Certified IoT components: the root of trust for a secure ...2019/07/12 · PSA Certified & SESIP...
Transcript of Certified IoT components: the root of trust for a secure ...2019/07/12 · PSA Certified & SESIP...
-
Confidential © 2019 Brightsight
PSA Certified China
Kai-Fan Chang
9th July 2019
Certified IoT components:
the root of trust for a secure,
compliant ecosystem
-
Confidential © 2019 Brightsight
Solving Existing Security IoT Problems
IoT (OEM) developers are experts on services and product execution, not on
security
Security providers of SW and HW need to differentiate themselves: gain
visibility and recognition in the IoT ecosystem
Lack of IoT product security comes at a price: hundreds of norms and
regulations introduced around the world
-
Confidential © 2019 Brightsight
EU certification landscape
eIDAS = Digital Transactions
GDPR = General DATA Protection (Analog / Digital)
e-Privacy regulation = Digital Privacy
CSA = IoT Cyber security Trust Mark for devices
NIS Directive = Cyber security for Critical Infrastructure
e-Health Finance Industry 4.0 Government
PSD2MRD
e-Invoicing
CSA = Cyber security substantial and basic
MiFID II
BSPA, CSPN, CPA, etcIEC 62443
…Trade secrets directive Data Flow directive
-
Confidential © 2019 Brightsight
Common requirements
Core IoT Cybersecurity Capabilities Baseline
Se
cto
r A
Se
cto
r B
Se
cto
r C
Se
cto
r D
Ve
rtic
al A
Ve
rtic
al B
Ve
rtic
al C
https://www.nist.gov/sites/default/files/documents/2019/02/01/final_core_iot_cybersecurity_capabilities_baseline_considerations.pdf
https://www.enisa.europa.eu/publications/baseline-security-recommendations-for-iot
-
Confidential © 2019 Brightsight
IoT Platforms certification
IoT product
Application Software
IoT Platform
IoT Platform (SW)
IoT Platform (HW)
Security
expertise
needed
Number of
evaluations
-
Confidential © 2019 Brightsight
Embedded World 2019
-
Confidential © 2019 Brightsighthttps://www.psacertified.org/certified-products/
…
20 out of 26 certificates from Brightsight
-
Confidential © 2019 Brightsight
Success stories: Lierda & STM
IoT Platform
IoT Platform (SW)
IoT Platform (HW)
Certified RTOS TTS
Certified Chip STM32 L5
Making use of security
functionalities provided by
a certified chip
-
Confidential © 2019 Brightsight
arm TechCon 2019We are looking for partners for PSA (L2) pilots!
October 8-10, 2019 | San Jose Convention Center
-
Confidential © 2019 Brightsight
Focus on devices with a PSA Root of Trust
Any Architecture
PSA Level 1 – whole SoC/SW/Device scope
with a security questionnaire
Has a Level 2 and a Level 3 PSA-RoT
Protection Profile
Compatible Levels with SESIP
Working in GlobalPlatform
PSA Certified & SESIP
Flexible evaluation methodology
Any target, any Architecture
Accredited test lab based
Bring your own Security Target
Five assurance levels
4 attack profiles
Compatible levels with PSA Certified
Working in GlobalPlatform
-
Confidential © 2019 Brightsight
one solution to many problems
Platforms Products
Automotive
Industrial
Energy and infra
-
Confidential © 2019 Brightsight
Kai-Fan Chang
www.brightsight.com