SlideShare a Scribd company logo

Cybersecurity Implementation and Certification in Practice for IoT Equipment

Download as PPTX, PDF
O
Onward Security

This document discusses implementing and certifying IoT equipment for security standards. It begins by outlining five notices for adopting IoT security standards, including explicitly defining relevant standards, determining which standards are needed, investments required, cooperation needed, and benefits of certification. It then provides FAQs and suggestions about adopting standards. Use cases of adopting standards for IoT devices and industrial IoT development processes are presented. The conclusion suggests that adopting standards can help conform to customer requirements, enhance competitiveness, build corporate image, and increase revenue. It invites any remaining questions.

Presentations & Public Speaking
1 of 27
Leading Brand in Cybersecurity Compliance Solutions www.onwardsecurity.com Cybersecurity Implementation and Certification in Practice for IoT Equipment Onward Security
1© 2020 Onward Security Corp. All rights reserved. Notice01 FAQ02 Use Case03 Conclusion and Suggestion04 Q&A05 CONTENTS
© 2020 Onward Security Corp. All rights reserved. 2 01. Notice for IoT security standard adoption and certification
© 2020 Onward Security Corp. All rights reserved. 3 5 notices Explicitly define the classification of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
© 2020 Onward Security Corp. All rights reserved. 4 N1. Explicitly define the classifications of IoT security standards • Laws and regulations • U.S. :FIPS-140-3, … • U.K. :CPA, … • Brand compliance • Amazon、Apple、Google, … • AT&T, Nokia, Siemens, … • Industry requirements • ICT products: ISO/IEC 15408, … • IoT devices:CTIA, … • IIoT:IEC 62443, … Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5 A growing number of third-party NPOs are releasing standards / certifications / trademarks programs
© 2020 Onward Security Corp. All rights reserved. 5 N2. Determine the standard(s) you need • Do the customers have any requirements? • Regulatory requirements: Governments • Purchasers: Enterprises & consumers • Bosses: Department managers, senior managers • Where are your products sold? To whom? • Countries, regions, industries • Governments, brands, bids As long as the customers are willing to accept Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
© 2020 Onward Security Corp. All rights reserved. 6 N3. What do you need to invest in or prepare for? • Confirm the scope of adoption or requirement • Management processes, design and development processes, products • Confirm the accountability units • Estimate the schedule and cost • Interdepartmental cooperation • Do you need the assistance of a consulting firm? • Look for the accredited organization/LAB The integration of internal specialists and external resources Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
© 2020 Onward Security Corp. All rights reserved. 7 N4. Cooperation items for adoption or certification • The accountability managers or units • The approaches for interdepartmental communication and operation • The adopting information related to certification • Departments, fields, systems, products, devices • The cooperation with software technology team Control your schedule effectively and reserve more time for improvement Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
© 2020 Onward Security Corp. All rights reserved. 8 N5.The benefits of obtaining the trademark / certificate • Conform to customer requirements • Guarantee the quality and security of products • Obtain the competitive advantages of business and marketing promotion Any other benefits? Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
© 2020 Onward Security Corp. All rights reserved. 9 02. FAQ of IoT security standard adoption and certification
© 2020 Onward Security Corp. All rights reserved. 10 5 FAQs / 5 Suggestions Q1 Q2 Q3 S1 S2 S3 Why adopt IoT security standard? How does it help? Achieve security management consensus, training Q4 Q5 How to increase the success rate? Senior representatives, accountability specialists, and cooperation mechanisms Interdepartmental cooperation issues? Accountability units, automated systems or products assistance S4 S5 O2O courses, external consultants, products Choose a qualified excellent provider Lack of professional human resources? If any guarantees for obtaining the certificates?
© 2020 Onward Security Corp. All rights reserved. 11 03.1. Use case of IoT devices
© 2020 Onward Security Corp. All rights reserved. 12 Use case of IoT devices Secure smart home IoT devices Equipped wireless network function Intended to enter the U.S. market The customer didn’t know what to do Limited time and budget Must have the certificate or the trademark
© 2020 Onward Security Corp. All rights reserved. 13 Three levels of certification Level 1 Core security Level 2 Enhanced security Level 3 Advanced security GPS dog collars Washing machines GPS trackers Smart home security systems Mobile payment devices Connected streetlights Traffic controllers Blood glucose meters Gas meters * Reference from CTIA certification
© 2020 Onward Security Corp. All rights reserved. 14 Submit paperwork Least 3 samples to CATL Eliminate inconsistencies or resend samples Receive the notification Device has been certified Samples are consistent with the application No PASS Receive the samples Receive and test Pass / Fail Upload test report Document and payment checking Resubmit the samples Fail All completed Incomplete IoT OEM CTIA Submission process
© 2020 Onward Security Corp. All rights reserved. 15 03.2. Use case of IIoT development process
© 2020 Onward Security Corp. All rights reserved. 16 USe case of IIoT development process Self-developed industrial control products Equipped networking function Intended to export to Europe and the U.S. Had a certain amount of shipment Limited time and budget Must have the certificate or the trademark
© 2020 Onward Security Corp. All rights reserved. 17 IEC 62443 standards IEC 62443-1-1 Terms / concept / model IEC 62443-1-2 Terms / abbreviations / glossary IEC 62443-1-3 System security compliance standards IEC 62443-1-4 IACS security lifecycle and adoption cases IEC 62443-2-1 Security plans and requirements of IACS asset owner IEC 62443-2-2 IACS protection grading IEC 62443-2-3 The IACS environment patches / vulnerabilities management IEC 62443-2-4 Security plans and requirements of IACS service provider IEC 62443-2-5 System security management implementation guide for IACS asset owner IEC 62443-3-1 IACS security technologies IEC 62443-3-2 Security risk assessment and system design IEC 62443-3-3 System security requirements and grading IEC 62443-4-1 Secure product development lifecycle requirements IEC 62443-4-2 IACS components technical security requirements
© 2020 Onward Security Corp. All rights reserved. 18 Maturity Level Category ML 1 Initial ML 2 Managed ML 3 Defined (Practiced) ML 4 Improved Participants & maturity levels Participant Work Content CIIP/ IIOT Owner Determine the maturity level for the equipment provider SI Determine the maturity level for the developer Vendor Comply with the required maturity level
© 2020 Onward Security Corp. All rights reserved. 19 Pre-SDL Training Phase 1 Requirement Phase 2 Design Phase 3 Implementation Phase 4 Verification Phase 5 Release Post-SDL Requirement response Security policy delivery or training Security standard & industrial requirement Risk and impact analysis Security implementation Security testing and analysis Security maintenance Incident response Source: http://hwang.cisdept.cpp.edu/swanew/SDLC.aspx?m=SDLC-Microsoft-SDL Security management (SM) Secure development lifecycle
© 2020 Onward Security Corp. All rights reserved. 20 IEC 62443 certification process Manufacturer Consulting company CBTL/NCB Determine the scope and certification level Perform consulting and testing service Submit the application Perform assessment of certification Certification acquired
© 2020 Onward Security Corp. All rights reserved. 21 Conclusion and suggestion 04.
© 2020 Onward Security Corp. All rights reserved. 22 Conclusion and suggestion Why do IoT devices need security standard adoption and certification? Conform to customer’s requirements Sales Enhance product competitiveness Sales/PM/RD Build a good corporate image Marketing Increase enterprise sales revenue Convert security costs into benefits
© 2020 Onward Security Corp. All rights reserved. 23 If you still have confusions or questions about the security standard adoption and certification
© 2020 Onward Security Corp. All rights reserved. 24 If you still have confusions or questions about the security standard adoption and certification
© 2020 Onward Security Corp. All rights reserved. 25 Q & A 05
Leading Brand in Cybersecurity Compliance Solutions THANK Y U

Recommended

国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析
Onward Security
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT Cybersecurity
Onward Security
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
Nozomi Networks
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
Digital Bond
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
Nozomi Networks
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks
 
第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンス第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンス
chomchana trevai
 

Recommended

国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析
Onward Security
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT Cybersecurity
Onward Security
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
Nozomi Networks
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
Digital Bond
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
Nozomi Networks
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks
 
第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンス第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンス
chomchana trevai
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
Itex Solutions
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
Derek Harp
 
Securing Industrial Control Systems
Securing Industrial Control SystemsSecuring Industrial Control Systems
Securing Industrial Control Systems
Eric Andresen
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
Chris Sistrunk
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
Eran Goldstein
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
Alan Tatourian
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Ahmed Al Enizi
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
Jiunn-Jer Sun
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
North Texas Chapter of the ISSA
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB
 
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Kaspersky
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
Digital Bond
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
Deepakraj Sahu
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
Jim Gilsinn
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
TI Safe
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
James Nesbitt
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity Standards
Yokogawa1
 
Securing the IoT Value Chain with AWS
Securing the IoT Value Chain with AWSSecuring the IoT Value Chain with AWS
Securing the IoT Value Chain with AWS
Gabriel Paredes Loza
 
Comptia security-sy0-401
Comptia security-sy0-401Comptia security-sy0-401
Comptia security-sy0-401
pgupta101
 

More Related Content

What's hot

Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
Itex Solutions
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
Derek Harp
 
Securing Industrial Control Systems
Securing Industrial Control SystemsSecuring Industrial Control Systems
Securing Industrial Control Systems
Eric Andresen
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
Chris Sistrunk
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
Eran Goldstein
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
Alan Tatourian
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Ahmed Al Enizi
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
Jiunn-Jer Sun
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
North Texas Chapter of the ISSA
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB
 
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Kaspersky
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
Digital Bond
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
Deepakraj Sahu
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
Jim Gilsinn
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
TI Safe
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
James Nesbitt
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity Standards
Yokogawa1
 

What's hot (20)

Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
 
Securing Industrial Control Systems
Securing Industrial Control SystemsSecuring Industrial Control Systems
Securing Industrial Control Systems
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
 
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
 
Contributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity StandardsContributing to the Development and Application of Cybersecurity Standards
Contributing to the Development and Application of Cybersecurity Standards
 

Similar to Cybersecurity Implementation and Certification in Practice for IoT Equipment

Securing the IoT Value Chain with AWS
Securing the IoT Value Chain with AWSSecuring the IoT Value Chain with AWS
Securing the IoT Value Chain with AWS
Gabriel Paredes Loza
 
Comptia security-sy0-401
Comptia security-sy0-401Comptia security-sy0-401
Comptia security-sy0-401
pgupta101
 
Eurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentationEurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentation
Stefane Mouille
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR Proposal
Syam Madanapalli
 
Industry 4.0 Security
Industry 4.0 SecurityIndustry 4.0 Security
Industry 4.0 Security
Duncan Purves
 
How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationHow to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical Information
Koenig Solutions Ltd.
 
Security+ Course Overview (2008)
Security+ Course Overview (2008)Security+ Course Overview (2008)
Security+ Course Overview (2008)
GTS Learning, Inc.
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
SolarWinds
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Cloud Standards Customer Council
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges
Nathan Wallace, PhD, PE
 
Product security program slideshare
Product security program slideshareProduct security program slideshare
Product security program slideshare
Amir Einav
 
Certified Internet of Things Specialist ( CIoTS )
Certified Internet of Things Specialist ( CIoTS ) Certified Internet of Things Specialist ( CIoTS )
Certified Internet of Things Specialist ( CIoTS )
GICTTraining
 
Sec+ start guide #30001
Sec+ start guide #30001Sec+ start guide #30001
Sec+ start guide #30001kmperkins85
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
FIDO Alliance
 
Bhadale group of companies quality standards catalogue
Bhadale group of companies quality standards catalogueBhadale group of companies quality standards catalogue
Bhadale group of companies quality standards catalogue
Vijayananda Mohire
 
Medical Device UDI Compliance in the Cloud
Medical Device UDI Compliance in the CloudMedical Device UDI Compliance in the Cloud
Medical Device UDI Compliance in the Cloud
KPIT
 
Ravi i ot-security
Ravi i ot-securityRavi i ot-security
Ravi i ot-security
skumartarget
 
[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...
[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...
[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...
Roland Atoui
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
SsendiSamuel
 

Similar to Cybersecurity Implementation and Certification in Practice for IoT Equipment (20)

Securing the IoT Value Chain with AWS
Securing the IoT Value Chain with AWSSecuring the IoT Value Chain with AWS
Securing the IoT Value Chain with AWS
 
Comptia security-sy0-401
Comptia security-sy0-401Comptia security-sy0-401
Comptia security-sy0-401
 
Eurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentationEurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentation
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR Proposal
 
Industry 4.0 Security
Industry 4.0 SecurityIndustry 4.0 Security
Industry 4.0 Security
 
How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationHow to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical Information
 
Security+ Course Overview (2008)
Security+ Course Overview (2008)Security+ Course Overview (2008)
Security+ Course Overview (2008)
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges
 
Product security program slideshare
Product security program slideshareProduct security program slideshare
Product security program slideshare
 
Certified Internet of Things Specialist ( CIoTS )
Certified Internet of Things Specialist ( CIoTS ) Certified Internet of Things Specialist ( CIoTS )
Certified Internet of Things Specialist ( CIoTS )
 
Sec+ start guide #30001
Sec+ start guide #30001Sec+ start guide #30001
Sec+ start guide #30001
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
Bhadale group of companies quality standards catalogue
Bhadale group of companies quality standards catalogueBhadale group of companies quality standards catalogue
Bhadale group of companies quality standards catalogue
 
Medical Device UDI Compliance in the Cloud
Medical Device UDI Compliance in the CloudMedical Device UDI Compliance in the Cloud
Medical Device UDI Compliance in the Cloud
 
Ravi i ot-security
Ravi i ot-securityRavi i ot-security
Ravi i ot-security
 
[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...
[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...
[EU cyberact conf2021] a proposal for an eu iot certification scheme-final_re...
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 

Recently uploaded

Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
Faculty of Medicine And Health Sciences
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
Access Innovations, Inc.
 
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
khadija278284
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Matjaž Lipuš
 
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdfSupercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Access Innovations, Inc.
 
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Sebastiano Panichella
 
María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024
eCommerce Institute
 
Media as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern EraMedia as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern Era
faizulhassanfaiz1670
 
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
OECD Directorate for Financial and Enterprise Affairs
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
IP ServerOne
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
Sebastiano Panichella
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
Howard Spence
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Sebastiano Panichella
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
Vladimir Samoylov
 
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
OWASP Beja
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Orkestra
 

Recently uploaded (16)

Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
 
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
 
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdfSupercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
 
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
 
María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024
 
Media as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern EraMedia as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern Era
 
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
 
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
 

Cybersecurity Implementation and Certification in Practice for IoT Equipment

  • 1. Leading Brand in Cybersecurity Compliance Solutions www.onwardsecurity.com Cybersecurity Implementation and Certification in Practice for IoT Equipment Onward Security
  • 2. 1© 2020 Onward Security Corp. All rights reserved. Notice01 FAQ02 Use Case03 Conclusion and Suggestion04 Q&A05 CONTENTS
  • 3. © 2020 Onward Security Corp. All rights reserved. 2 01. Notice for IoT security standard adoption and certification
  • 4. © 2020 Onward Security Corp. All rights reserved. 3 5 notices Explicitly define the classification of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
  • 5. © 2020 Onward Security Corp. All rights reserved. 4 N1. Explicitly define the classifications of IoT security standards • Laws and regulations • U.S. :FIPS-140-3, … • U.K. :CPA, … • Brand compliance • Amazon、Apple、Google, … • AT&T, Nokia, Siemens, … • Industry requirements • ICT products: ISO/IEC 15408, … • IoT devices:CTIA, … • IIoT:IEC 62443, … Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5 A growing number of third-party NPOs are releasing standards / certifications / trademarks programs
  • 6. © 2020 Onward Security Corp. All rights reserved. 5 N2. Determine the standard(s) you need • Do the customers have any requirements? • Regulatory requirements: Governments • Purchasers: Enterprises & consumers • Bosses: Department managers, senior managers • Where are your products sold? To whom? • Countries, regions, industries • Governments, brands, bids As long as the customers are willing to accept Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
  • 7. © 2020 Onward Security Corp. All rights reserved. 6 N3. What do you need to invest in or prepare for? • Confirm the scope of adoption or requirement • Management processes, design and development processes, products • Confirm the accountability units • Estimate the schedule and cost • Interdepartmental cooperation • Do you need the assistance of a consulting firm? • Look for the accredited organization/LAB The integration of internal specialists and external resources Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
  • 8. © 2020 Onward Security Corp. All rights reserved. 7 N4. Cooperation items for adoption or certification • The accountability managers or units • The approaches for interdepartmental communication and operation • The adopting information related to certification • Departments, fields, systems, products, devices • The cooperation with software technology team Control your schedule effectively and reserve more time for improvement Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
  • 9. © 2020 Onward Security Corp. All rights reserved. 8 N5.The benefits of obtaining the trademark / certificate • Conform to customer requirements • Guarantee the quality and security of products • Obtain the competitive advantages of business and marketing promotion Any other benefits? Explicitly define the classifications of IoT security standardsN1 Determine the standard(s) you needN2 What do you need to invest in or prepare for?N3 Cooperation items for adoption or certificationN4 The benefits of obtaining the trademark / certificateN5
  • 10. © 2020 Onward Security Corp. All rights reserved. 9 02. FAQ of IoT security standard adoption and certification
  • 11. © 2020 Onward Security Corp. All rights reserved. 10 5 FAQs / 5 Suggestions Q1 Q2 Q3 S1 S2 S3 Why adopt IoT security standard? How does it help? Achieve security management consensus, training Q4 Q5 How to increase the success rate? Senior representatives, accountability specialists, and cooperation mechanisms Interdepartmental cooperation issues? Accountability units, automated systems or products assistance S4 S5 O2O courses, external consultants, products Choose a qualified excellent provider Lack of professional human resources? If any guarantees for obtaining the certificates?
  • 12. © 2020 Onward Security Corp. All rights reserved. 11 03.1. Use case of IoT devices
  • 13. © 2020 Onward Security Corp. All rights reserved. 12 Use case of IoT devices Secure smart home IoT devices Equipped wireless network function Intended to enter the U.S. market The customer didn’t know what to do Limited time and budget Must have the certificate or the trademark
  • 14. © 2020 Onward Security Corp. All rights reserved. 13 Three levels of certification Level 1 Core security Level 2 Enhanced security Level 3 Advanced security GPS dog collars Washing machines GPS trackers Smart home security systems Mobile payment devices Connected streetlights Traffic controllers Blood glucose meters Gas meters * Reference from CTIA certification
  • 15. © 2020 Onward Security Corp. All rights reserved. 14 Submit paperwork Least 3 samples to CATL Eliminate inconsistencies or resend samples Receive the notification Device has been certified Samples are consistent with the application No PASS Receive the samples Receive and test Pass / Fail Upload test report Document and payment checking Resubmit the samples Fail All completed Incomplete IoT OEM CTIA Submission process
  • 16. © 2020 Onward Security Corp. All rights reserved. 15 03.2. Use case of IIoT development process
  • 17. © 2020 Onward Security Corp. All rights reserved. 16 USe case of IIoT development process Self-developed industrial control products Equipped networking function Intended to export to Europe and the U.S. Had a certain amount of shipment Limited time and budget Must have the certificate or the trademark
  • 18. © 2020 Onward Security Corp. All rights reserved. 17 IEC 62443 standards IEC 62443-1-1 Terms / concept / model IEC 62443-1-2 Terms / abbreviations / glossary IEC 62443-1-3 System security compliance standards IEC 62443-1-4 IACS security lifecycle and adoption cases IEC 62443-2-1 Security plans and requirements of IACS asset owner IEC 62443-2-2 IACS protection grading IEC 62443-2-3 The IACS environment patches / vulnerabilities management IEC 62443-2-4 Security plans and requirements of IACS service provider IEC 62443-2-5 System security management implementation guide for IACS asset owner IEC 62443-3-1 IACS security technologies IEC 62443-3-2 Security risk assessment and system design IEC 62443-3-3 System security requirements and grading IEC 62443-4-1 Secure product development lifecycle requirements IEC 62443-4-2 IACS components technical security requirements
  • 19. © 2020 Onward Security Corp. All rights reserved. 18 Maturity Level Category ML 1 Initial ML 2 Managed ML 3 Defined (Practiced) ML 4 Improved Participants & maturity levels Participant Work Content CIIP/ IIOT Owner Determine the maturity level for the equipment provider SI Determine the maturity level for the developer Vendor Comply with the required maturity level
  • 20. © 2020 Onward Security Corp. All rights reserved. 19 Pre-SDL Training Phase 1 Requirement Phase 2 Design Phase 3 Implementation Phase 4 Verification Phase 5 Release Post-SDL Requirement response Security policy delivery or training Security standard & industrial requirement Risk and impact analysis Security implementation Security testing and analysis Security maintenance Incident response Source: http://hwang.cisdept.cpp.edu/swanew/SDLC.aspx?m=SDLC-Microsoft-SDL Security management (SM) Secure development lifecycle
  • 21. © 2020 Onward Security Corp. All rights reserved. 20 IEC 62443 certification process Manufacturer Consulting company CBTL/NCB Determine the scope and certification level Perform consulting and testing service Submit the application Perform assessment of certification Certification acquired
  • 22. © 2020 Onward Security Corp. All rights reserved. 21 Conclusion and suggestion 04.
  • 23. © 2020 Onward Security Corp. All rights reserved. 22 Conclusion and suggestion Why do IoT devices need security standard adoption and certification? Conform to customer’s requirements Sales Enhance product competitiveness Sales/PM/RD Build a good corporate image Marketing Increase enterprise sales revenue Convert security costs into benefits
  • 24. © 2020 Onward Security Corp. All rights reserved. 23 If you still have confusions or questions about the security standard adoption and certification
  • 25. © 2020 Onward Security Corp. All rights reserved. 24 If you still have confusions or questions about the security standard adoption and certification
  • 26. © 2020 Onward Security Corp. All rights reserved. 25 Q & A 05
  • 27. Leading Brand in Cybersecurity Compliance Solutions THANK Y U

Editor's Notes

  1. 外框 藍 STD但沒證照 外框 橙 TR 外框 紅 STD且有證照 字 黑 已發行或可以買到 字 綠 正在開發或改版中 1. 一般(General):  所有與標準理念及其基礎概念、條款和方法有關的所有資料文件 2. 政策與步驟(Policies& Procedures): 概述了工業自動化和控制系統訊息技術安全管理體系及必要要求 3. 系統(System): 提出了技術規範,作為工業自動化和控制系統(IACS)的設計指導,其中 IACS 是一種由數據採集與監控系統(SCADA)應用、程序邏輯控制系統(PLCs)、現場總線、致動器和傳感器等不同元件組成的一種訊息技術系統。 4. 元件(Component): 控制系統元件的設計與開發要求。  
  2. Security Management(安全管理) Specification of Security Requirements(安全要求規範) Secure by Design(安全設計) Security Implementation(安全實作) Security Verification and Validation testing(安全確認與驗證測試) Management of Security-related issues(安全相關議題管理) -DM Security Update Management (安全更新管理) –SUM Security Guidelines (安全指南)