Future-Proof Security & Privacy in IoT

Similar documents
In Accountable IoT We Trust

Discussion on MS contribution to the WP2018

The NIS Directive and Cybersecurity in

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

European Union Agency for Network and Information Security

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Medical Device Cybersecurity: FDA Perspective

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

Security and resilience in Information Society: the European approach

ENISA EU Threat Landscape

Cybersecurity & Privacy Enhancements

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

Package of initiatives on Cybersecurity

Enhancing the cyber security &

Cyber Risk and Networked Medical Devices

Towards a European Cloud Computing Strategy

ENISA s Position on the NIS Directive

Cybersecurity & Digital Privacy in the Energy sector

DIGITIZING INDUSTRY, ICT STANDARDS TO

Cyber Security in Europe and CEER s new PEER initiative

Telecommunication Development Bureau (BDT)

Joint FIEEC-ZVEI Position on Cybersecurity

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?

NIS Standardisation ENISA view

The NIST Cybersecurity Framework

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Call for Expressions of Interest

ENISA And Standards Adri án Belmonte ETSI Security Week Event Sophia Antipolis (France) 22th June

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

BHConsulting. Your trusted cybersecurity partner

Horizon 2020 Security

Striving for efficiency

The Australian Government s Approach to Critical Infrastructure Resilience

H2020 Opportunities in the Area of Security and Critical Infrastructure Protection

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

Cybersecurity Protecting your crown jewels

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

The Network and Information Security Directive - ENISA's contribution

ENISA S WORK ON ICS AND SMART GRID SECURITY

Principles for a National Space Industry Policy

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

Cyber Risks in the Boardroom Conference

Run the business. Not the risks.

13967/16 MK/mj 1 DG D 2B

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

OTA & IoT A Shared & Collaborative Responsibility. 24 October 2017

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Security Aspects of Trust Services Providers

Making Privacy Operational

MEDICAL DEVICE CYBERSECURITY: FDA APPROACH

Platform Economy and Trustworthiness Standardization

Security Challenges with ITS : A law enforcement view

Cybersecurity Risk Management:

Directive on Security of Network and Information Systems

Network and Information Security Directive

SOC 3 for Security and Availability

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

Apr. 10, Vulnerability disclosure and handling processes strengthen security programs

EU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017

Global cybersecurity and international standards

POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS

SOC for cybersecurity

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

IoT and Privacy by Design

Trustworthy ICT. FP7-ICT Objective 1.5 WP 2013

National Policy and Guiding Principles

ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles

Why you should adopt the NIST Cybersecurity Framework

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Cyber risk resilience

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

Securing Europe s IoT Devices and Services

How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015

The New Healthcare Economy is rising up

BHConsulting. Your trusted cybersecurity partner

Internet of Things, A European Outlook Antonis Tzortzakakis, Treasurer ECTA

NIS-Directive and Smart Grids

Business Assurance for the 21st Century

Digital Platforms for 'Interoperable and smart homes and grids'

Cyber Security: Threat and Prevention

FDA & Medical Device Cybersecurity

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

EY Consulting. Is your strategy planning for the future or creating it? #TransformativeAge

Information Security Forum Hvad er nyt fra ISF?

The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne

Bradford J. Willke. 19 September 2007

How Secure is Blockchain? June 6 th, 2017

ENISA Cooperation in the EU / NIS Directive

Transcription:

All rights reserved, Arthur s Legal B.V. Future-Proof Security & Privacy in IoT From State of Play, To State of The Art Arthur van der Wees, LLM Managing Director Arthur s Legal, the global tech-by-design law firm & strategic knowledge partner Expert Advisor to the European Commission (IoT, Data Value Chain, AI, Robotics, Computing, Cybersecurity, Privacy & Accountability) Project Leader H2020 IoT LSPs & CSAs Activity Group on Trust, Security, Privacy, Accountability & Liability Specialist Task Force ETSI (STF 547) Co-Leader for Security in IoT & Privacy in IoT Co-Founding Member, Alliance for IoT Innovation (AIOTI) Leader AIOTI Privacy in IoT Taskforce & Co-Leader Security in IoT Taskforce

Smart Everything What s Your Next Smart?

Combination of Smart Features & Functionalities But Do They Actually Work?

Smart Everything: Symbiosis of Functional and Non-Functional Functionalities

Multi-Disciplinary Inter-Disciplinary All rights reserved, Arthur s Legal B.V.

Stand-Alone vs Hyper-Connectivity

Who is Responsible? All rights reserved, Arthur s Legal B.V.

Fragmentation

What Can We Do? What Should We Do?

Back to Basics

All rights reserved, Arthur s Legal B.V. People, Process, Technology & Data Human-Centric Organisations & Systems Data, Information, Knowledge Process People & Society Technology

From Static Markets to Dynamic Markets

From State of Play to State of the Art

From Rule-Based to Principle-Based

From Continual to Continuous

From Compliance to Accountability

Digital Transparency

All rights reserved, Arthur s Legal B.V. From 2018, Digital & Data Are Highly Regulated Domains PSD2: 13 January 2018 NIS: 9 May 2018 Identifying operators of Essential Services 9 November 2018 GDPR: 25 May 2018 Trade Secrets Directive 9 June 2018 Radio Equipment Directive (2016) Registration of radio equipment within some categories: 12 June 2018 e-privacy Regulation (draft) Free Flow of Data Regulation (draft) Cyber Security Act & Certification Scheme (draft) Public Services Information Directive (revision) 1 January 2018 All rights reserved, Arthur s Legal B.V.

All rights reserved, Arthur s Legal B.V. A. Technical Measures B. Organisational Measures C. Policies & Documentation

Build Your Own SOTA Security in IoT Model It s Easy; Just Think N-Dimensional! 1. 35+ SOTA Security Recommendations, Frameworks & Guidelines 2. 1.000+ Security Requirements & Principles (450+ Unique) 3. Segmentation into 4 Layers & 3 Dimensions 4. Structure, Systemize & Semantic Sanitization without Interpretation 5. Context (initially: each of the 5 LSPs) 6. Stakeholders (User, Customer, Supplier, Policy Makers, SDO, Authorities) 7. 5 Life Cycle Metholodogies (Device, Data, Stakeholder, Context, Legal) 8. Interdependencies & Double-Looping

Security & Privacy in IoT / State of the Art (SOTA) 1. European Commission (EC) & Alliance for Internet of Things Innovation (AIOTI): Report on Workshop on Security & Privacy in IoT (2016 & 2017) 2. Alliance for Internet of Things Innovation (AIOTI): Report on Workshop on Security and Privacy in the Hyper-Connected World (2016) 3. European Commission (EC): Best available techniques reference document for the cyber-security and privacy of the 10 minimum functional requirements of the Smart Metering Systems (2016) 4. European Union Agency for Network and Information Security (ENISA): Auditing Security Measures (2013) 5. European Union Agency for Network and Information Security (ENISA): Cloud Certification Schemes Metaframework (2014) 6. Energy Expert Cyber Security Platform: Cyber Security in the Energy Sector (2017) 7. HM Government, Department for Transport and Centre for the Protection of National Infrastructure: The Key Principles of Cyber Security for Connected and Automated Vehicles (2017) 8. Autorité de régulation des communications électroniques et des postes (ARCEP): Preparing for the internet of things revolution (2016) 9. United States Department of Commerce (DoC): Fostering the advancement of the Internet of Things (2017) 10. United States Department of Homeland Security: Strategic Principles for Securing the Internet of Things (2016) 11. United States Department of Health and Human Services, Food and Drug Administration: Postmarket Management of Cybersecurity in Medical Devices (2016) 12. United States Department of Health and Human Services, Food and Drug Administration: Content of Premarket Submissions for Management of Cybersecurity in Medical Devices 13. United States Government Accountability Office: Technology Assessment: Internet of Things Status and implications of an increasingly connected world (2017) 14. National Institute of Standards and Technology (NIST): Networks of Things (2016) 15. IoT Alliance Australia (IoTAA): Internet of Things Security Guideline (2017) 16. GSM Association (GSMA): IoT Security Guidelines Overview Document (2016) 17. GSM Association (GSMA): IoT Security Guidelines for Service Ecosystems (2016) 18. GSM Association (GSMA): IoT Security Guidelines for Endpoint Ecosystems (2016) 19. GSM Association (GSMA): IoT Security Guidelines for Network Operators (2016) 20. IoT Security Foundation (IoTSF): IoT Security Compliance Framework (2016) 21. IoT Security Foundation (IoTSF): Connected Consumer Products Best Practice Guidelines (2016) 22. IoT Security Foundation (IoTSF): Vulnerability Disclosure (2016) 23. Broadband Internet Technical Advisory Group (BITAG): Internet of Things (IoT) Security and Privacy Recommendations (2016) 24. International Organization for Standardization (ISO): Internet of Things Preliminary Report (2014) 25. The Center for Internet Security (CIS): Critical Security Controls v6.0 (2016) 35 + Regulatory Technical Standards of Payment Services Directive (2017) US Congress Proposal for IoT Cybersecurity Improvement Act (2017) Online Trust Alliance: IoT Security & Privacy (2017) OWASP IoT Framework Assessment (2018)

Dynamic Certification & Assurance How to Validate Continuous SOTA Security, Privacy & Trustworthiness? And How to Partner Up with Authorities?

Security & Privacy are Solutions, not Problems Better cybersecurity and (personal) data protection will enable new markets, promote innovation, and give consumers confidence to use new technologies that improve the quality of life. Poor security will likely cause the Digital Technology markets to eventually collapse on itself as consumers, other users and society (the non-users) begin to lose trust in technology from compilations of digital disasters, social meddling and market failure.

No One Has A Monopoly In Cyber No one has the Single Silver Bullet for Future-Proof, Continuous Cyber Resilience. Collaboration therefore is even more Essential. But not many are succeeding, yet. Therefore, I Call for Action to the ETSI Security Week Participants to locally, nationally, regionally and globally setting up collaborations with both private & public sectors combined to join forces & co-create with relevant, likeminded stakeholders: The Coalition of The Willing & Able. To navigate, enable and facilitate society, people and markets in this joint, global, challenging & continuous mission.

Connect & Collaborate

Man & Technology Symbiosis: Hyperconnectivity! Q&A: Anything Goes! vanderwees@arthurslegal.com Arthurslegal.com Arthur.nl @Arthurslegal

Legal Notices All rights reserved, Arthur s Legal B.V. The content of this document is provided as-is and for general information purposes only; it does not constitute strategic, legal or any other professional advice. The content or parts thereof may not be complete, accurate or up to date. Notwithstanding anything contained in this document, Arthur s Legal B.V. and the Institute for Future of Living disclaim responsibility (including where Arthur s Legal B.V., the Institute for Future of Living or any of its officers, employees or contractors have been negligent) for any direct or indirect loss, damage, claim, or liability any person, company, organisation or other entity or body may incur as a result, this to the maximum extent permitted by law.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback