SlideShare a Scribd company logo

Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022

Ulrich Seldeslachts
Ulrich Seldeslachts

Insight in IoT security challenges for device manufacturers and best practices to cope with them from an SBOM perspective.

1 of 29
Download to read offline
13/05/2022 1 Ulrich Seldeslachts, Nico Janssens Brussels, May 11, 2022 CSAI CyberSecurity AI IDIoTS IoT Security APAX Automating Postures IoT CyberSecurity in 2022. How to cope with CyberSecurity in devices such as IoT and IIoT as a consumer, an operator or a producer? Best practices from the field from Rombit and future looking with LSEC. 1 IoT is a combination of hardware & software IoT is inherently insecure Known & unknown vulnerabilities Lead to massive scale exploitation : eg Mirai, BotandGo © 2022 - Rombit Confidential LSEC & ROMBIT IoT CyberSecurity development CyberSecurity is important Beyond Awareness Complementary CyberSecurity as product differentiator Staying ahead of the regulation Proactivcely Reaching Out Innovating with CyberSecurity Software Bill of Materials Use Case CyberSecurity on IoT WHAT? WHY? HOW? 2
13/05/2022 2 Nico Janssens ● CTO @ Rombit ● Bell Labs alumnus ● Passionate about Research and Innovation ● PhD in Engineering, Computer Science Ulrich Seldeslachts ● CEO @ LSEC – Leaders In Security ● Orange Broadband CISO ● Clearwire Europe MD – Belgacom Ventuers ● Commercial, Computer Sciences, Communication WHO ARE WE? 3 © 2022 - Rombit Confidential ROMBIT SAFETY SOLUTIONS WHY? Worker Safety Matters ‘NSC Injury Facts for 2020’ is revealing that the forklifts alone were the source of 78 work-related deaths and 7,290 recorded nonfatal injuries involving days away from work. #goforzero #workersafety #commodity 4
13/05/2022 3 Humans Meet Machines Leveraging the Industry 4.0 concepts by digitalising humans and machines within industrial sites to make them both more safe and productive – using real time notifications and data-centric decision making. ROMBIT SAFETY SOLUTIONS HOW? 5 Rombit OneTM Rombit M-AnchorTM Rombit DriverBoxTM © 2022 - Rombit Confidential ROMBIT SAFETY SOLUTIONS WHAT? Rombit PlatformTM Rombit ChargingTM Rombit AccessoriesTM 6
13/05/2022 4 Man Meets Machine Personal Safety Permits Proximity Vehicle Monitoring ROMBIT SAFETY SOLUTIONS WHAT? 7 © 2022 - Rombit Confidential ROMBIT SAFETY SOLUTIONS WHAT? 8
13/05/2022 5 IoT CyberSecurity Recent Incidents ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute Source : Verkada, Firedome, Western Digital, BotenaGo Netgear – D-Link 9 IoT CyberSecurity Historical Perspective ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute Source : Sectigo, 2022 10
13/05/2022 6 Forecasting 2022 Source : FireEye – Mandiant, December 2021 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 11 Solarwinds – December ’20 • SolarWinds is a software company that primarily deals in systems management tools used by IT professionals • Perhaps the most widely deployed SolarWinds product is Orion, a Network Management System (NMS) Don't confuse Network Management System (NMS) with Network Security Monitor (NSM) • The Orion NMS has broad capabilities for monitoring and managing systems Including servers, workstations, network devices, etc..” HBC.2021.0563 NMS are prime targets for attackers because: • NMS must be able to communicate with all devices being managed/monitored, so outbound ACLs are ineffective • Many NMS are configured to both monitor for events and respond to them - any changes the NMS can make, the attacker can too • Even when NMS are "monitor only" the credentials used still offer some level of access to the attacker (typically read-only) • An attacker who compromises an NMS can usually reshape network traffic for MitM opportunities and can often use credentials for system monitoring to laterally move to target systems Source : SANS – Solarwinds Supply Chain Attack, 2020 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 12
13/05/2022 7 Solarwinds Case • deployed as an update from SolarWinds' own servers and • was digitally signed by a valid digital certificate bearing their name • This strongly points to a supply chain attack, network devices, etc..” • state-backed APT targeting software vendors or masquerading as an update to deploy their malware payloads HBC.2021.0563 Source : SANS – Solarwinds Supply Chain Attack, 2020 https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/ ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 13 Solarwinds Case HBC.2021.0563 Source : https://www.threatshub.org/blog/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender- helps-protect-customers/ - https://github.com/nathanawmk/Sunburst-Analysis; ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 14
13/05/2022 8 Background Reasoning : supply chain security HBC.2021.0563 https://www.atlanticcouncil.org/programs/scowcroft-center-for-strategy-and-security/cyber-statecraft-initiative/breaking-trust/ SolarWinds provides software for businesses to help manage their networks, systems, and IT infrastructure. The product is used by more than 300,000 organizations globally including all five branches of the U.S. military, the Pentagon, State Department, Justice Department, NASA, the Executive Office of the President and the National Security Agency. ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 15 16 Source: Eclips/ArrowHead, NISTIR, 2022 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute IoT CyberSecurity : shared responsability 16
13/05/2022 9 Regulatory Perspective : European Powerplay (Fighting) Cybercrime Certification Data Sovereignty Data Protection – GDPR, ePrivacy NIS – NIS2 Economic – Industrial 17 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 17 When the regulators step in : Source: ENISA, 2018-2021 HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 18
13/05/2022 10 Regulatory complications Source: ENISA, 2022 HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute Scheme Governance, (non-) compliance Technical operation & management Business model of certification & MRA Scheme maintenance & review Composition & coherence rules for schemes EU CC EU CS EU 5G EU IoT? EU IACS? Scheme rules Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses ELEMENTS OF THE EU Cybersecurity Certification Framework EU AI Act/SDL CRA Scheme clauses Scheme clauses Scheme clauses Scheme clauses Sector specific rules • NIS2 • Chips Act • eIDAS2 19 Source: EC, 2021 – 22, JTSEC 2022 Regulations of Relevance : RED, NIS2 20 HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 20
13/05/2022 11 Access Public Consultation EU Cyber Resilience Act - open for consultation 21 HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 21 How to deal with these challenges? – Assurance & Certification Source: EC, 2020,cyberactcertification.eu ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute • SM02 Performing audits on operators and requiring information; • SM03 Assessing the risk profile of suppliers and applying restrictions for suppliers considered to be high risk - including necessary exclusions to effectively mitigate risks- for key assets; • SM05 Ensuring the diversity of suppliers through appropriate multi-vendor strategies; • SM07 Identifying key assets and fostering a diverse ecosystem • SM08 Maintaining and building diversity and -capacities • TM01 application of baseline security requirements (secure network design and architecture); • TM02 security measures in existing standards; • TM03 Ensuring strict access controls; • TM04 Increasing the security of virtualised network functions; • TM05 secure network management, operation and monitoring; • TM07 software integrity, update and patch management; • … 22 HBC.2021.0563 22
13/05/2022 12 © 2022 - Rombit Confidential IMPORTANCE OF CYBERSEC IN IOT PRODUCT DEVELOPMENT COMMERCIAL INCENTIVES Customer awareness ● Industry 4.0 digitalisation vs increasing threats – create confidence that these evolutions do not introduce increasing security threats ● Large multinational enterprises: Information security audits – not standardised – lack of common methodology ● Government: stringent HW and FW audits – geopolitics – traceability and EMS ISO certification are key Compliance ● Regulatory compliance: e.g. GDPR ● ISO 27001: information security ● NTIA executive order 14028: security and integrity of the software supply chain 23 Volatile component market Telco and communication networks Conflicting extra-functional requirements © 2022 - Rombit Confidential IMPORTANCE OF CYBERSEC IN IOT PRODUCT DEVELOPMENT TECHNICAL CHALLENGES ● Component shortage crisis @ regular distributors of electrical components ● Option 1: Spot market – no quality guarantees – HW or FW – no traceability ● Option 2: HW redesigns – EOL to the extreme – complicates supply chain integrity and certification ● Trade-off between component security and availability. ● Stringent cyber-security measures vs product cost and product-market fit ● Certification vs product lead times vs product agility ● Custom cybersecurity certification procedures ● Sweet spot in end-to-end cybersecurity! 24
13/05/2022 13 Introducing Software & Security Bill of Materials HBC.2021.0563 Figuur 14 : https://www.reuters.com/article/amp/idUSKBN2BH37I ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 25 Relevance for Software Bill of Materials – 40+ million FOSS HBC.2021.0563 Source : LinuxFoundation, 2021 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 26
13/05/2022 14 Relevance of Software Bill of Materials – 40+ million FOSS HBC.2021.0563 Source : State of the Software Supply Chain, 2021 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 27 Software Security : how to manage? HBC.2021.0563 Source : RKVST™, 2021 • Who Did What, When to an Asset ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 28
13/05/2022 15 Software Security : how to manage? HBC.2021.0563 Source : https://www.ntia.doc.gov/files/ntia/publications/ntia_sbom_energy_framing_2021-02-18.pdf • Who Did What, When to an Asset ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 29 Software Security : how to manage? HBC.2021.0563 Source : https://www.ntia.doc.gov/files/ntia/publications/ntia_sbom_energy_framing_2021-02-18.pdf • Who Did What, When to an Asset “I have an SBOM, so I can…” ● Know what components are in device so I know this device uses Windows 10 ● Know that the version of Win10 used is vulnerable But… ● Don’t know if port is open ● Don’t know if firewalls on device can block malware ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 30
13/05/2022 16 IIoTSBOM Introducing Security Bill of Materials HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 31 SBOM – Main Use Cases • Procurement : If you just look at the CVEs that apply to the product, you’re probably missing a lot more CVEs that apply to the components. You won’t know about these without an SBoM. • Vulnerability management : without an SBoM for the product, you don’t even know what those components are. With SBoMs, your organization can track and mitigate vulnerabilities in components of software you own • Ripple 2.0 & other incidents : if you would have a list of every software or hardware product on your network that was affected by an incident like Ripple 20, your job would be much easier “What’s needed is informal agreement by a critical mass of software suppliers and users on how SBoMs will be produced and consumed. The best way to do this is by industry. First came Healthcare (ongoing), then Automotive (ongoing). Now is Energy. Next is manufacturing.” HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 32
13/05/2022 17 Example : relation to ransomware HBC.2021.0563 New ransomware has been identified! ● A new ransomware has been identified! Alerts posted on information sharing channels ● How does it work? ○ Malware has capability to scan port TCP 445 (Server Message Block/SMB) and exploit a new vulnerability discovered in Windows 10 ● User wants to know: ○ Am I affected and where? ○ Where do I focus my energies? ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 33 © 2022 - Rombit Confidential ROMBIT IIOT CYBERSECURITY STRATEGY OVERVIEW SBOM FOR IIOT DEVICES ➔ To quickly detecting new vulnerabilities ➔ To support customer product risk evaluation BUG BOUNTY PROGRAM ➔ Targeting SaaS platform AND embedded devices SECURITY-BY-DESIGN ➔ Pro-active security analysis and assessment at various (early) stages of the HW/FW/platform development process 34
13/05/2022 18 SBOM : it’s hard HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 35 IIoTSBOM – what we will be doing in the next 3 years 1. Getting you started … 2. Overall support the development of SBOMs with end users, technology developers and integrators 3. Access to experts and expertise 4. Organize awareness – webinars, information sessions, documentation, use cases and pre-formatted examples 5. Supporting the steps to be taken, for different target audiences HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 36
13/05/2022 19 IIoTSBOM – what we will be doing in the next 3 years 6. SBOM advantages – Business Case, analogy with other Bill of Materials - differences 7. Composition and maintenance of SBOMs, reference-architectures 8. Collaboration – shared responsibility models in cooperation with customers - suppliers, how to share and distribute information 9. Contract management – procurement examples, legal implications and ethical considerations 10. SBOM management – technology for process automation, security and risk management 11. Roles, responsibilities and execution 12. VEX – Vulnerability Exchange – data exchange, information exchange, automation HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 37 Project IIoTSBOM – what we will be doing in the next 3 years 13. Where and how to gather information and documentation, developing structured questionnaires, integration in purchasing process 14. Examples and demonstrators of Generating machine & human readable documents 15. Stimulating distribution and sharing of SBOMs 16. Signing and vetting procedures and mechanism for signing and vetting 17. How to consume SBOMs – customer integrations - developing Proof of Concepts 18. Aligning SBOM with technical standards, sector expectations (National Authorities), legislation and regulations, policy making under development : ISO27k, IIoT certificatie, WIB, … 19. Choosing the right formats – mechanisms for the development of SBOMs, available tools and technology – potential alternative models (reference integrity manifest, shared responsibility 20. seeing the bigger picture – supply chain security – Third Party Risk, Vendor Risk HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 38
13/05/2022 20 IIoTSBOM – what we will be doing in the next 3 years HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 39 SBOM : minimum elements for the Executive Order HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 40
13/05/2022 21 Approaches : example Ion Channel HBC.2021.0563 Source : https://ionchannel.io/#/ ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 41 Approaches : SIEM ingestion HBC.2021.0563 Source : OWASP, 2020 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 42
13/05/2022 22 After today : Webinars and Deep Dive sessions HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 43 COOCK IIoTSBOM How to HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 44
13/05/2022 23 COOCK IIoTSBOM How to HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 45 COOCK IIoTSBOM How to HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 46
13/05/2022 24 © 2022 - Rombit Confidential CONCLUSIONS AND NEXT STEPS OVERVIEW IoT CyberSecurity challenges are real and prevalent As a consumer – IoT operator : start asking for SBOMs from your vendors As a producer – manufacturer, service provider : start developing SBOMs Start to prepare for certifications & labeling Learn from experiences and use cases and develop your own Contacts ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 47 HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 48
13/05/2022 25 Q&A 49 Rombit OneTM One-stop shop for safety, security and operational efficiency. Rombit, connecting humans and machines Plug&Play mobile UWB anchor for worker safety and equipment monitoring Rombit M-AnchorTM Interface add-on to M-Anchor, for local access control, certification and operator notifications. Rombit DriverBoxTM © 2022 - Rombit Confidential 50
13/05/2022 26 Dashboard Notifications Man Down, Dead Man’s Switch, Fall Detection, Wear detection SMS / Whatsapp Service Incident Notification Track, Trace and Replay Historical Overview of Incidents Evacuation Management Define and Draw Muster Zones Geofencing Define and Draw Go, No-go zones Vehicle & Driver Stats Eco Driving, Dangerous Driving, Safety Events, Idle Time, Usage, Driver Performance, ... API’s, SDK’s Positioning API, Event API, Driving API, Device Management API Data Lake Real-time storage of all events, locations and permits Alerts & Insights State-of-the-art data ingestion, data lake and real-time analytics platform 51 ONE™ One-stop shop for safety, security and operational efficiency. © 2022 - Rombit Confidential UWB Ultra-wideband ranging, positioning GNSS Positioning NB IoT Low bandwidth cellular LTE cat M1 Low bandwidth cellular Sensoring IMU Battery Lio-Ion Visual Multicolor LED Haptics Vibration motor Button Notification and acknowledgment 52
13/05/2022 27 M-Anchor™ Plug & Play mobile UWB anchor for worker safety and equipment monitoring © 2022 - Rombit Confidential UWB Ultra-wideband ranging, positioning GNSS Positioning NB IoT Low bandwidth cellular LTE cat M1 Low bandwidth cellular EGPRS Medium-speed cellular CANbus Automotive bus IO Digital IO + relay WiFi Wireless LAN Battery Lio-Ion Sensoring IMU Autonomy Solar Power Backup 53 DriverBox™ Interface add-on for M-Anchor, supports local access control, certification and operator notifications. © 2022 - Rombit Confidential NFC Access Control CANbus Automotive bus UWB Proximity, certification Visual Multicolor LED Auditive Buzzer Button Notification and acknowledgment 54
13/05/2022 28 Device manufacturing Towards Security-by-design in IIoT development 55 DIGITAL SECURITY CATALYST 56
13/05/2022 29 NOT THE END More information, slides and follow-up www.lsec.eu www.3if.be - .eu Q or C Ulrich Seldeslachts ulrich@lsec.eu +32 475 71 3602 Dave Singelée IOF research manager Dave.Singelee@esat.kuleuven.be http://www.esat.kuleuven.be/cosic/ KU Leuven – imec – COSIC Kasteelpark Arenberg 10, bus 2452 B-3001 Leuven-Heverlee Myriam Verschure Functional Safety Engineer myriam.verschuure@flandersmake.be Steven Kauffmann Projectleader steven.kauffmann@flandersmake.be Co-creatie centrum voor machinebouw Gaston Geenslaan 8 3001 Heverlee België Key Contacts Ulrich Seldeslachts IIoTSBOM coordinator ulrich@iiotsbom.com Daniel Bora daniel@iiotsbom.com LSEC Weldadigheidsstraat 14 B-3000 Leuven 57 HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 58

Recommended

IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
Radouane Mrabet
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
SolarWinds
 
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptxInfinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
ssuser365526
 
“IoT and Vision: Why It’s a Security Minefield and How to Navigate It,” a Pre...
“IoT and Vision: Why It’s a Security Minefield and How to Navigate It,” a Pre...“IoT and Vision: Why It’s a Security Minefield and How to Navigate It,” a Pre...
“IoT and Vision: Why It’s a Security Minefield and How to Navigate It,” a Pre...
Edge AI and Vision Alliance
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 
Cyber security course in Kerala , Kochi
Cyber security course in Kerala , KochiCyber security course in Kerala , Kochi
Cyber security course in Kerala , Kochi
amallblitz0
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
EnergySec
 
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudDetailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
IRJET Journal
 

Recommended

IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
Radouane Mrabet
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
SolarWinds
 
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptxInfinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
ssuser365526
 
“IoT and Vision: Why It’s a Security Minefield and How to Navigate It,” a Pre...
“IoT and Vision: Why It’s a Security Minefield and How to Navigate It,” a Pre...“IoT and Vision: Why It’s a Security Minefield and How to Navigate It,” a Pre...
“IoT and Vision: Why It’s a Security Minefield and How to Navigate It,” a Pre...
Edge AI and Vision Alliance
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
AlgoSec
 
Cyber security course in Kerala , Kochi
Cyber security course in Kerala , KochiCyber security course in Kerala , Kochi
Cyber security course in Kerala , Kochi
amallblitz0
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
EnergySec
 
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudDetailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
IRJET Journal
 
Best Practices for Cloud-Based IoT Security
Best Practices for Cloud-Based IoT SecurityBest Practices for Cloud-Based IoT Security
Best Practices for Cloud-Based IoT Security
SatyaKVivek
 
Protecting Pipeline DevOps and IaC
Protecting Pipeline DevOps and IaCProtecting Pipeline DevOps and IaC
Protecting Pipeline DevOps and IaC
Fernando Cardoso
 
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_final
Moti Sagey מוטי שגיא
 
Kripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdfKripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdf
langkahgontay88
 
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco Canada
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
LabSharegroup
 
Security Issues and challenges with Wireless M2M utilising Cloud infrastructure
Security Issues and challenges with Wireless M2M utilising Cloud infrastructureSecurity Issues and challenges with Wireless M2M utilising Cloud infrastructure
Security Issues and challenges with Wireless M2M utilising Cloud infrastructure
Stuart Bennett
 
Ccie security 01
Ccie security 01Ccie security 01
Ccie security 01Peter Cheong
 
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
Stuart Bennett
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodes
Ollie Whitehouse
 
Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and GasBlock Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
BlockArmour1
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
Karel Van Isacker
 
VMworld 2013: Android in the enterprise: Understand the challenges and how to...
VMworld 2013: Android in the enterprise: Understand the challenges and how to...VMworld 2013: Android in the enterprise: Understand the challenges and how to...
VMworld 2013: Android in the enterprise: Understand the challenges and how to...
VMworld
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Cloud Native Day Tel Aviv
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsNirmal Misra
 
151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1pStéphane Roule
 
Security and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalSecurity and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 final
John Chowdhury
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
SecPod Technologies
 
The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.
Merry D'souza
 
Advanced Web Security Deployment
Advanced Web Security DeploymentAdvanced Web Security Deployment
Advanced Web Security Deployment
Cisco Canada
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 

More Related Content

Similar to Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022

Best Practices for Cloud-Based IoT Security
Best Practices for Cloud-Based IoT SecurityBest Practices for Cloud-Based IoT Security
Best Practices for Cloud-Based IoT Security
SatyaKVivek
 
Protecting Pipeline DevOps and IaC
Protecting Pipeline DevOps and IaCProtecting Pipeline DevOps and IaC
Protecting Pipeline DevOps and IaC
Fernando Cardoso
 
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_final
Moti Sagey מוטי שגיא
 
Kripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdfKripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdf
langkahgontay88
 
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco Canada
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
LabSharegroup
 
Security Issues and challenges with Wireless M2M utilising Cloud infrastructure
Security Issues and challenges with Wireless M2M utilising Cloud infrastructureSecurity Issues and challenges with Wireless M2M utilising Cloud infrastructure
Security Issues and challenges with Wireless M2M utilising Cloud infrastructure
Stuart Bennett
 
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
Stuart Bennett
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodes
Ollie Whitehouse
 
Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and GasBlock Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
BlockArmour1
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
Karel Van Isacker
 
VMworld 2013: Android in the enterprise: Understand the challenges and how to...
VMworld 2013: Android in the enterprise: Understand the challenges and how to...VMworld 2013: Android in the enterprise: Understand the challenges and how to...
VMworld 2013: Android in the enterprise: Understand the challenges and how to...
VMworld
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Cloud Native Day Tel Aviv
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsNirmal Misra
 
151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1pStéphane Roule
 
Security and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalSecurity and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 final
John Chowdhury
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
SecPod Technologies
 
The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.
Merry D'souza
 
Advanced Web Security Deployment
Advanced Web Security DeploymentAdvanced Web Security Deployment
Advanced Web Security Deployment
Cisco Canada
 

Similar to Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022 (20)

Best Practices for Cloud-Based IoT Security
Best Practices for Cloud-Based IoT SecurityBest Practices for Cloud-Based IoT Security
Best Practices for Cloud-Based IoT Security
 
Protecting Pipeline DevOps and IaC
Protecting Pipeline DevOps and IaCProtecting Pipeline DevOps and IaC
Protecting Pipeline DevOps and IaC
 
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_final
 
Kripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdfKripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdf
 
Cisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with merakiCisco connect winnipeg 2018 simply powerful networking with meraki
Cisco connect winnipeg 2018 simply powerful networking with meraki
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
Security Issues and challenges with Wireless M2M utilising Cloud infrastructure
Security Issues and challenges with Wireless M2M utilising Cloud infrastructureSecurity Issues and challenges with Wireless M2M utilising Cloud infrastructure
Security Issues and challenges with Wireless M2M utilising Cloud infrastructure
 
Ccie security 01
Ccie security 01Ccie security 01
Ccie security 01
 
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
CSU - ITC571 Capstone Project Seminar - Security Issues and challenges with W...
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodes
 
Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and GasBlock Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
 
VMworld 2013: Android in the enterprise: Understand the challenges and how to...
VMworld 2013: Android in the enterprise: Understand the challenges and how to...VMworld 2013: Android in the enterprise: Understand the challenges and how to...
VMworld 2013: Android in the enterprise: Understand the challenges and how to...
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of Things
 
151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p
 
Security and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalSecurity and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 final
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.
 
Advanced Web Security Deployment
Advanced Web Security DeploymentAdvanced Web Security Deployment
Advanced Web Security Deployment
 

Recently uploaded

State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 

Recently uploaded (20)

State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 

Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022

  • 1. 13/05/2022 1 Ulrich Seldeslachts, Nico Janssens Brussels, May 11, 2022 CSAI CyberSecurity AI IDIoTS IoT Security APAX Automating Postures IoT CyberSecurity in 2022. How to cope with CyberSecurity in devices such as IoT and IIoT as a consumer, an operator or a producer? Best practices from the field from Rombit and future looking with LSEC. 1 IoT is a combination of hardware & software IoT is inherently insecure Known & unknown vulnerabilities Lead to massive scale exploitation : eg Mirai, BotandGo © 2022 - Rombit Confidential LSEC & ROMBIT IoT CyberSecurity development CyberSecurity is important Beyond Awareness Complementary CyberSecurity as product differentiator Staying ahead of the regulation Proactivcely Reaching Out Innovating with CyberSecurity Software Bill of Materials Use Case CyberSecurity on IoT WHAT? WHY? HOW? 2
  • 2. 13/05/2022 2 Nico Janssens ● CTO @ Rombit ● Bell Labs alumnus ● Passionate about Research and Innovation ● PhD in Engineering, Computer Science Ulrich Seldeslachts ● CEO @ LSEC – Leaders In Security ● Orange Broadband CISO ● Clearwire Europe MD – Belgacom Ventuers ● Commercial, Computer Sciences, Communication WHO ARE WE? 3 © 2022 - Rombit Confidential ROMBIT SAFETY SOLUTIONS WHY? Worker Safety Matters ‘NSC Injury Facts for 2020’ is revealing that the forklifts alone were the source of 78 work-related deaths and 7,290 recorded nonfatal injuries involving days away from work. #goforzero #workersafety #commodity 4
  • 3. 13/05/2022 3 Humans Meet Machines Leveraging the Industry 4.0 concepts by digitalising humans and machines within industrial sites to make them both more safe and productive – using real time notifications and data-centric decision making. ROMBIT SAFETY SOLUTIONS HOW? 5 Rombit OneTM Rombit M-AnchorTM Rombit DriverBoxTM © 2022 - Rombit Confidential ROMBIT SAFETY SOLUTIONS WHAT? Rombit PlatformTM Rombit ChargingTM Rombit AccessoriesTM 6
  • 4. 13/05/2022 4 Man Meets Machine Personal Safety Permits Proximity Vehicle Monitoring ROMBIT SAFETY SOLUTIONS WHAT? 7 © 2022 - Rombit Confidential ROMBIT SAFETY SOLUTIONS WHAT? 8
  • 5. 13/05/2022 5 IoT CyberSecurity Recent Incidents ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute Source : Verkada, Firedome, Western Digital, BotenaGo Netgear – D-Link 9 IoT CyberSecurity Historical Perspective ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute Source : Sectigo, 2022 10
  • 6. 13/05/2022 6 Forecasting 2022 Source : FireEye – Mandiant, December 2021 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 11 Solarwinds – December ’20 • SolarWinds is a software company that primarily deals in systems management tools used by IT professionals • Perhaps the most widely deployed SolarWinds product is Orion, a Network Management System (NMS) Don't confuse Network Management System (NMS) with Network Security Monitor (NSM) • The Orion NMS has broad capabilities for monitoring and managing systems Including servers, workstations, network devices, etc..” HBC.2021.0563 NMS are prime targets for attackers because: • NMS must be able to communicate with all devices being managed/monitored, so outbound ACLs are ineffective • Many NMS are configured to both monitor for events and respond to them - any changes the NMS can make, the attacker can too • Even when NMS are "monitor only" the credentials used still offer some level of access to the attacker (typically read-only) • An attacker who compromises an NMS can usually reshape network traffic for MitM opportunities and can often use credentials for system monitoring to laterally move to target systems Source : SANS – Solarwinds Supply Chain Attack, 2020 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 12
  • 7. 13/05/2022 7 Solarwinds Case • deployed as an update from SolarWinds' own servers and • was digitally signed by a valid digital certificate bearing their name • This strongly points to a supply chain attack, network devices, etc..” • state-backed APT targeting software vendors or masquerading as an update to deploy their malware payloads HBC.2021.0563 Source : SANS – Solarwinds Supply Chain Attack, 2020 https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/ ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 13 Solarwinds Case HBC.2021.0563 Source : https://www.threatshub.org/blog/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender- helps-protect-customers/ - https://github.com/nathanawmk/Sunburst-Analysis; ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 14
  • 8. 13/05/2022 8 Background Reasoning : supply chain security HBC.2021.0563 https://www.atlanticcouncil.org/programs/scowcroft-center-for-strategy-and-security/cyber-statecraft-initiative/breaking-trust/ SolarWinds provides software for businesses to help manage their networks, systems, and IT infrastructure. The product is used by more than 300,000 organizations globally including all five branches of the U.S. military, the Pentagon, State Department, Justice Department, NASA, the Executive Office of the President and the National Security Agency. ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 15 16 Source: Eclips/ArrowHead, NISTIR, 2022 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute IoT CyberSecurity : shared responsability 16
  • 9. 13/05/2022 9 Regulatory Perspective : European Powerplay (Fighting) Cybercrime Certification Data Sovereignty Data Protection – GDPR, ePrivacy NIS – NIS2 Economic – Industrial 17 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 17 When the regulators step in : Source: ENISA, 2018-2021 HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 18
  • 10. 13/05/2022 10 Regulatory complications Source: ENISA, 2022 HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute Scheme Governance, (non-) compliance Technical operation & management Business model of certification & MRA Scheme maintenance & review Composition & coherence rules for schemes EU CC EU CS EU 5G EU IoT? EU IACS? Scheme rules Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses Scheme clauses ELEMENTS OF THE EU Cybersecurity Certification Framework EU AI Act/SDL CRA Scheme clauses Scheme clauses Scheme clauses Scheme clauses Sector specific rules • NIS2 • Chips Act • eIDAS2 19 Source: EC, 2021 – 22, JTSEC 2022 Regulations of Relevance : RED, NIS2 20 HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 20
  • 11. 13/05/2022 11 Access Public Consultation EU Cyber Resilience Act - open for consultation 21 HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private & Confidential – Closed User Group Distribution – Do Not Distribute 21 How to deal with these challenges? – Assurance & Certification Source: EC, 2020,cyberactcertification.eu ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute • SM02 Performing audits on operators and requiring information; • SM03 Assessing the risk profile of suppliers and applying restrictions for suppliers considered to be high risk - including necessary exclusions to effectively mitigate risks- for key assets; • SM05 Ensuring the diversity of suppliers through appropriate multi-vendor strategies; • SM07 Identifying key assets and fostering a diverse ecosystem • SM08 Maintaining and building diversity and -capacities • TM01 application of baseline security requirements (secure network design and architecture); • TM02 security measures in existing standards; • TM03 Ensuring strict access controls; • TM04 Increasing the security of virtualised network functions; • TM05 secure network management, operation and monitoring; • TM07 software integrity, update and patch management; • … 22 HBC.2021.0563 22
  • 12. 13/05/2022 12 © 2022 - Rombit Confidential IMPORTANCE OF CYBERSEC IN IOT PRODUCT DEVELOPMENT COMMERCIAL INCENTIVES Customer awareness ● Industry 4.0 digitalisation vs increasing threats – create confidence that these evolutions do not introduce increasing security threats ● Large multinational enterprises: Information security audits – not standardised – lack of common methodology ● Government: stringent HW and FW audits – geopolitics – traceability and EMS ISO certification are key Compliance ● Regulatory compliance: e.g. GDPR ● ISO 27001: information security ● NTIA executive order 14028: security and integrity of the software supply chain 23 Volatile component market Telco and communication networks Conflicting extra-functional requirements © 2022 - Rombit Confidential IMPORTANCE OF CYBERSEC IN IOT PRODUCT DEVELOPMENT TECHNICAL CHALLENGES ● Component shortage crisis @ regular distributors of electrical components ● Option 1: Spot market – no quality guarantees – HW or FW – no traceability ● Option 2: HW redesigns – EOL to the extreme – complicates supply chain integrity and certification ● Trade-off between component security and availability. ● Stringent cyber-security measures vs product cost and product-market fit ● Certification vs product lead times vs product agility ● Custom cybersecurity certification procedures ● Sweet spot in end-to-end cybersecurity! 24
  • 13. 13/05/2022 13 Introducing Software & Security Bill of Materials HBC.2021.0563 Figuur 14 : https://www.reuters.com/article/amp/idUSKBN2BH37I ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 25 Relevance for Software Bill of Materials – 40+ million FOSS HBC.2021.0563 Source : LinuxFoundation, 2021 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 26
  • 14. 13/05/2022 14 Relevance of Software Bill of Materials – 40+ million FOSS HBC.2021.0563 Source : State of the Software Supply Chain, 2021 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 27 Software Security : how to manage? HBC.2021.0563 Source : RKVST™, 2021 • Who Did What, When to an Asset ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 28
  • 15. 13/05/2022 15 Software Security : how to manage? HBC.2021.0563 Source : https://www.ntia.doc.gov/files/ntia/publications/ntia_sbom_energy_framing_2021-02-18.pdf • Who Did What, When to an Asset ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 29 Software Security : how to manage? HBC.2021.0563 Source : https://www.ntia.doc.gov/files/ntia/publications/ntia_sbom_energy_framing_2021-02-18.pdf • Who Did What, When to an Asset “I have an SBOM, so I can…” ● Know what components are in device so I know this device uses Windows 10 ● Know that the version of Win10 used is vulnerable But… ● Don’t know if port is open ● Don’t know if firewalls on device can block malware ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 30
  • 16. 13/05/2022 16 IIoTSBOM Introducing Security Bill of Materials HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 31 SBOM – Main Use Cases • Procurement : If you just look at the CVEs that apply to the product, you’re probably missing a lot more CVEs that apply to the components. You won’t know about these without an SBoM. • Vulnerability management : without an SBoM for the product, you don’t even know what those components are. With SBoMs, your organization can track and mitigate vulnerabilities in components of software you own • Ripple 2.0 & other incidents : if you would have a list of every software or hardware product on your network that was affected by an incident like Ripple 20, your job would be much easier “What’s needed is informal agreement by a critical mass of software suppliers and users on how SBoMs will be produced and consumed. The best way to do this is by industry. First came Healthcare (ongoing), then Automotive (ongoing). Now is Energy. Next is manufacturing.” HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 32
  • 17. 13/05/2022 17 Example : relation to ransomware HBC.2021.0563 New ransomware has been identified! ● A new ransomware has been identified! Alerts posted on information sharing channels ● How does it work? ○ Malware has capability to scan port TCP 445 (Server Message Block/SMB) and exploit a new vulnerability discovered in Windows 10 ● User wants to know: ○ Am I affected and where? ○ Where do I focus my energies? ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 33 © 2022 - Rombit Confidential ROMBIT IIOT CYBERSECURITY STRATEGY OVERVIEW SBOM FOR IIOT DEVICES ➔ To quickly detecting new vulnerabilities ➔ To support customer product risk evaluation BUG BOUNTY PROGRAM ➔ Targeting SaaS platform AND embedded devices SECURITY-BY-DESIGN ➔ Pro-active security analysis and assessment at various (early) stages of the HW/FW/platform development process 34
  • 18. 13/05/2022 18 SBOM : it’s hard HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 35 IIoTSBOM – what we will be doing in the next 3 years 1. Getting you started … 2. Overall support the development of SBOMs with end users, technology developers and integrators 3. Access to experts and expertise 4. Organize awareness – webinars, information sessions, documentation, use cases and pre-formatted examples 5. Supporting the steps to be taken, for different target audiences HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 36
  • 19. 13/05/2022 19 IIoTSBOM – what we will be doing in the next 3 years 6. SBOM advantages – Business Case, analogy with other Bill of Materials - differences 7. Composition and maintenance of SBOMs, reference-architectures 8. Collaboration – shared responsibility models in cooperation with customers - suppliers, how to share and distribute information 9. Contract management – procurement examples, legal implications and ethical considerations 10. SBOM management – technology for process automation, security and risk management 11. Roles, responsibilities and execution 12. VEX – Vulnerability Exchange – data exchange, information exchange, automation HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 37 Project IIoTSBOM – what we will be doing in the next 3 years 13. Where and how to gather information and documentation, developing structured questionnaires, integration in purchasing process 14. Examples and demonstrators of Generating machine & human readable documents 15. Stimulating distribution and sharing of SBOMs 16. Signing and vetting procedures and mechanism for signing and vetting 17. How to consume SBOMs – customer integrations - developing Proof of Concepts 18. Aligning SBOM with technical standards, sector expectations (National Authorities), legislation and regulations, policy making under development : ISO27k, IIoT certificatie, WIB, … 19. Choosing the right formats – mechanisms for the development of SBOMs, available tools and technology – potential alternative models (reference integrity manifest, shared responsibility 20. seeing the bigger picture – supply chain security – Third Party Risk, Vendor Risk HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 38
  • 20. 13/05/2022 20 IIoTSBOM – what we will be doing in the next 3 years HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 39 SBOM : minimum elements for the Executive Order HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 40
  • 21. 13/05/2022 21 Approaches : example Ion Channel HBC.2021.0563 Source : https://ionchannel.io/#/ ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 41 Approaches : SIEM ingestion HBC.2021.0563 Source : OWASP, 2020 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 42
  • 22. 13/05/2022 22 After today : Webinars and Deep Dive sessions HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 43 COOCK IIoTSBOM How to HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 44
  • 23. 13/05/2022 23 COOCK IIoTSBOM How to HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 45 COOCK IIoTSBOM How to HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 46
  • 24. 13/05/2022 24 © 2022 - Rombit Confidential CONCLUSIONS AND NEXT STEPS OVERVIEW IoT CyberSecurity challenges are real and prevalent As a consumer – IoT operator : start asking for SBOMs from your vendors As a producer – manufacturer, service provider : start developing SBOMs Start to prepare for certifications & labeling Learn from experiences and use cases and develop your own Contacts ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 47 HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 48
  • 25. 13/05/2022 25 Q&A 49 Rombit OneTM One-stop shop for safety, security and operational efficiency. Rombit, connecting humans and machines Plug&Play mobile UWB anchor for worker safety and equipment monitoring Rombit M-AnchorTM Interface add-on to M-Anchor, for local access control, certification and operator notifications. Rombit DriverBoxTM © 2022 - Rombit Confidential 50
  • 26. 13/05/2022 26 Dashboard Notifications Man Down, Dead Man’s Switch, Fall Detection, Wear detection SMS / Whatsapp Service Incident Notification Track, Trace and Replay Historical Overview of Incidents Evacuation Management Define and Draw Muster Zones Geofencing Define and Draw Go, No-go zones Vehicle & Driver Stats Eco Driving, Dangerous Driving, Safety Events, Idle Time, Usage, Driver Performance, ... API’s, SDK’s Positioning API, Event API, Driving API, Device Management API Data Lake Real-time storage of all events, locations and permits Alerts & Insights State-of-the-art data ingestion, data lake and real-time analytics platform 51 ONE™ One-stop shop for safety, security and operational efficiency. © 2022 - Rombit Confidential UWB Ultra-wideband ranging, positioning GNSS Positioning NB IoT Low bandwidth cellular LTE cat M1 Low bandwidth cellular Sensoring IMU Battery Lio-Ion Visual Multicolor LED Haptics Vibration motor Button Notification and acknowledgment 52
  • 27. 13/05/2022 27 M-Anchor™ Plug & Play mobile UWB anchor for worker safety and equipment monitoring © 2022 - Rombit Confidential UWB Ultra-wideband ranging, positioning GNSS Positioning NB IoT Low bandwidth cellular LTE cat M1 Low bandwidth cellular EGPRS Medium-speed cellular CANbus Automotive bus IO Digital IO + relay WiFi Wireless LAN Battery Lio-Ion Sensoring IMU Autonomy Solar Power Backup 53 DriverBox™ Interface add-on for M-Anchor, supports local access control, certification and operator notifications. © 2022 - Rombit Confidential NFC Access Control CANbus Automotive bus UWB Proximity, certification Visual Multicolor LED Auditive Buzzer Button Notification and acknowledgment 54
  • 28. 13/05/2022 28 Device manufacturing Towards Security-by-design in IIoT development 55 DIGITAL SECURITY CATALYST 56
  • 29. 13/05/2022 29 NOT THE END More information, slides and follow-up www.lsec.eu www.3if.be - .eu Q or C Ulrich Seldeslachts ulrich@lsec.eu +32 475 71 3602 Dave Singelée IOF research manager Dave.Singelee@esat.kuleuven.be http://www.esat.kuleuven.be/cosic/ KU Leuven – imec – COSIC Kasteelpark Arenberg 10, bus 2452 B-3001 Leuven-Heverlee Myriam Verschure Functional Safety Engineer myriam.verschuure@flandersmake.be Steven Kauffmann Projectleader steven.kauffmann@flandersmake.be Co-creatie centrum voor machinebouw Gaston Geenslaan 8 3001 Heverlee België Key Contacts Ulrich Seldeslachts IIoTSBOM coordinator ulrich@iiotsbom.com Daniel Bora daniel@iiotsbom.com LSEC Weldadigheidsstraat 14 B-3000 Leuven 57 HBC.2021.0563 ©Leaders in Security – LSEC, 2022, Private– Closed User Group Distribution – Do Not Distribute 58