SCOTT:IoT-Cloud Certification Apr2018

From its-wiki.no

Revision as of 12:14, 3 May 2018 by Josef.Noll (Talk | contribs)

Jump to: navigation, search
IoT-Cloud Certification Apr2018
Home Meetings Publications Student corner Factpage
English-Language-icon.png


SCOTT:IoT-Cloud Certification Apr2018

Title IoT_Cloud_certification
Place ECP, Leidschendam
Date, Time 2018/04/26, 0900-1700
Contact Person Ewout Brandsma, Jelle Attema
Participants Ewout Brandsma, Wim Rullens, Bianca Smit, Jelle Attema, Roman Voll, Ramiro Robles, Michael Karner, Peter Priller, Lukasz Kulas, Peter Moertl, Josef Noll
related to Project SCOTT
Keywords
this page was created by Special:FormEdit/Meeting, and can be edited by Special:FormEdit/Meeting/SCOTT:IoT-Cloud Certification Apr2018
Category:Meeting


Venue

ECP, Overgoo 13, 2260 AG Leidschendam, The Netherlands
Route descriptions Overgoo 13 in Leidschendam

Goal of Meeting

  • Information on topics, open issues and future challenges
  • Building a partnership for the different domains
  • Support the discussion on more secure and safe hardware, software, devices and services
  • identify who takes the lead, such that the common interest get's promoted

Attendance

  • Jelle Attema
  • Josef Noll
  • Lukasz Kulas
  • Bianca Smit
  • Michiel Steltman
  • Michael Karner
  • Roman Volf
  • Ad Reuijl (UWV)
  • Ewout Brandsma
  • Werner Rom
  • Bert Tuinsma (Zeker Online)
  • Ramiro Robles
  • Thomas Niessen
  • Wim Rullens

Agenda

09:00 Registration
09:30 Welcome (Jelle Attema)
09:40 Table Round incl update of Agenda
10:00 Introduction - 10 min each
Partnering Trust (NL, Michiel Steltman)
Trusted Cloud (DE, Thomas Niessen)
Zeker-OnLine (NL, Bert Tuinsma, Bianca Smit)
SCOTT (EU, Michael Karner)
Safe-IoT reporting (NL, Michiel Steltman)
10:50 Session A: Security classes, what does it mean for cloud services
Intro Security classes (Josef Noll)
11:00 coffee
11:20 Discussion:
if you have some comments, please contributes with a short intro (max 3 min, 2 slides), then discussion
ordering of IT infrastructure (can levels help?)
SW development, is agile killing security?
impact of IoT on cloud security
mapping Partnering Trust to security classes
enhancing security through monitoring and other mechanisms
Results from IT week Den Haag, 17-20Apr2018
12:00 lunch
12:45 Session B: Privacy label - more than GDPR compliance
Trust framework applied to Privacy label (A-F)
13:50 coffee
14:00 continuation of discussion privacy label
14:30 Session C: European Perspective - discussion the approach for Europe
European Trust Label (DigitalEurope.org)
Our recommendations: software development
Network, our ambition
15:15 Opportunities for cooperation / way forward
15:45 Wrap up
Action Items, follow up: who
16:00 End of Meeting


Thumb Title
Screen Shot 2018-04-26 at 00.52.21.png Privacy labelling, 
enhancing the competitiveness of SMEs
presented by: Josef Noll

Click to Open
Screen Shot 2018-04-26 at 00.41.09.png Security classes, 
relevance for cloud services
presented by: Josef Noll

Click to Open
Screen Shot 2018-04-26 at 11.01.08.png Secure COnnected Trustable Things (SCOTT) overview
presented by: Michael Karner

Click to Open
Screen Shot 2018-05-03 at 13.36.02.png Trust in Cloud Computing as a key to digitization
presented by: Thomas Niessen

Click to Open
Screen Shot 2018-05-03 at 12.07.38.png Zeker online: Strengthening Trust in Cloud Services
presented by: Will Reijnders

Click to Open


Protocols used for accounting and audit (provided by Jelle)

Background

The physical meeting in Leidschendam is the follow up of the phone Meeting phone meeting on Certification, Security, Trust and Privacy in Jan2018. During the meeting, we identified topics for further discussion:

Work done by “Zeker Online” / “Partnering Trust” and the parties involved. "Partnering trust" and the "multi-layer framework" allows for trusted partner relations on different levels.

1.1 Future discussions might address to what degree IoT will put different requirements on the framework
1.2 One of the discussions on future developments is the need for continuous monitoring to elaborate potential security risks. Through SCOTT we collaborate with F-Secure (FI) on a monitoring service for the home, converting the F-Sense device into an SaaS.
1.3 we also discussed briefly the monitoring of traffic in the Norwegian Smart Grid network

is mapped into Session A

SCOTT and its key objectives in this field.

  • SCOTT is about secured connected and trustable things. About 25 demonstrators and use case mainly address the increase of security in wireless communications in the selected domains. In addition, SCOTT has introduced the following new concepts, as presented in Media:201801SCOTT-Privacy_Label.pdf
  • Measurable Security and Security Classes, addressing exposure and impact as compared to frequency and impact as in traditional risk analysis. The main reason is that IoT devices might only be attacked once (thus low frequency), but the risk remains all the time. Future discussions might address
  • Trust framework, combining technical and sociological parameters for enhancing trust. The trust framework is going to be applied to selected use cases.
  • Regarding Privacy Label (A-F), the idea is to make privacy visible to customers, and thus it part of the decision process when buying devices or services. Current discussions are on the understanding what the specific privacy labels address (see ongoing discussions in the presentation). Future discussions might address the understanding of the label (A-F), as well as the technical implementation and the audit regarding the devices.

Security aspects are mapped into Session A, privacy issues are mapped into Session B

Identify opportunities for further cooperation, especially regarding the European perspective.

  • Topics in security, trust and privacy build the basis for a higher perspective
  • SCOTT addresses potential solutions, the path to market and certification issues might be part of the future collaborations.
  • In addition, the alliance of projects working with the same objectives should be pursued.

some of the topics we discussed