SlideShare ist ein Scribd-Unternehmen logo

Cybersecurity Implementation and Certification in Practice for IoT Equipment

Als PPTX, PDF herunterladen
O
Onward Security

This document discusses implementing and certifying IoT equipment for security standards. It begins by outlining five notices for adopting IoT security standards, including explicitly defining relevant standards, determining which standards are needed, investments required, cooperation needed, and benefits of certification. It then provides FAQs and suggestions about adopting standards. Use cases of adopting standards for IoT devices and industrial IoT development processes are presented. The conclusion suggests that adopting standards can help conform to customer requirements, enhance competitiveness, build corporate image, and increase revenue. It invites any remaining questions.

Präsentationen & Vorträge
1 von 27
Leading Brand in Cybersecurity Compliance Solutions www.onwardsecurity.com Cybersecurity Implementation and Certification in Practice for IoT Equipment Onward Security
1© 2020 Onward Security Corp. All rights reserved. Notice01 FAQ02 Use Case03 Conclusion and Suggestion04 Q&A05 CONTENTS
© 2020 Onward Security Corp. All rights reserved. 2 01. Notice for IoT security standard adoption and certification
© 2020 Onward Security Corp. All rights reserved. 3 5 notices Explicitly define the classification of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
© 2020 Onward Security Corp. All rights reserved. 4 N1. Explicitly define the classifications of IoT security standards • Laws and regulations • U.S. :FIPS-140-3, … • U.K. :CPA, … • Brand compliance • Amazon、Apple、Google, … • AT&T, Nokia, Siemens, … • Industry requirements • ICT products: ISO/IEC 15408, … • IoT devices:CTIA, … • IIoT:IEC 62443, … Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5 A growing number of third-party NPOs are releasing standards / certifications / trademarks programs
© 2020 Onward Security Corp. All rights reserved. 5 N2. Determine the standard(s) you need • Do the customers have any requirements? • Regulatory requirements: Governments • Purchasers: Enterprises & consumers • Bosses: Department managers, senior managers • Where are your products sold? To whom? • Countries, regions, industries • Governments, brands, bids As long as the customers are willing to accept Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
© 2020 Onward Security Corp. All rights reserved. 6 N3. What do you need to invest in or prepare for? • Confirm the scope of adoption or requirement • Management processes, design and development processes, products • Confirm the accountability units • Estimate the schedule and cost • Interdepartmental cooperation • Do you need the assistance of a consulting firm? • Look for the accredited organization/LAB The integration of internal specialists and external resources Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
© 2020 Onward Security Corp. All rights reserved. 7 N4. Cooperation items for adoption or certification • The accountability managers or units • The approaches for interdepartmental communication and operation • The adopting information related to certification • Departments, fields, systems, products, devices • The cooperation with software technology team Control your schedule effectively and reserve more time for improvement Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
© 2020 Onward Security Corp. All rights reserved. 8 N5.The benefits of obtaining the trademark / certificate • Conform to customer requirements • Guarantee the quality and security of products • Obtain the competitive advantages of business and marketing promotion Any other benefits? Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
© 2020 Onward Security Corp. All rights reserved. 9 02. FAQ of IoT security standard adoption and certification
© 2020 Onward Security Corp. All rights reserved. 10 5 FAQs / 5 Suggestions Q1 Q2 Q3 S1 S2 S3 Why adopt IoT security standard? How does it help? Achieve security management consensus, training Q4 Q5 How to increase the success rate? Senior representatives, accountability specialists, and cooperation mechanisms Interdepartmental cooperation issues? Accountability units, automated systems or products assistance S4 S5 O2O courses, external consultants, products Choose a qualified excellent provider Lack of professional human resources? If any guarantees for obtaining the certificates?
© 2020 Onward Security Corp. All rights reserved. 11 03.1. Use case of IoT devices
© 2020 Onward Security Corp. All rights reserved. 12 Use case of IoT devices Secure smart home IoT devices Equipped wireless network function Intended to enter the U.S. market The customer didn’t know what to do Limited time and budget Must have the certificate or the trademark
© 2020 Onward Security Corp. All rights reserved. 13 Three levels of certification Level 1 Core security Level 2 Enhanced security Level 3 Advanced security GPS dog collars Washing machines GPS trackers Smart home security systems Mobile payment devices Connected streetlights Traffic controllers Blood glucose meters Gas meters * Reference from CTIA certification
© 2020 Onward Security Corp. All rights reserved. 14 Submit paperwork Least 3 samples to CATL Eliminate inconsistencies or resend samples Receive the notification Device has been certified Samples are consistent with the application No PASS Receive the samples Receive and test Pass / Fail Upload test report Document and payment checking Resubmit the samples Fail All completed Incomplete IoT OEM CTIA Submission process
© 2020 Onward Security Corp. All rights reserved. 15 03.2. Use case of IIoT development process
© 2020 Onward Security Corp. All rights reserved. 16 USe case of IIoT development process Self-developed industrial control products Equipped networking function Intended to export to Europe and the U.S. Had a certain amount of shipment Limited time and budget Must have the certificate or the trademark
© 2020 Onward Security Corp. All rights reserved. 17 IEC 62443 standards IEC 62443-1-1 Terms / concept / model IEC 62443-1-2 Terms / abbreviations / glossary IEC 62443-1-3 System security compliance standards IEC 62443-1-4 IACS security lifecycle and adoption cases IEC 62443-2-1 Security plans and requirements of IACS asset owner IEC 62443-2-2 IACS protection grading IEC 62443-2-3 The IACS environment patches / vulnerabilities management IEC 62443-2-4 Security plans and requirements of IACS service provider IEC 62443-2-5 System security management implementation guide for IACS asset owner IEC 62443-3-1 IACS security technologies IEC 62443-3-2 Security risk assessment and system design IEC 62443-3-3 System security requirements and grading IEC 62443-4-1 Secure product development lifecycle requirements IEC 62443-4-2 IACS components technical security requirements
© 2020 Onward Security Corp. All rights reserved. 18 Maturity Level Category ML 1 Initial ML 2 Managed ML 3 Defined (Practiced) ML 4 Improved Participants & maturity levels Participant Work Content CIIP/ IIOT Owner Determine the maturity level for the equipment provider SI Determine the maturity level for the developer Vendor Comply with the required maturity level
© 2020 Onward Security Corp. All rights reserved. 19 Pre-SDL Training Phase 1 Requirement Phase 2 Design Phase 3 Implementation Phase 4 Verification Phase 5 Release Post-SDL Requirement response Security policy delivery or training Security standard & industrial requirement Risk and impact analysis Security implementation Security testing and analysis Security maintenance Incident response Source: http://hwang.cisdept.cpp.edu/swanew/SDLC.aspx?m=SDLC-Microsoft-SDL Security management (SM) Secure development lifecycle
© 2020 Onward Security Corp. All rights reserved. 20 IEC 62443 certification process Manufacturer Consulting company CBTL/NCB Determine the scope and certification level Perform consulting and testing service Submit the application Perform assessment of certification Certification acquired
© 2020 Onward Security Corp. All rights reserved. 21 Conclusion and suggestion 04.
© 2020 Onward Security Corp. All rights reserved. 22 Conclusion and suggestion Why do IoT devices need security standard adoption and certification? Conform to customer’s requirements Sales Enhance product competitiveness Sales/PM/RD Build a good corporate image Marketing Increase enterprise sales revenue Convert security costs into benefits
© 2020 Onward Security Corp. All rights reserved. 23 If you still have confusions or questions about the security standard adoption and certification
© 2020 Onward Security Corp. All rights reserved. 24 If you still have confusions or questions about the security standard adoption and certification
© 2020 Onward Security Corp. All rights reserved. 25 Q & A 05
Leading Brand in Cybersecurity Compliance Solutions THANK Y U

Empfohlen

国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析
Onward Security
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT Cybersecurity
Onward Security
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
Nozomi Networks
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
Digital Bond
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
Nozomi Networks
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks
 
第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンス第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンス
chomchana trevai
 

Empfohlen

国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析
Onward Security
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT Cybersecurity
Onward Security
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
Nozomi Networks
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
Digital Bond
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
Nozomi Networks
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks
 
第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンス第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンス
chomchana trevai
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
Itex Solutions
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
Derek Harp
 
Securing Industrial Control Systems
Securing Industrial Control SystemsSecuring Industrial Control Systems
Securing Industrial Control Systems
Eric Andresen
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
Chris Sistrunk
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
Eran Goldstein
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
Alan Tatourian
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
majolic
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Ahmed Al Enizi
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
Jiunn-Jer Sun
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
North Texas Chapter of the ISSA
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB
 
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Kaspersky
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
Digital Bond
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
Deepakraj Sahu
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
Jim Gilsinn
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
TI Safe
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
James Nesbitt
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity Standards
Yokogawa1
 
Securing the IoT Value Chain with AWS
Securing the IoT Value Chain with AWSSecuring the IoT Value Chain with AWS
Securing the IoT Value Chain with AWS
Gabriel Paredes Loza
 
Comptia security-sy0-401
Comptia security-sy0-401Comptia security-sy0-401
Comptia security-sy0-401
pgupta101
 

Weitere ähnliche Inhalte

Was ist angesagt?

Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
majolic
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
North Texas Chapter of the ISSA
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
Deepakraj Sahu
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
James Nesbitt
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity Standards
Yokogawa1
 

Was ist angesagt? (20)

Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
 
Securing Industrial Control Systems
Securing Industrial Control SystemsSecuring Industrial Control Systems
Securing Industrial Control Systems
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
 
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity Standards
 

Ähnlich wie Cybersecurity Implementation and Certification in Practice for IoT Equipment

Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Cloud Standards Customer Council
 
Sec+ start guide #30001
Sec+ start guide #30001Sec+ start guide #30001
Sec+ start guide #30001
kmperkins85
 
[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...
[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...
[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...
Roland Atoui
 

Ähnlich wie Cybersecurity Implementation and Certification in Practice for IoT Equipment (20)

Securing the IoT Value Chain with AWS
Securing the IoT Value Chain with AWSSecuring the IoT Value Chain with AWS
Securing the IoT Value Chain with AWS
 
Comptia security-sy0-401
Comptia security-sy0-401Comptia security-sy0-401
Comptia security-sy0-401
 
Eurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentationEurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentation
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR Proposal
 
Industry 4.0 Security
Industry 4.0 SecurityIndustry 4.0 Security
Industry 4.0 Security
 
How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationHow to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical Information
 
Security+ Course Overview (2008)
Security+ Course Overview (2008)Security+ Course Overview (2008)
Security+ Course Overview (2008)
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges
 
Product security program slideshare
Product security program slideshareProduct security program slideshare
Product security program slideshare
 
Certified Internet of Things Specialist ( CIoTS )
Certified Internet of Things Specialist ( CIoTS ) Certified Internet of Things Specialist ( CIoTS )
Certified Internet of Things Specialist ( CIoTS )
 
Sec+ start guide #30001
Sec+ start guide #30001Sec+ start guide #30001
Sec+ start guide #30001
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
Bhadale group of companies quality standards catalogue
Bhadale group of companies quality standards catalogueBhadale group of companies quality standards catalogue
Bhadale group of companies quality standards catalogue
 
Medical Device UDI Compliance in the Cloud
Medical Device UDI Compliance in the CloudMedical Device UDI Compliance in the Cloud
Medical Device UDI Compliance in the Cloud
 
Ravi i ot-security
Ravi i ot-securityRavi i ot-security
Ravi i ot-security
 
[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...
[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...
[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 

Kürzlich hochgeladen

Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Kayode Fayemi
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
Kayode Fayemi
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Delhi Call girls
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
 

Kürzlich hochgeladen (20)

My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 
Causes of poverty in France presentation.pptx
Causes of poverty in France presentation.pptxCauses of poverty in France presentation.pptx
Causes of poverty in France presentation.pptx
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 

Cybersecurity Implementation and Certification in Practice for IoT Equipment

  • 1. Leading Brand in Cybersecurity Compliance Solutions www.onwardsecurity.com Cybersecurity Implementation and Certification in Practice for IoT Equipment Onward Security
  • 2. 1© 2020 Onward Security Corp. All rights reserved. Notice01 FAQ02 Use Case03 Conclusion and Suggestion04 Q&A05 CONTENTS
  • 3. © 2020 Onward Security Corp. All rights reserved. 2 01. Notice for IoT security standard adoption and certification
  • 4. © 2020 Onward Security Corp. All rights reserved. 3 5 notices Explicitly define the classification of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
  • 5. © 2020 Onward Security Corp. All rights reserved. 4 N1. Explicitly define the classifications of IoT security standards • Laws and regulations • U.S. :FIPS-140-3, … • U.K. :CPA, … • Brand compliance • Amazon、Apple、Google, … • AT&T, Nokia, Siemens, … • Industry requirements • ICT products: ISO/IEC 15408, … • IoT devices:CTIA, … • IIoT:IEC 62443, … Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5 A growing number of third-party NPOs are releasing standards / certifications / trademarks programs
  • 6. © 2020 Onward Security Corp. All rights reserved. 5 N2. Determine the standard(s) you need • Do the customers have any requirements? • Regulatory requirements: Governments • Purchasers: Enterprises & consumers • Bosses: Department managers, senior managers • Where are your products sold? To whom? • Countries, regions, industries • Governments, brands, bids As long as the customers are willing to accept Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
  • 7. © 2020 Onward Security Corp. All rights reserved. 6 N3. What do you need to invest in or prepare for? • Confirm the scope of adoption or requirement • Management processes, design and development processes, products • Confirm the accountability units • Estimate the schedule and cost • Interdepartmental cooperation • Do you need the assistance of a consulting firm? • Look for the accredited organization/LAB The integration of internal specialists and external resources Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
  • 8. © 2020 Onward Security Corp. All rights reserved. 7 N4. Cooperation items for adoption or certification • The accountability managers or units • The approaches for interdepartmental communication and operation • The adopting information related to certification • Departments, fields, systems, products, devices • The cooperation with software technology team Control your schedule effectively and reserve more time for improvement Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
  • 9. © 2020 Onward Security Corp. All rights reserved. 8 N5.The benefits of obtaining the trademark / certificate • Conform to customer requirements • Guarantee the quality and security of products • Obtain the competitive advantages of business and marketing promotion Any other benefits? Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
  • 10. © 2020 Onward Security Corp. All rights reserved. 9 02. FAQ of IoT security standard adoption and certification
  • 11. © 2020 Onward Security Corp. All rights reserved. 10 5 FAQs / 5 Suggestions Q1 Q2 Q3 S1 S2 S3 Why adopt IoT security standard? How does it help? Achieve security management consensus, training Q4 Q5 How to increase the success rate? Senior representatives, accountability specialists, and cooperation mechanisms Interdepartmental cooperation issues? Accountability units, automated systems or products assistance S4 S5 O2O courses, external consultants, products Choose a qualified excellent provider Lack of professional human resources? If any guarantees for obtaining the certificates?
  • 12. © 2020 Onward Security Corp. All rights reserved. 11 03.1. Use case of IoT devices
  • 13. © 2020 Onward Security Corp. All rights reserved. 12 Use case of IoT devices Secure smart home IoT devices Equipped wireless network function Intended to enter the U.S. market The customer didn’t know what to do Limited time and budget Must have the certificate or the trademark
  • 14. © 2020 Onward Security Corp. All rights reserved. 13 Three levels of certification Level 1 Core security Level 2 Enhanced security Level 3 Advanced security GPS dog collars Washing machines GPS trackers Smart home security systems Mobile payment devices Connected streetlights Traffic controllers Blood glucose meters Gas meters * Reference from CTIA certification
  • 15. © 2020 Onward Security Corp. All rights reserved. 14 Submit paperwork Least 3 samples to CATL Eliminate inconsistencies or resend samples Receive the notification Device has been certified Samples are consistent with the application No PASS Receive the samples Receive and test Pass / Fail Upload test report Document and payment checking Resubmit the samples Fail All completed Incomplete IoT OEM CTIA Submission process
  • 16. © 2020 Onward Security Corp. All rights reserved. 15 03.2. Use case of IIoT development process
  • 17. © 2020 Onward Security Corp. All rights reserved. 16 USe case of IIoT development process Self-developed industrial control products Equipped networking function Intended to export to Europe and the U.S. Had a certain amount of shipment Limited time and budget Must have the certificate or the trademark
  • 18. © 2020 Onward Security Corp. All rights reserved. 17 IEC 62443 standards IEC 62443-1-1 Terms / concept / model IEC 62443-1-2 Terms / abbreviations / glossary IEC 62443-1-3 System security compliance standards IEC 62443-1-4 IACS security lifecycle and adoption cases IEC 62443-2-1 Security plans and requirements of IACS asset owner IEC 62443-2-2 IACS protection grading IEC 62443-2-3 The IACS environment patches / vulnerabilities management IEC 62443-2-4 Security plans and requirements of IACS service provider IEC 62443-2-5 System security management implementation guide for IACS asset owner IEC 62443-3-1 IACS security technologies IEC 62443-3-2 Security risk assessment and system design IEC 62443-3-3 System security requirements and grading IEC 62443-4-1 Secure product development lifecycle requirements IEC 62443-4-2 IACS components technical security requirements
  • 19. © 2020 Onward Security Corp. All rights reserved. 18 Maturity Level Category ML 1 Initial ML 2 Managed ML 3 Defined (Practiced) ML 4 Improved Participants & maturity levels Participant Work Content CIIP/ IIOT Owner Determine the maturity level for the equipment provider SI Determine the maturity level for the developer Vendor Comply with the required maturity level
  • 20. © 2020 Onward Security Corp. All rights reserved. 19 Pre-SDL Training Phase 1 Requirement Phase 2 Design Phase 3 Implementation Phase 4 Verification Phase 5 Release Post-SDL Requirement response Security policy delivery or training Security standard & industrial requirement Risk and impact analysis Security implementation Security testing and analysis Security maintenance Incident response Source: http://hwang.cisdept.cpp.edu/swanew/SDLC.aspx?m=SDLC-Microsoft-SDL Security management (SM) Secure development lifecycle
  • 21. © 2020 Onward Security Corp. All rights reserved. 20 IEC 62443 certification process Manufacturer Consulting company CBTL/NCB Determine the scope and certification level Perform consulting and testing service Submit the application Perform assessment of certification Certification acquired
  • 22. © 2020 Onward Security Corp. All rights reserved. 21 Conclusion and suggestion 04.
  • 23. © 2020 Onward Security Corp. All rights reserved. 22 Conclusion and suggestion Why do IoT devices need security standard adoption and certification? Conform to customer’s requirements Sales Enhance product competitiveness Sales/PM/RD Build a good corporate image Marketing Increase enterprise sales revenue Convert security costs into benefits
  • 24. © 2020 Onward Security Corp. All rights reserved. 23 If you still have confusions or questions about the security standard adoption and certification
  • 25. © 2020 Onward Security Corp. All rights reserved. 24 If you still have confusions or questions about the security standard adoption and certification
  • 26. © 2020 Onward Security Corp. All rights reserved. 25 Q & A 05
  • 27. Leading Brand in Cybersecurity Compliance Solutions THANK Y U

Hinweis der Redaktion

  1. 外框 藍 STD但沒證照 外框 橙 TR 外框 紅 STD且有證照 字 黑 已發行或可以買到 字 綠 正在開發或改版中 1. 一般(General):  所有與標準理念及其基礎概念、條款和方法有關的所有資料文件 2. 政策與步驟(Policies& Procedures): 概述了工業自動化和控制系統訊息技術安全管理體系及必要要求 3. 系統(System): 提出了技術規範,作為工業自動化和控制系統(IACS)的設計指導,其中 IACS 是一種由數據採集與監控系統(SCADA)應用、程序邏輯控制系統(PLCs)、現場總線、致動器和傳感器等不同元件組成的一種訊息技術系統。 4. 元件(Component): 控制系統元件的設計與開發要求。  
  2. Security Management(安全管理) Specification of Security Requirements(安全要求規範) Secure by Design(安全設計) Security Implementation(安全實作) Security Verification and Validation testing(安全確認與驗證測試) Management of Security-related issues(安全相關議題管理) -DM Security Update Management (安全更新管理) –SUM Security Guidelines (安全指南)