SlideShare a Scribd company logo

6 martin heininger - security in embedded systems - the upcoming challenge

I
Ievgenii Katsan

martin heininger - security in embedded systems - the upcoming challenge

Technology
1 of 20
Download to read offline
1© HEICON – Global Engineering GmbH HEICON Global Engineering GmbH Kreuzweg 22, 88477 Schwendi Internet: www.heicon-ulm.de Blog: http://blog.heicon-ulm.de Security in Embedded Systems – The upcoming challenge
2© HEICON – Global Engineering GmbH HEICON is a specialized engineering company which provides consulting- and development support with a focus on software-based embedded systems. The efficient implementation of methods and processes is the area of our engagement. Founding: 2018 Headquarter: South of Germany (Memmingen) Membership: Employees: 1 Legal form: GmbH Revenue Distribution: HEICON 71% 72% 39% 16% 23% 20% 28% 36% 35% 6% 18% 14% 4% 3% 10% 11% 19% 1% 2% 8% 19% 18% 2% 8% 4% 5% 7% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2013 2014 2015 2016 2017 Other Sectors Military Space Railway Industrial Automation Automotive Aerospace
3© HEICON – Global Engineering GmbH HEICON Aero- space Auto- motive Railway Industry Defence Agri- culture HEICON - Starter HEICON - Consulting HEICON - Services HEICON - Training HEICON - Webinars
4© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
5© HEICON – Global Engineering GmbH Megatrends - Security
6© HEICON – Global Engineering GmbH Megatrends - Security
7© HEICON – Global Engineering GmbH  Massive interconnection of previously independent embedded systems  Enabling malicious attacks on almost all existing embedded systems  Functional Safety relevant Products have to be made secure  Embedded systems have to be made secure against external attacks Megatrends - Security
8© HEICON – Global Engineering GmbH Some futuristic (?) scenarios:  Mass shutdown of private household heating systems by attacking software systems from market leaders  Malicious remote control of highly automated cars Collapse of the electricity supply in Europe due to deliberate wrong connection and disconnection of large power plants or consumers  Damage to health through intentional wrong control of medical devices  Remote-controlled crash of aircrafts Megatrends - Security
9© HEICON – Global Engineering GmbH Megatrends - Security Attack scenarios  Denial of Service  Men in the Middle
10© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
11© HEICON – Global Engineering GmbH Current situation on Standards and Norms Federal Office for Information Security Act: German Federal Office for Information Security developed a procedure for identifying and implementing security measures of the company's own information technology (IT). The aim of basic protection is to achieve an adequate level of protection for IT systems; The basic IT protection catalogues recommend technical security measures and infrastructural, organizational and personnel protection measures.
12© HEICON – Global Engineering GmbH Current situation on Standards and Norms ISO 27001:  Definition of security requirements and objectives for information security  Cost-efficient management of security risks  Ensuring compliance with laws and regulations  Process framework for the implementation and management of measures to ensure specific information security objectives  Definition of new information security management processes  For auditors to determine the degree of implementation of guidelines and standards
13© HEICON – Global Engineering GmbH Terminology, concepts and models Master glossary of terms and abbreviations System security compliance metrics IACS security lifecycle and use-case 1-1 1-2 1-3 1-4 Req. for an IACS security mgt system Implement. guid- ance for an IACS security mgt syst. Patch manage- ment in the IACS environment Installation and maintenance req. for IACS suppliers 2-1 2-2 2-3 2-4 Security technologies for IACS Security risk assessment and system design System sec req. and security levels 3-1 3-2 3-3 Technical security req. for IACS components 4-2 General Policy and Procedures System Component Product development requirements 4-1 Current situation on Standards and Norms IEC62443:
14© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
15© HEICON – Global Engineering GmbH Solution approaches Security Safety  Security Analyse  Security Plan  Design Security into the systems  Minimize systematic failure  Hazardous and Risk Analysis  Safety Plan  Design Safety into the System  Minimize systematic failure
16© HEICON – Global Engineering GmbH Solution approaches Security  Security Analyse  rather difficult as systems to be analysed are not fixed  Security Plan  Open point how much effort should be spent as much more dynamic is there compared to safety  Design Security into the systems  Probably the most important point  Minimize systematic failure  Probably also very important
17© HEICON – Global Engineering GmbH Solution approaches Security Design Security into the systems: Examples  Avoid back door attacks by making the RTOS interfaces secure  Limit the times when embedded system is online  Use the IT-Security mechanisms to make your Embedded System secure  Create technical mechanisms to speed up security updates for you Embedded Systems (Functional Saftey constraints have to be solved)
18© HEICON – Global Engineering GmbH Solution approaches Security Minimize systematic failure: Example  Use Security Coding guidelines (e.g. MISRA Security guidelines)  Specify your system by professional requirements including the Security aspects  Do systematic and professional security testing
19© HEICON – Global Engineering GmbH Solution approaches Defense in depth strategy Security Guidelines Security Require- mentsSecurity V&V Testing Security By design Security Imple- mentation Security Management Defense in depth strategy
20© HEICON – Global Engineering GmbH Contact - Publications Contact: HEICON – Global Engineering GmbH Martin Heininger Dipl.-Ing(FH) Kreuzweg 22 D-88477 Schwendi Tel.: +49 7353 - 98 17 81 Mobil: +49 176 - 24 73 99 60 martin.heininger@heicon-ulm.de http://www.heicon-ulm.de Publications: Testing power electronics according ISO26262, ATZ 04/15 Monthly: Blog article about Functional Safety Topics: http://blog.heicon- ulm.de

Recommended

Security policy and standards
Security policy and standardsSecurity policy and standards
Security policy and standardsWilson Musyoka
 
Ch.5 rq (1)
Ch.5 rq (1)Ch.5 rq (1)
Ch.5 rq (1)anthnydvs
 
I-CERT
I-CERTI-CERT
I-CERTSyed Ahmad Raza
 
ADDRESSING CORPORATE CONCERNS
ADDRESSING CORPORATE CONCERNSADDRESSING CORPORATE CONCERNS
ADDRESSING CORPORATE CONCERNSzohaibqadir
 
ISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiMike Walker
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnelDhani Ahmad
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
AI for Resilient Infrastructures
AI for Resilient InfrastructuresAI for Resilient Infrastructures
AI for Resilient InfrastructuresADTELLIGENCE GmbH
 

Recommended

Security policy and standards
Security policy and standardsSecurity policy and standards
Security policy and standardsWilson Musyoka
 
Ch.5 rq (1)
Ch.5 rq (1)Ch.5 rq (1)
Ch.5 rq (1)anthnydvs
 
I-CERT
I-CERTI-CERT
I-CERTSyed Ahmad Raza
 
ADDRESSING CORPORATE CONCERNS
ADDRESSING CORPORATE CONCERNSADDRESSING CORPORATE CONCERNS
ADDRESSING CORPORATE CONCERNSzohaibqadir
 
ISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiMike Walker
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnelDhani Ahmad
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
AI for Resilient Infrastructures
AI for Resilient InfrastructuresAI for Resilient Infrastructures
AI for Resilient InfrastructuresADTELLIGENCE GmbH
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Craig Thornton
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?Storage Switzerland
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegifyflashnewsrelease
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information PolicyMLG College of Learning, Inc
 
Specialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsSpecialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsGeorges Ataya
 
Privacy & security in heath care it
Privacy & security in heath care itPrivacy & security in heath care it
Privacy & security in heath care itDhani Ahmad
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementationhimalya sharma
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Securityanilchip
 
Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?Fairuz Rafique
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?ESET
 
Flipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in CyberFlipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in Cyberscoopnewsgroup
 
Hima cyber security
Hima cyber securityHima cyber security
Hima cyber securityie-net ingenieursvereniging vzw
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)NoCodeHardening
 
Hardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyHardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyNoCodeHardening
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 

More Related Content

What's hot

ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Craig Thornton
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?Storage Switzerland
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegifyflashnewsrelease
 
Specialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsSpecialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsGeorges Ataya
 
Privacy & security in heath care it
Privacy & security in heath care itPrivacy & security in heath care it
Privacy & security in heath care itDhani Ahmad
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementationhimalya sharma
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Securityanilchip
 
Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?Fairuz Rafique
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?ESET
 
Flipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in CyberFlipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in Cyberscoopnewsgroup
 

What's hot (18)

ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
 
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
 
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegify
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
 
Specialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsSpecialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionals
 
Privacy & security in heath care it
Privacy & security in heath care itPrivacy & security in heath care it
Privacy & security in heath care it
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementation
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Security
 
Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?
 
Flipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in CyberFlipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in Cyber
 

Similar to 6 martin heininger - security in embedded systems - the upcoming challenge

Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)NoCodeHardening
 
Hardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyHardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyNoCodeHardening
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 
Medtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the HorizonMedtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the Horizonteam-WIBU
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxSigfox
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpointe-Xpert Solutions SA
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityA. V. Rajabahadur
 
How to implement security compliance with SanerNow
How to implement security compliance with SanerNowHow to implement security compliance with SanerNow
How to implement security compliance with SanerNowSecPod
 
111.pptx
111.pptx111.pptx
111.pptxJESUNPK
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle1&1
 
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to knowISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to knowPECB
 
Security as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionSecurity as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionMarketingArrowECS_CZ
 
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded SystemsHow to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systemsevatjohnson
 

Similar to 6 martin heininger - security in embedded systems - the upcoming challenge (20)

Hima cyber security
Hima cyber securityHima cyber security
Hima cyber security
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)
 
Hardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyHardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security Strategy
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Medtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the HorizonMedtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the Horizon
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - Sigfox
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
Infosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.pptInfosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.ppt
 
GoSecure
GoSecureGoSecure
GoSecure
 
Khas bank isms 3 s
Khas bank isms 3 sKhas bank isms 3 s
Khas bank isms 3 s
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber Security
 
How to implement security compliance with SanerNow
How to implement security compliance with SanerNowHow to implement security compliance with SanerNow
How to implement security compliance with SanerNow
 
111.pptx
111.pptx111.pptx
111.pptx
 
ISO/IEC 27001.pdf
ISO/IEC 27001.pdfISO/IEC 27001.pdf
ISO/IEC 27001.pdf
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
 
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to knowISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
 
Security as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionSecurity as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud Adoption
 
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded SystemsHow to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systems
 

More from Ievgenii Katsan

8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love you8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love youIevgenii Katsan
 
5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teams5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teamsIevgenii Katsan
 
4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterprise4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterpriseIevgenii Katsan
 
3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s products3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s productsIevgenii Katsan
 
7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinity7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinityIevgenii Katsan
 
3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...Ievgenii Katsan
 
5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysis5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysisIevgenii Katsan
 
5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...Ievgenii Katsan
 
3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product owner3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product ownerIevgenii Katsan
 
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...Ievgenii Katsan
 
3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...Ievgenii Katsan
 
4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employees4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employeesIevgenii Katsan
 
9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...Ievgenii Katsan
 
7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...Ievgenii Katsan
 
6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 days6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 daysIevgenii Katsan
 
5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our reality5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our realityIevgenii Katsan
 
2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking game2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking gameIevgenii Katsan
 
3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product owner3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product ownerIevgenii Katsan
 
4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...Ievgenii Katsan
 

More from Ievgenii Katsan (20)

8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love you8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love you
 
5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teams5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teams
 
4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterprise4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterprise
 
3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s products3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s products
 
7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinity7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinity
 
1 hans van loenhoud -
1 hans van loenhoud - 1 hans van loenhoud -
1 hans van loenhoud -
 
3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...
 
5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysis5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysis
 
5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...
 
3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product owner3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product owner
 
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
 
3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...
 
4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employees4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employees
 
9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...
 
7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...
 
6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 days6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 days
 
5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our reality5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our reality
 
2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking game2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking game
 
3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product owner3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product owner
 
4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...
 

Recently uploaded

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

6 martin heininger - security in embedded systems - the upcoming challenge

  • 1. 1© HEICON – Global Engineering GmbH HEICON Global Engineering GmbH Kreuzweg 22, 88477 Schwendi Internet: www.heicon-ulm.de Blog: http://blog.heicon-ulm.de Security in Embedded Systems – The upcoming challenge
  • 2. 2© HEICON – Global Engineering GmbH HEICON is a specialized engineering company which provides consulting- and development support with a focus on software-based embedded systems. The efficient implementation of methods and processes is the area of our engagement. Founding: 2018 Headquarter: South of Germany (Memmingen) Membership: Employees: 1 Legal form: GmbH Revenue Distribution: HEICON 71% 72% 39% 16% 23% 20% 28% 36% 35% 6% 18% 14% 4% 3% 10% 11% 19% 1% 2% 8% 19% 18% 2% 8% 4% 5% 7% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2013 2014 2015 2016 2017 Other Sectors Military Space Railway Industrial Automation Automotive Aerospace
  • 3. 3© HEICON – Global Engineering GmbH HEICON Aero- space Auto- motive Railway Industry Defence Agri- culture HEICON - Starter HEICON - Consulting HEICON - Services HEICON - Training HEICON - Webinars
  • 4. 4© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
  • 5. 5© HEICON – Global Engineering GmbH Megatrends - Security
  • 6. 6© HEICON – Global Engineering GmbH Megatrends - Security
  • 7. 7© HEICON – Global Engineering GmbH  Massive interconnection of previously independent embedded systems  Enabling malicious attacks on almost all existing embedded systems  Functional Safety relevant Products have to be made secure  Embedded systems have to be made secure against external attacks Megatrends - Security
  • 8. 8© HEICON – Global Engineering GmbH Some futuristic (?) scenarios:  Mass shutdown of private household heating systems by attacking software systems from market leaders  Malicious remote control of highly automated cars Collapse of the electricity supply in Europe due to deliberate wrong connection and disconnection of large power plants or consumers  Damage to health through intentional wrong control of medical devices  Remote-controlled crash of aircrafts Megatrends - Security
  • 9. 9© HEICON – Global Engineering GmbH Megatrends - Security Attack scenarios  Denial of Service  Men in the Middle
  • 10. 10© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
  • 11. 11© HEICON – Global Engineering GmbH Current situation on Standards and Norms Federal Office for Information Security Act: German Federal Office for Information Security developed a procedure for identifying and implementing security measures of the company's own information technology (IT). The aim of basic protection is to achieve an adequate level of protection for IT systems; The basic IT protection catalogues recommend technical security measures and infrastructural, organizational and personnel protection measures.
  • 12. 12© HEICON – Global Engineering GmbH Current situation on Standards and Norms ISO 27001:  Definition of security requirements and objectives for information security  Cost-efficient management of security risks  Ensuring compliance with laws and regulations  Process framework for the implementation and management of measures to ensure specific information security objectives  Definition of new information security management processes  For auditors to determine the degree of implementation of guidelines and standards
  • 13. 13© HEICON – Global Engineering GmbH Terminology, concepts and models Master glossary of terms and abbreviations System security compliance metrics IACS security lifecycle and use-case 1-1 1-2 1-3 1-4 Req. for an IACS security mgt system Implement. guid- ance for an IACS security mgt syst. Patch manage- ment in the IACS environment Installation and maintenance req. for IACS suppliers 2-1 2-2 2-3 2-4 Security technologies for IACS Security risk assessment and system design System sec req. and security levels 3-1 3-2 3-3 Technical security req. for IACS components 4-2 General Policy and Procedures System Component Product development requirements 4-1 Current situation on Standards and Norms IEC62443:
  • 14. 14© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
  • 15. 15© HEICON – Global Engineering GmbH Solution approaches Security Safety  Security Analyse  Security Plan  Design Security into the systems  Minimize systematic failure  Hazardous and Risk Analysis  Safety Plan  Design Safety into the System  Minimize systematic failure
  • 16. 16© HEICON – Global Engineering GmbH Solution approaches Security  Security Analyse  rather difficult as systems to be analysed are not fixed  Security Plan  Open point how much effort should be spent as much more dynamic is there compared to safety  Design Security into the systems  Probably the most important point  Minimize systematic failure  Probably also very important
  • 17. 17© HEICON – Global Engineering GmbH Solution approaches Security Design Security into the systems: Examples  Avoid back door attacks by making the RTOS interfaces secure  Limit the times when embedded system is online  Use the IT-Security mechanisms to make your Embedded System secure  Create technical mechanisms to speed up security updates for you Embedded Systems (Functional Saftey constraints have to be solved)
  • 18. 18© HEICON – Global Engineering GmbH Solution approaches Security Minimize systematic failure: Example  Use Security Coding guidelines (e.g. MISRA Security guidelines)  Specify your system by professional requirements including the Security aspects  Do systematic and professional security testing
  • 19. 19© HEICON – Global Engineering GmbH Solution approaches Defense in depth strategy Security Guidelines Security Require- mentsSecurity V&V Testing Security By design Security Imple- mentation Security Management Defense in depth strategy
  • 20. 20© HEICON – Global Engineering GmbH Contact - Publications Contact: HEICON – Global Engineering GmbH Martin Heininger Dipl.-Ing(FH) Kreuzweg 22 D-88477 Schwendi Tel.: +49 7353 - 98 17 81 Mobil: +49 176 - 24 73 99 60 martin.heininger@heicon-ulm.de http://www.heicon-ulm.de Publications: Testing power electronics according ISO26262, ATZ 04/15 Monthly: Blog article about Functional Safety Topics: http://blog.heicon- ulm.de