IoT Day Roundtable Webinar – 8 April 2022 – The Need for IoT Security Standards & Certification
To celebrate Global IoT Day, IoTAC (Security By Design IoT Development and Certificate Framework with Front-end Access Control) is organizing an online roundtable on “The need for IoT security standards & certification” with the participation of the European Commission, ENISA, leading SDOs, and some of the premier partners of European IoT research.
Feel welcome to join this conversation free of charge. See hereby the registration link.
When focussing on IoT and other connected devices and taking a risk-perspective to those, a methodology to do high-level quality risk classification is to have a multi-layered approach and do such risk classification per spectrum, starting with the risk classification of the connectors and connectivity of the IoT device itself, thereafter with the risk classification of functionalities, et cetera. Up to 16 spectra have already been identified.
Together with AIOTI IoT Security and certain relevant external organisations such as JRC, a Device-Centric IoT Security Risk Spectra Mapping Tool has been developed and established. It provides guidance on the multi-layered and holistic risk classification of IoT Devices by means of said IoT security risk spectra methodology, risk level definitions and related IoT security risk mapping. AIOTI IoT Security Taskforce Leaders, being (A) Arthur van der Wees, our own Managing Director of Arthur’s Legal, Strategies & Systems, and (B) Jacques Kruse Brandao, Global Head of Advocacy at SGS Cybersecurity Services.
During this presentation, taking place from 10.30 -10.40 ' o clock (CEST), Jacques Kruse Brandao and Arthur van der Wees will explain how it was developed, and how it works.
The Presentation: Risk classification spectra: a multi-layered approach will talk about IoT security risk classification as the essential starting point to mitigating cyber threats.
When focussing on IoT and other connected devices and taking a risk-perspective to those, a methodology to do high-level quality risk classification is to have a multi-layered approach and do such risk classification per spectrum, starting with the risk classification of the connectors and connectivity of the IoT device itself, thereafter with the risk classification of functionalities, et cetera. Up to 16 spectra have already been identified.
Together with AIOTI WG Standardisation and WG Policy & Strategy and certain relevant external organisations, a Device-Centric IoT Security Risk Spectra Mapping Tool has been developed and established. It provides guidance on the multi-layered and holistic risk classification of IoT Devices by means of said IoT security risk spectra methodology, risk level definitions and related IoT security risk mapping.
Please visit this site for more information: https://iotac.eu/iot-day-roundtable-2022/
Agenda
| Time (CET) | Organizations | Speaker | Title |
| 09:30 – 9:45 | DG CNECT | Aristotelis Tzafalias | Keynote: IoT cybersecurity standards and certification, and related EC policy |
| 09:45 – 10:00 | ENISA | Philippe Blot, Head of Sector Cybersecurity Certification, ENISA | Keynote |
| 10:00 – 10:10 | ETSI | Gisela Meister, Senior Security Consultant, Eurosmart | The ETSI Consumer IoT Series EN 303645 in the context of the Cybersecurity Act (CSA) and the Radio Equipment Directive (RED) |
| 10:10 – 10:20 | ECSO | Roland Atoui, Managing Director, RED ALERT LABS & co-chair of SWG1.1, ECSO | Top Cybersecurity Certification Challenges Facing Connected Device Stakeholders |
| 10:20 – 10:30 | GlobalPlatform | Gil Bernabeu, Technical Director, GlobalPlatform | GlobalPlatform Standards: Helping Device Manufacturers Realise IoT Market Promises |
| 10:30 – 10:40 | AIOTI | Arthur van der Wees, Managing Director & Founder, Arthur’s Legal, Strategies & Systems and IoT Security Taskforce Leader, AIOTI Jacques Kruse-Brandao, Global Head of Advocacy, SGS Cybersecurity Services and IoT Security Taskforce Leader, AIOTI |
Risk classification spectra: a multi-layered approach – IoT security risk classification as the essential starting point to mitigating cyber threats |
| 10:40 – 10:50 | E&Y | Zala Mihaly, Head of Technology Consulting and Cybersecurity, Ernst & Young Consulting |
Advanced defence solutions with IT/OT systems |
| 10:50 – 11:00 | BEUC | Cláudio Teixeira, Legal Officer, BEUC The European Consumer Organization |
Protecting European Consumers i n the age of Cybersecurity and Connected Devices |
| 11:00 – 11:20 | Panel discussion | ||
| H2020 projects | |||
| 11:20 – 11:30 | CONCORDIA | Argyro Chatzopoulou, Senior Consultant, TÜV TRUST IT GmbH | IoT Certification Challenges – The connection to Standardization |
| 11:30 – 11:40 | EU-IoT | Dr. Rute Sofia, IIoT competence field head, fortiss GmbH | Next-generation IoT and trustworthiness challenges, the perspective of EU-IOT |
| 11:40 – 11:50 | CYRENE | Sofoklis Efremidis, Project Manager, Maggioli SpA | Certifying the Security of Supply Chain Services |
| 11:50 – 12:00 | FISHY | Henrique Santos, Associate Professor, University of Minho | The Role of Certification to Leverage Trust level in IoT-based Supply Chains: the Fishy vision |
| 12:00 – 12:10 | BIECO | Sara Nieves Matheu Garcia, Postdoctoral Researcher, University of Murcia | Towards a methodology for evaluating and certifying system cybersecurity |
| 12:10 – 12:20 | ASSURED | Dr. Thanassis Giannetsos, Head of Trusted Computing & Digital Security Group, UBITECH Ltd. | Future Proofing the Connected World: ASSURING Trust in Next-Generation Systems-of-Systems |
| 12:20 – 12:30 | IoTAC | Sascha Hackel, Research Associate, Fraunhofer Institute for Open Communication Systems | Security Validation and Certification in the IoTAC project |
| 12:30 – 12:50 | Panel discussion | ||
| 12:50 | END |