security Corp. All rights reserved. 23
If you still have confusions or questions about
the security standard adoption and certification
25. © 2020 Onward Security Corp. All rights reserved. 24
If you still have confusions or questions about
the security standard adoption and certification
26. © 2020 Onward Security Corp. All rights reserved. 25
Q & A
05
Hinweis der Redaktion 外框 藍 STD但沒證照
外框 橙 TR
外框 紅 STD且有證照
字 黑 已發行或可以買到
字 綠 正在開發或改版中
1. 一般(General):
所有與標準理念及其基礎概念、條款和方法有關的所有資料文件
2. 政策與步驟(Policies& Procedures):
概述了工業自動化和控制系統訊息技術安全管理體系及必要要求
3. 系統(System):
提出了技術規範,作為工業自動化和控制系統(IACS)的設計指導,其中 IACS 是一種由數據採集與監控系統(SCADA)應用、程序邏輯控制系統(PLCs)、現場總線、致動器和傳感器等不同元件組成的一種訊息技術系統。
4. 元件(Component):
控制系統元件的設計與開發要求。
Security Management(安全管理)
Specification of Security Requirements(安全要求規範)
Secure by Design(安全設計)
Security Implementation(安全實作)
Security Verification and Validation testing(安全確認與驗證測試)
Management of Security-related issues(安全相關議題管理) -DM
Security Update Management (安全更新管理) –SUM
Security Guidelines (安全指南)