Difference between revisions of "SCOTT:IoT-Cloud Certification Apr2018"
From its-wiki.no
Josef.Noll (Talk | contribs) (→Agenda) |
Josef.Noll (Talk | contribs) (→Agenda) |
||
(18 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{Meeting | {{Meeting | ||
|Title=IoT_Cloud_certification | |Title=IoT_Cloud_certification | ||
− | |Place=Leidschendam | + | |Place=ECP, Leidschendam |
|Date=2018/04/26 | |Date=2018/04/26 | ||
− | |Duration= | + | |Duration=0900-1700 |
|Organiser=Ewout Brandsma, Jelle Attema | |Organiser=Ewout Brandsma, Jelle Attema | ||
− | |User=Ewout Brandsma, Wim Rullens, Bianca Smit, Jelle Attema, Roman Voll, Ramiro Robles, Michael Karner, Peter Priller, Lukasz Kulas, Peter Moertl, | + | |User=Ewout Brandsma, Wim Rullens, Bianca Smit, Jelle Attema, Roman Voll, Ramiro Robles, Michael Karner, Peter Priller, Lukasz Kulas, Peter Moertl, Josef Noll, |
|Project=SCOTT | |Project=SCOTT | ||
}} | }} | ||
= Venue = | = Venue = | ||
− | Leidschendam, ''more | + | ECP, Overgoo 13, 2260 AG Leidschendam, The Netherlands <br/> |
+ | [[Route descriptions Overgoo 13 in Leidschendam]] | ||
+ | == Goal of Meeting == | ||
+ | * Information on topics, open issues and future challenges | ||
+ | * Building a partnership for the different domains | ||
+ | * Support the discussion on ''more secure and safe hardware, software, devices and services'' | ||
+ | * identify who takes the lead, such that the common interest get's promoted | ||
+ | == Attendance == | ||
+ | * Jelle Attema | ||
+ | * Josef Noll | ||
+ | * Lukasz Kulas | ||
+ | * Bianca Smit | ||
+ | * Michiel Steltman | ||
+ | * Michael Karner | ||
+ | * Roman Volf | ||
+ | * Ad Reuijl (UWV) | ||
+ | * Ewout Brandsma | ||
+ | * Werner Rom | ||
+ | * Bert Tuinsma (Zeker Online) | ||
+ | * Ramiro Robles | ||
+ | * Thomas Niessen | ||
+ | * Wim Rullens | ||
+ | |||
= Agenda = | = Agenda = | ||
− | : | + | :09:00 Registration |
− | : | + | :09:30 Welcome (Jelle Attema) |
− | :10: | + | :09:40 Table Round incl update of Agenda |
− | :: Partnering Trust (Michiel) | + | :10:00 '''Introduction''' - ''10 min each'' |
− | :: Trusted Cloud (DE, | + | :: Partnering Trust (NL, Michiel Steltman) |
− | :: Zeker | + | :: Trusted Cloud (DE, Thomas Niessen) |
− | :: SCOTT (Michael | + | :: Zeker-OnLine (NL, Bert Tuinsma, Bianca Smit) |
− | :: Safe-IoT reporting (NL, Michiel) | + | :: SCOTT (EU, Michael Karner) |
− | :10: | + | :: Safe-IoT reporting (NL, Michiel Steltman) |
+ | :10:50 '''Session A: Security classes, what does it mean for cloud services''' | ||
:: Intro Security classes (Josef Noll) | :: Intro Security classes (Josef Noll) | ||
− | :11: | + | :11:00 ''coffee'' |
− | :11: | + | :11:20 Discussion: |
:: ordering of IT infrastructure (''can levels help?'') | :: ordering of IT infrastructure (''can levels help?'') | ||
:: SW development, ''is agile killing security?'' | :: SW development, ''is agile killing security?'' | ||
Line 28: | Line 51: | ||
:: mapping ''Partnering Trust'' to security classes | :: mapping ''Partnering Trust'' to security classes | ||
:: enhancing security through monitoring and other mechanisms | :: enhancing security through monitoring and other mechanisms | ||
+ | :: Results from IT week Den Haag, 17-20Apr2018 | ||
:12:00 ''lunch'' | :12:00 ''lunch'' | ||
:12:45 '''Session B: Privacy label - more than GDPR compliance''' | :12:45 '''Session B: Privacy label - more than GDPR compliance''' | ||
− | :: Trust framework applied to | + | :: Trust framework applied to ''Privacy label'' (A-F) |
− | + | ||
:13:50 ''coffee'' | :13:50 ''coffee'' | ||
:14:00 continuation of discussion ''privacy label'' | :14:00 continuation of discussion ''privacy label'' | ||
Line 38: | Line 61: | ||
:: Our recommendations: ''software development'' | :: Our recommendations: ''software development'' | ||
:: Network, our ambition | :: Network, our ambition | ||
− | : 15:15 | + | :15:15 Opportunities for cooperation / way forward |
− | :: | + | :15:45 Wrap up |
− | :: Action Items, follow up | + | :: Action Items, follow up: who |
− | : | + | :16:00 End of Meeting |
+ | |||
+ | {{Show_Presentation_Table|+|26 Apr 2018}} | ||
+ | |||
+ | Protocols used for accounting and audit (provided by Jelle) | ||
+ | * https://www.zeker-online.nl/wp-content/uploads/2018/03/framework-of-standards-zeker-online-english-version-3.1-legal-infra-and-generic-and-specific-accounting-application.pdf | ||
+ | * https://www.zeker-online.nl/wp-content/uploads/2018/03/audit-protocol-3.1-en_final.pdf | ||
+ | * https://www.zeker-online.nl/wp-content/uploads/2018/03/attachment-3-community.pdf | ||
= Background = | = Background = | ||
Line 64: | Line 94: | ||
* In addition, the alliance of projects working with the same objectives should be pursued. | * In addition, the alliance of projects working with the same objectives should be pursued. | ||
− | + | ---- | |
+ | == some of the topics we discussed == | ||
+ | * “ordering of IT” - what kind of security level do I need | ||
+ | * SW development: agile way in development - security needs to part of discussion on development | ||
+ | * needs for requirements for development (time horizons) | ||
+ | * What does security class mean (engineering, IT, political,…) | ||
+ | * different tracks: consumer equipment, medical, automated cars,…. | ||
+ | * SOC2 - https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/infoformanagementofsvcorg.pdf | ||
+ | * Using SIL methodology to adapt for security methodology |
Latest revision as of 19:59, 25 July 2018
IoT-Cloud Certification Apr2018 | ||||||
---|---|---|---|---|---|---|
|
SCOTT:IoT-Cloud Certification Apr2018
Title | IoT_Cloud_certification |
---|---|
Place | ECP, Leidschendam |
Date, Time | 2018/04/26, 0900-1700 |
Contact Person | Ewout Brandsma, Jelle Attema |
Participants | Ewout Brandsma, Wim Rullens, Bianca Smit, Jelle Attema, Roman Voll, Ramiro Robles, Michael Karner, Peter Priller, Lukasz Kulas, Peter Moertl, Josef Noll |
related to Project | SCOTT |
Keywords |
this page was created by Special:FormEdit/Meeting, and can be edited by Special:FormEdit/Meeting/SCOTT:IoT-Cloud Certification Apr2018 |
Category:Meeting |
Venue
ECP, Overgoo 13, 2260 AG Leidschendam, The Netherlands
Route descriptions Overgoo 13 in Leidschendam
Goal of Meeting
- Information on topics, open issues and future challenges
- Building a partnership for the different domains
- Support the discussion on more secure and safe hardware, software, devices and services
- identify who takes the lead, such that the common interest get's promoted
Attendance
- Jelle Attema
- Josef Noll
- Lukasz Kulas
- Bianca Smit
- Michiel Steltman
- Michael Karner
- Roman Volf
- Ad Reuijl (UWV)
- Ewout Brandsma
- Werner Rom
- Bert Tuinsma (Zeker Online)
- Ramiro Robles
- Thomas Niessen
- Wim Rullens
Agenda
- 09:00 Registration
- 09:30 Welcome (Jelle Attema)
- 09:40 Table Round incl update of Agenda
- 10:00 Introduction - 10 min each
- Partnering Trust (NL, Michiel Steltman)
- Trusted Cloud (DE, Thomas Niessen)
- Zeker-OnLine (NL, Bert Tuinsma, Bianca Smit)
- SCOTT (EU, Michael Karner)
- Safe-IoT reporting (NL, Michiel Steltman)
- 10:50 Session A: Security classes, what does it mean for cloud services
- Intro Security classes (Josef Noll)
- 11:00 coffee
- 11:20 Discussion:
- ordering of IT infrastructure (can levels help?)
- SW development, is agile killing security?
- impact of IoT on cloud security
- mapping Partnering Trust to security classes
- enhancing security through monitoring and other mechanisms
- Results from IT week Den Haag, 17-20Apr2018
- 12:00 lunch
- 12:45 Session B: Privacy label - more than GDPR compliance
- Trust framework applied to Privacy label (A-F)
- 13:50 coffee
- 14:00 continuation of discussion privacy label
- 14:30 Session C: European Perspective - discussion the approach for Europe
- European Trust Label (DigitalEurope.org)
- Our recommendations: software development
- Network, our ambition
- 15:15 Opportunities for cooperation / way forward
- 15:45 Wrap up
- Action Items, follow up: who
- 16:00 End of Meeting
Thumb | Title |
---|---|
Security classes,
relevance for cloud services presented by: Josef Noll Click to Open | |
Privacy labelling,
enhancing the competitiveness of SMEs presented by: Josef Noll Click to Open | |
Secure COnnected Trustable Things (SCOTT) overview presented by: Michael Karner Click to Open | |
Trust in Cloud Computing as a key to digitization presented by: Thomas Niessen Click to Open | |
Zeker online: Strengthening Trust in Cloud Services presented by: Will Reijnders Click to Open |
Protocols used for accounting and audit (provided by Jelle)
- https://www.zeker-online.nl/wp-content/uploads/2018/03/framework-of-standards-zeker-online-english-version-3.1-legal-infra-and-generic-and-specific-accounting-application.pdf
- https://www.zeker-online.nl/wp-content/uploads/2018/03/audit-protocol-3.1-en_final.pdf
- https://www.zeker-online.nl/wp-content/uploads/2018/03/attachment-3-community.pdf
Background
The physical meeting in Leidschendam is the follow up of the phone Meeting phone meeting on Certification, Security, Trust and Privacy in Jan2018. During the meeting, we identified topics for further discussion:
Work done by “Zeker Online” / “Partnering Trust” and the parties involved. "Partnering trust" and the "multi-layer framework" allows for trusted partner relations on different levels.
- 1.1 Future discussions might address to what degree IoT will put different requirements on the framework
- 1.2 One of the discussions on future developments is the need for continuous monitoring to elaborate potential security risks. Through SCOTT we collaborate with F-Secure (FI) on a monitoring service for the home, converting the F-Sense device into an SaaS.
- 1.3 we also discussed briefly the monitoring of traffic in the Norwegian Smart Grid network
is mapped into Session A
SCOTT and its key objectives in this field.
- SCOTT is about secured connected and trustable things. About 25 demonstrators and use case mainly address the increase of security in wireless communications in the selected domains. In addition, SCOTT has introduced the following new concepts, as presented in Media:201801SCOTT-Privacy_Label.pdf
- Measurable Security and Security Classes, addressing exposure and impact as compared to frequency and impact as in traditional risk analysis. The main reason is that IoT devices might only be attacked once (thus low frequency), but the risk remains all the time. Future discussions might address
- Trust framework, combining technical and sociological parameters for enhancing trust. The trust framework is going to be applied to selected use cases.
- Regarding Privacy Label (A-F), the idea is to make privacy visible to customers, and thus it part of the decision process when buying devices or services. Current discussions are on the understanding what the specific privacy labels address (see ongoing discussions in the presentation). Future discussions might address the understanding of the label (A-F), as well as the technical implementation and the audit regarding the devices.
Security aspects are mapped into Session A, privacy issues are mapped into Session B
Identify opportunities for further cooperation, especially regarding the European perspective.
- Topics in security, trust and privacy build the basis for a higher perspective
- SCOTT addresses potential solutions, the path to market and certification issues might be part of the future collaborations.
- In addition, the alliance of projects working with the same objectives should be pursued.
some of the topics we discussed
- “ordering of IT” - what kind of security level do I need
- SW development: agile way in development - security needs to part of discussion on development
- needs for requirements for development (time horizons)
- What does security class mean (engineering, IT, political,…)
- different tracks: consumer equipment, medical, automated cars,….
- SOC2 - https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/infoformanagementofsvcorg.pdf
- Using SIL methodology to adapt for security methodology