SlideShare a Scribd company logo

6 martin heininger - security in embedded systems - the upcoming challenge

I
Ievgenii Katsan

This document discusses security challenges for embedded systems and potential solutions. It provides an overview of HEICON, a German engineering company specialized in embedded software. The document outlines trends like increased interconnectivity exposing embedded systems to attacks. It also summarizes relevant industry standards and norms for security and embedded systems. Potential solutions discussed include designing security into systems through techniques like secure interfaces and access control as well as implementing defense-in-depth strategies.

Technology
1 of 20
Download to read offline
1© HEICON – Global Engineering GmbH HEICON Global Engineering GmbH Kreuzweg 22, 88477 Schwendi Internet: www.heicon-ulm.de Blog: http://blog.heicon-ulm.de Security in Embedded Systems – The upcoming challenge
2© HEICON – Global Engineering GmbH HEICON is a specialized engineering company which provides consulting- and development support with a focus on software-based embedded systems. The efficient implementation of methods and processes is the area of our engagement. Founding: 2018 Headquarter: South of Germany (Memmingen) Membership: Employees: 1 Legal form: GmbH Revenue Distribution: HEICON 71% 72% 39% 16% 23% 20% 28% 36% 35% 6% 18% 14% 4% 3% 10% 11% 19% 1% 2% 8% 19% 18% 2% 8% 4% 5% 7% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2013 2014 2015 2016 2017 Other Sectors Military Space Railway Industrial Automation Automotive Aerospace
3© HEICON – Global Engineering GmbH HEICON Aero- space Auto- motive Railway Industry Defence Agri- culture HEICON - Starter HEICON - Consulting HEICON - Services HEICON - Training HEICON - Webinars
4© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
5© HEICON – Global Engineering GmbH Megatrends - Security
6© HEICON – Global Engineering GmbH Megatrends - Security
7© HEICON – Global Engineering GmbH  Massive interconnection of previously independent embedded systems  Enabling malicious attacks on almost all existing embedded systems  Functional Safety relevant Products have to be made secure  Embedded systems have to be made secure against external attacks Megatrends - Security
8© HEICON – Global Engineering GmbH Some futuristic (?) scenarios:  Mass shutdown of private household heating systems by attacking software systems from market leaders  Malicious remote control of highly automated cars Collapse of the electricity supply in Europe due to deliberate wrong connection and disconnection of large power plants or consumers  Damage to health through intentional wrong control of medical devices  Remote-controlled crash of aircrafts Megatrends - Security
9© HEICON – Global Engineering GmbH Megatrends - Security Attack scenarios  Denial of Service  Men in the Middle
10© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
11© HEICON – Global Engineering GmbH Current situation on Standards and Norms Federal Office for Information Security Act: German Federal Office for Information Security developed a procedure for identifying and implementing security measures of the company's own information technology (IT). The aim of basic protection is to achieve an adequate level of protection for IT systems; The basic IT protection catalogues recommend technical security measures and infrastructural, organizational and personnel protection measures.
12© HEICON – Global Engineering GmbH Current situation on Standards and Norms ISO 27001:  Definition of security requirements and objectives for information security  Cost-efficient management of security risks  Ensuring compliance with laws and regulations  Process framework for the implementation and management of measures to ensure specific information security objectives  Definition of new information security management processes  For auditors to determine the degree of implementation of guidelines and standards
13© HEICON – Global Engineering GmbH Terminology, concepts and models Master glossary of terms and abbreviations System security compliance metrics IACS security lifecycle and use-case 1-1 1-2 1-3 1-4 Req. for an IACS security mgt system Implement. guid- ance for an IACS security mgt syst. Patch manage- ment in the IACS environment Installation and maintenance req. for IACS suppliers 2-1 2-2 2-3 2-4 Security technologies for IACS Security risk assessment and system design System sec req. and security levels 3-1 3-2 3-3 Technical security req. for IACS components 4-2 General Policy and Procedures System Component Product development requirements 4-1 Current situation on Standards and Norms IEC62443:
14© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
15© HEICON – Global Engineering GmbH Solution approaches Security Safety  Security Analyse  Security Plan  Design Security into the systems  Minimize systematic failure  Hazardous and Risk Analysis  Safety Plan  Design Safety into the System  Minimize systematic failure
16© HEICON – Global Engineering GmbH Solution approaches Security  Security Analyse  rather difficult as systems to be analysed are not fixed  Security Plan  Open point how much effort should be spent as much more dynamic is there compared to safety  Design Security into the systems  Probably the most important point  Minimize systematic failure  Probably also very important
17© HEICON – Global Engineering GmbH Solution approaches Security Design Security into the systems: Examples  Avoid back door attacks by making the RTOS interfaces secure  Limit the times when embedded system is online  Use the IT-Security mechanisms to make your Embedded System secure  Create technical mechanisms to speed up security updates for you Embedded Systems (Functional Saftey constraints have to be solved)
18© HEICON – Global Engineering GmbH Solution approaches Security Minimize systematic failure: Example  Use Security Coding guidelines (e.g. MISRA Security guidelines)  Specify your system by professional requirements including the Security aspects  Do systematic and professional security testing
19© HEICON – Global Engineering GmbH Solution approaches Defense in depth strategy Security Guidelines Security Require- mentsSecurity V&V Testing Security By design Security Imple- mentation Security Management Defense in depth strategy
20© HEICON – Global Engineering GmbH Contact - Publications Contact: HEICON – Global Engineering GmbH Martin Heininger Dipl.-Ing(FH) Kreuzweg 22 D-88477 Schwendi Tel.: +49 7353 - 98 17 81 Mobil: +49 176 - 24 73 99 60 martin.heininger@heicon-ulm.de http://www.heicon-ulm.de Publications: Testing power electronics according ISO26262, ATZ 04/15 Monthly: Blog article about Functional Safety Topics: http://blog.heicon- ulm.de

Recommended

Security policy and standards
Security policy and standardsSecurity policy and standards
Security policy and standards
Wilson Musyoka
 
Ch.5 rq (1)
Ch.5 rq (1)Ch.5 rq (1)
Ch.5 rq (1)
anthnydvs
 
I-CERT
I-CERTI-CERT
I-CERT
Syed Ahmad Raza
 
ADDRESSING CORPORATE CONCERNS
ADDRESSING CORPORATE CONCERNSADDRESSING CORPORATE CONCERNS
ADDRESSING CORPORATE CONCERNS
zohaibqadir
 
ISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiISO 27001 Certification in Dubai
ISO 27001 Certification in Dubai
Mike Walker
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnel
Dhani Ahmad
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
SAROJ BEHERA
 
AI for Resilient Infrastructures
AI for Resilient InfrastructuresAI for Resilient Infrastructures
AI for Resilient Infrastructures
ADTELLIGENCE GmbH
 

Recommended

Security policy and standards
Security policy and standardsSecurity policy and standards
Security policy and standards
Wilson Musyoka
 
Ch.5 rq (1)
Ch.5 rq (1)Ch.5 rq (1)
Ch.5 rq (1)
anthnydvs
 
I-CERT
I-CERTI-CERT
I-CERT
Syed Ahmad Raza
 
ADDRESSING CORPORATE CONCERNS
ADDRESSING CORPORATE CONCERNSADDRESSING CORPORATE CONCERNS
ADDRESSING CORPORATE CONCERNS
zohaibqadir
 
ISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiISO 27001 Certification in Dubai
ISO 27001 Certification in Dubai
Mike Walker
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnel
Dhani Ahmad
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
SAROJ BEHERA
 
AI for Resilient Infrastructures
AI for Resilient InfrastructuresAI for Resilient Infrastructures
AI for Resilient Infrastructures
ADTELLIGENCE GmbH
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
Naresh Rao
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
CUNIX INDIA
 
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Craig Thornton
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
NA Putra
 
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Storage Switzerland
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegify
flashnewsrelease
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
MLG College of Learning, Inc
 
Specialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsSpecialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionals
Georges Ataya
 
Privacy & security in heath care it
Privacy & security in heath care itPrivacy & security in heath care it
Privacy & security in heath care it
Dhani Ahmad
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementation
himalya sharma
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Security
anilchip
 
Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?
Fairuz Rafique
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?
ESET
 
Flipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in CyberFlipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in Cyber
scoopnewsgroup
 
Hima cyber security
Hima cyber securityHima cyber security
Hima cyber security
ie-net ingenieursvereniging vzw
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)
NoCodeHardening
 
Hardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyHardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security Strategy
NoCodeHardening
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
DefCamp
 

More Related Content

What's hot

ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
Naresh Rao
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
CUNIX INDIA
 
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Craig Thornton
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
NA Putra
 
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Storage Switzerland
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegify
flashnewsrelease
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
MLG College of Learning, Inc
 
Specialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsSpecialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionals
Georges Ataya
 
Privacy & security in heath care it
Privacy & security in heath care itPrivacy & security in heath care it
Privacy & security in heath care it
Dhani Ahmad
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementation
himalya sharma
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Security
anilchip
 
Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?
Fairuz Rafique
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?
ESET
 
Flipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in CyberFlipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in Cyber
scoopnewsgroup
 

What's hot (18)

ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
 
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
 
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
Webinar: Is It Time to Upgrade Your Endpoint Data Strategy?
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegify
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
 
Specialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsSpecialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionals
 
Privacy & security in heath care it
Privacy & security in heath care itPrivacy & security in heath care it
Privacy & security in heath care it
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementation
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Security
 
Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?Galactic Security Systems - Who Owns OT Security Anyway?
Galactic Security Systems - Who Owns OT Security Anyway?
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?
 
Flipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in CyberFlipping the Script & Changing the Game in Cyber
Flipping the Script & Changing the Game in Cyber
 

Similar to 6 martin heininger - security in embedded systems - the upcoming challenge

Hima cyber security
Hima cyber securityHima cyber security
Hima cyber security
ie-net ingenieursvereniging vzw
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)
NoCodeHardening
 
Hardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyHardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security Strategy
NoCodeHardening
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
DefCamp
 
Medtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the HorizonMedtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the Horizon
team-WIBU
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - Sigfox
Sigfox
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
SsendiSamuel
 
Infosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.pptInfosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.ppt
Christophe Németh (CISSP / CISM)
 
GoSecure
GoSecureGoSecure
GoSecure
Nitesh Kulkarni
 
Khas bank isms 3 s
Khas bank isms 3 sKhas bank isms 3 s
Khas bank isms 3 s
Khaltar Togtuun
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint
e-Xpert Solutions SA
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber Security
A. V. Rajabahadur
 
How to implement security compliance with SanerNow
How to implement security compliance with SanerNowHow to implement security compliance with SanerNow
How to implement security compliance with SanerNow
SecPod
 
111.pptx
111.pptx111.pptx
111.pptx
JESUNPK
 
ISO/IEC 27001.pdf
ISO/IEC 27001.pdfISO/IEC 27001.pdf
ISO/IEC 27001.pdf
LiiewaOfficial
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
1&1
 
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to knowISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
PECB
 
Security as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionSecurity as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud Adoption
MarketingArrowECS_CZ
 
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded SystemsHow to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systems
evatjohnson
 

Similar to 6 martin heininger - security in embedded systems - the upcoming challenge (20)

Hima cyber security
Hima cyber securityHima cyber security
Hima cyber security
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)
 
Hardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyHardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security Strategy
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Medtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the HorizonMedtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the Horizon
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - Sigfox
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
Infosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.pptInfosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.ppt
 
GoSecure
GoSecureGoSecure
GoSecure
 
Khas bank isms 3 s
Khas bank isms 3 sKhas bank isms 3 s
Khas bank isms 3 s
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber Security
 
How to implement security compliance with SanerNow
How to implement security compliance with SanerNowHow to implement security compliance with SanerNow
How to implement security compliance with SanerNow
 
111.pptx
111.pptx111.pptx
111.pptx
 
ISO/IEC 27001.pdf
ISO/IEC 27001.pdfISO/IEC 27001.pdf
ISO/IEC 27001.pdf
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
 
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to knowISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
 
Security as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionSecurity as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud Adoption
 
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded SystemsHow to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systems
 

More from Ievgenii Katsan

8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love you8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love you
Ievgenii Katsan
 
5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teams5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teams
Ievgenii Katsan
 
4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterprise4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterprise
Ievgenii Katsan
 
3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s products3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s products
Ievgenii Katsan
 
7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinity7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinity
Ievgenii Katsan
 
1 hans van loenhoud -
1 hans van loenhoud - 1 hans van loenhoud -
1 hans van loenhoud -
Ievgenii Katsan
 
3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...
Ievgenii Katsan
 
5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysis5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysis
Ievgenii Katsan
 
5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...
Ievgenii Katsan
 
3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product owner3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product owner
Ievgenii Katsan
 
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
Ievgenii Katsan
 
3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...
Ievgenii Katsan
 
4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employees4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employees
Ievgenii Katsan
 
9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...
Ievgenii Katsan
 
7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...
Ievgenii Katsan
 
6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 days6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 days
Ievgenii Katsan
 
5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our reality5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our reality
Ievgenii Katsan
 
2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking game2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking game
Ievgenii Katsan
 
3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product owner3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product owner
Ievgenii Katsan
 
4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...
Ievgenii Katsan
 

More from Ievgenii Katsan (20)

8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love you8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love you
 
5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teams5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teams
 
4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterprise4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterprise
 
3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s products3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s products
 
7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinity7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinity
 
1 hans van loenhoud -
1 hans van loenhoud - 1 hans van loenhoud -
1 hans van loenhoud -
 
3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...
 
5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysis5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysis
 
5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...
 
3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product owner3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product owner
 
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
 
3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...
 
4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employees4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employees
 
9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...
 
7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...
 
6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 days6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 days
 
5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our reality5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our reality
 
2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking game2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking game
 
3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product owner3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product owner
 
4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...
 

Recently uploaded

Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
Jen Stirrup
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
Globus
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 

Recently uploaded (20)

Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 

6 martin heininger - security in embedded systems - the upcoming challenge

  • 1. 1© HEICON – Global Engineering GmbH HEICON Global Engineering GmbH Kreuzweg 22, 88477 Schwendi Internet: www.heicon-ulm.de Blog: http://blog.heicon-ulm.de Security in Embedded Systems – The upcoming challenge
  • 2. 2© HEICON – Global Engineering GmbH HEICON is a specialized engineering company which provides consulting- and development support with a focus on software-based embedded systems. The efficient implementation of methods and processes is the area of our engagement. Founding: 2018 Headquarter: South of Germany (Memmingen) Membership: Employees: 1 Legal form: GmbH Revenue Distribution: HEICON 71% 72% 39% 16% 23% 20% 28% 36% 35% 6% 18% 14% 4% 3% 10% 11% 19% 1% 2% 8% 19% 18% 2% 8% 4% 5% 7% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2013 2014 2015 2016 2017 Other Sectors Military Space Railway Industrial Automation Automotive Aerospace
  • 3. 3© HEICON – Global Engineering GmbH HEICON Aero- space Auto- motive Railway Industry Defence Agri- culture HEICON - Starter HEICON - Consulting HEICON - Services HEICON - Training HEICON - Webinars
  • 4. 4© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
  • 5. 5© HEICON – Global Engineering GmbH Megatrends - Security
  • 6. 6© HEICON – Global Engineering GmbH Megatrends - Security
  • 7. 7© HEICON – Global Engineering GmbH  Massive interconnection of previously independent embedded systems  Enabling malicious attacks on almost all existing embedded systems  Functional Safety relevant Products have to be made secure  Embedded systems have to be made secure against external attacks Megatrends - Security
  • 8. 8© HEICON – Global Engineering GmbH Some futuristic (?) scenarios:  Mass shutdown of private household heating systems by attacking software systems from market leaders  Malicious remote control of highly automated cars Collapse of the electricity supply in Europe due to deliberate wrong connection and disconnection of large power plants or consumers  Damage to health through intentional wrong control of medical devices  Remote-controlled crash of aircrafts Megatrends - Security
  • 9. 9© HEICON – Global Engineering GmbH Megatrends - Security Attack scenarios  Denial of Service  Men in the Middle
  • 10. 10© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
  • 11. 11© HEICON – Global Engineering GmbH Current situation on Standards and Norms Federal Office for Information Security Act: German Federal Office for Information Security developed a procedure for identifying and implementing security measures of the company's own information technology (IT). The aim of basic protection is to achieve an adequate level of protection for IT systems; The basic IT protection catalogues recommend technical security measures and infrastructural, organizational and personnel protection measures.
  • 12. 12© HEICON – Global Engineering GmbH Current situation on Standards and Norms ISO 27001:  Definition of security requirements and objectives for information security  Cost-efficient management of security risks  Ensuring compliance with laws and regulations  Process framework for the implementation and management of measures to ensure specific information security objectives  Definition of new information security management processes  For auditors to determine the degree of implementation of guidelines and standards
  • 13. 13© HEICON – Global Engineering GmbH Terminology, concepts and models Master glossary of terms and abbreviations System security compliance metrics IACS security lifecycle and use-case 1-1 1-2 1-3 1-4 Req. for an IACS security mgt system Implement. guid- ance for an IACS security mgt syst. Patch manage- ment in the IACS environment Installation and maintenance req. for IACS suppliers 2-1 2-2 2-3 2-4 Security technologies for IACS Security risk assessment and system design System sec req. and security levels 3-1 3-2 3-3 Technical security req. for IACS components 4-2 General Policy and Procedures System Component Product development requirements 4-1 Current situation on Standards and Norms IEC62443:
  • 14. 14© HEICON – Global Engineering GmbH Current situation on Industry Standards and Norms Solution approaches Megatrends – Security Contact
  • 15. 15© HEICON – Global Engineering GmbH Solution approaches Security Safety  Security Analyse  Security Plan  Design Security into the systems  Minimize systematic failure  Hazardous and Risk Analysis  Safety Plan  Design Safety into the System  Minimize systematic failure
  • 16. 16© HEICON – Global Engineering GmbH Solution approaches Security  Security Analyse  rather difficult as systems to be analysed are not fixed  Security Plan  Open point how much effort should be spent as much more dynamic is there compared to safety  Design Security into the systems  Probably the most important point  Minimize systematic failure  Probably also very important
  • 17. 17© HEICON – Global Engineering GmbH Solution approaches Security Design Security into the systems: Examples  Avoid back door attacks by making the RTOS interfaces secure  Limit the times when embedded system is online  Use the IT-Security mechanisms to make your Embedded System secure  Create technical mechanisms to speed up security updates for you Embedded Systems (Functional Saftey constraints have to be solved)
  • 18. 18© HEICON – Global Engineering GmbH Solution approaches Security Minimize systematic failure: Example  Use Security Coding guidelines (e.g. MISRA Security guidelines)  Specify your system by professional requirements including the Security aspects  Do systematic and professional security testing
  • 19. 19© HEICON – Global Engineering GmbH Solution approaches Defense in depth strategy Security Guidelines Security Require- mentsSecurity V&V Testing Security By design Security Imple- mentation Security Management Defense in depth strategy
  • 20. 20© HEICON – Global Engineering GmbH Contact - Publications Contact: HEICON – Global Engineering GmbH Martin Heininger Dipl.-Ing(FH) Kreuzweg 22 D-88477 Schwendi Tel.: +49 7353 - 98 17 81 Mobil: +49 176 - 24 73 99 60 martin.heininger@heicon-ulm.de http://www.heicon-ulm.de Publications: Testing power electronics according ISO26262, ATZ 04/15 Monthly: Blog article about Functional Safety Topics: http://blog.heicon- ulm.de