Conformity Assessment

Slides:

Advertisements

Similar presentations

Cloud computing security related works in ITU-T SG17

Advertisements

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

1 Accelerating Standards for the Smart Grid David Wollman National Institute of Standards and Technology

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All IEEE-SA Smart Grid Steve Mills, President, IEEE Standards Association Document No: GSC16-PLEN-47.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

DOE’s Smart Grid R&D Needs Steve Bossart Energy Analyst U.S. Department of Energy National Energy Technology Laboratory Materials Challenges in Alternative.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

WHY CONFORMITY ASSESSMENT?. What is conformity assessment?  Conformity assessment is the name given to processes that are used to demonstrate that a.

1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.

1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

Standards and innovation What is a standard? How do standards promote innovation? What is the role of governments and the UN?

Using Business Scenarios for Active Loss Prevention Terry Blevins t

Tom MAZOUR IAEA, Division of Nuclear Power

Presentation of projects’ ideas. 1. Madrid Network “A public-private network which aim is to contibute actively to position Madrid Region in the top.

1 FP7 ICT Work Programme Update NCP Meeting, 12 May 2009.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.

Overview Privacy Management Reference Model and Methodology (PMRM) John Sabo Co-Chair, PMRM TC.

Vincenzo Artale ENEA Energy and Environment Modeling, ENEA Technical Unit (UTMEA, CR Casaccia, Rome (Italy)

Conformity Assessment Overview Nuclear Energy Standards Coordinating Collaborative November 2009 Gordon Gillerman Chief Standards Services Division National.

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.

TM/WS 9-12 February GROUP 3: Bangladesh, Croatia, Egypt, Jordan, Montenegro, Namibia, Senegal, Syria, Vietnam and Yemen Moderator: Dr. I. Rotaru,

IEC TC57 WG15 - Security Status & Roadmap, TC57 Plenary, May 2007

Interoperability Standards and Next Generation Interconnectivity Pankaj Batra Chief (Engineering) CERC.

Grid Security and Advancements in Smart Grid Technology Dr. Veronika A. RABL Chair, IEEE-USA Energy Policy Committee Principal, Vision & Results Washington,

GSC-19 Meeting, July 2015, Geneva Guest Presentation by ISO and IEC Henry Cuschieri, ISO Gilles Thonet, IEC Jim MacFie, JTC 1 Document No:GSC-19_009.

ISA99 - Industrial Automation and Controls Systems Security

INTERNATIONAL ELECTROTECHNICAL COMMISSION IECRE Conformity Assessment System Kerry McManama Executive Secretary IECEE, IECRE.

Information Security tools for records managers Frank Rankin.

UPDATES ON THE LATEST DEVELOPMENTS IN LITHUANIA Aistija Zubaviciute NCC, Lithuania 11 th Baltic Electricity Market Mini-Forum 1 st October 2010.

Technology Services – National Institute of Standards and Technology Conformity Assessment ANSI-HSSP Workshop Emergency Communications December 2, 2004.

Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.

SIMONA MURRONI Bruxelles - June 27th 2013 Bridging lessons learned from the past with new planning and delivery approaches in the energy sector.

Standards Certification Education & Training Publishing Conferences & Exhibits 1 Copyright © ISA, All Rights reserved ISA99 - Industrial Automation and.

Eric Peirano, Ph.D., TECHNOFI, COO

Society for Maintenance and Reliability Professionals (SMRP)

IECEE CB-FCS Full Certification Scheme

IECEE CB-FCS Full Certification Scheme

Smart Grid Standard activities in Korea

Eric Peirano, Ph.D., TECHNOFI, COO

4th SG13 Regional Workshop for Africa on “Future Networks for a better Africa: IMT-2020, Trust, Cloud Computing and Big Data” (Accra, Ghana, March.

Infraestructura para Internet Industrial

Tutorials of Q.8: cloud security related works in SG17

Dr. Stephan Finke Deutsche Akkreditierungsstelle GmbH

Batteries, chargers and charging stations

Learn Your Information Security Management System

Network Innovation Allowance Project: South East Smart Grid

IEC SMB Smart Grid Strategic Group – SG3

ICT Security Expert, DC Cloud Practice Leader HUAWEI

About the NIS directive

IEC e-Learning module Module 41 – unit 03 IECRE Benefits © IEC 2016.

IECRE Conformity Assessment System

NATURAL RESOURCES CLASSIFICATION SYSTEMS

BU IS GIG Chemical, Oil & Gas

Cyber-security and IEC International Standards

Karen Bartleson, President, IEEE Standards Association

Frameworks, Standards, Guidelines, and Best Practices

IEC e-Learning module Module 31 – unit 03 IECQ Benefits © IEC 2017.

Security and business continuity in ICT : a case study by Orange

Cloud Computing Standardization Includes Security

ENERGY STORAGE IN ENERGY POLICY URUGUAY 2030

Security for Safety: Enabling Digitalization of Railway Systems

Cyber Security in a Risk Management Framework

IECRE Conformity Assessment System

Railway Conference Pardubice

URS Washington Group International, Inc.

Security Policies and Implementation Issues

Adding security to your ICS environment? Fine! But how?!

Presentation transcript:

Conformity Assessment Cybersecurity & Conformity Assessment introduction to the Generic Matrix Model David Hanlon IEC Secretary of the Conformity Assessment Board Standardization in the Digital Transformation, St Petersburg, Russia 2018-05-22

CRITICAL INFRASTRUCTURE CYBERSECURITY SMART GRID TRANSPORT SYSTEMS BANKING SYSTEMS OIL CLOUD COMPUTING RAIL HACKING AVIONICS INTERNET OF THINGS CRITICAL INFRASTRUCTURE GAS 2

CYBERSECURITY Security Risk  International Standards  Appropriate level of Conformity Assessment 3

CYBERSECURITY value creation Standards and Conformity Assessment are like two sides of a coin… …neither side has value without the other side Standards + Conformity Assessment = Value 4

GENERIC MATRIX MODEL  a system’s-approach to cybersecurity A tool in a process Cross-references  Technical system elements against  Objects of conformity (things that can actually be assessed) Risk analysis Standards gap analysis  a system’s-approach to cybersecurity 5

Technical-system Systems ≈ Systems A technical system Elements  interacting, interacting, interdependent  physical and/or virtual  Confined or dispersed  Need occasional/constant repair, replace, update, upgrade  many transmit & receive information Forming purposeful whole Periodic or constant modification  by virtual, automated or human intervention 6

physical security ≠ physical security cybersecurity ≈ cybersecurity Technical-system Systems ≈ Examples Industrial Automation System  Many components  In confined physical area Railway System  Many components  Spread over large physical area Electrical Energy Grid System  Many components  Spread over large physical area physical security ≠ physical security cybersecurity ≈ cybersecurity 7

Technical-system Components SYSTEM MODEL Interconnections Model of Technical-system Model of Components product A, B… Product development Product manufacture etc Interconnections SYSTEM MODEL Systems integration design Systems integration implementation etc / realisation Interventions Asset owner operation Systems upgrades / patch management Vendor & service providers etc 8

Things that can actually be assessed. Objects of conformity Things that can actually be assessed. Products Physical products or components Virtual products Data, information, identity etc People competency System design, build competencies IT / OT competencies Management process cometencies etc Service = + + Processes Quality management & operational processes Manufacturing, system build processes Supply chain management, detection & recovery processes etc 9

Systems-approach to CA Generic Matrix Model (GMM) OBJECTS OF CONFORMITY Products Products People Processes Components product A, B, C… Product development Product manufacture etc Interconnections Systems integration design Systems integration implementation etc / realisation Interventions Asset owner operation Systems upgrades / patch management Vendor & service providers SYSTEM MODEL People People competency Processes 10

Systems-approach to CA Generic Matrix Model (GMM) Components product A, B, C… Product development Product manufacture etc Interconnections Systems integration design Systems integration implementation etc / realisation Interventions Asset owner operation Systems upgrades / patch management Vendor & service providers SYSTEM MODEL OBJECTS OF CONFORMITY Products People Processes Testing Product design competency Design processes Product manufacturing competency Manufacturing processes Systems design competency Interoperability Component selection processes Systems build competency Design / realization processes IT/OT competency People selection processes Supplier qualification processes IT/OT competency 11 Service processes

Generic Matrix Model (GMM) 12

Cybersecurity Standards Situation >600 standards Convergence OT  IEC 62443 series IT  ISO/IEC 27000 series Examples Industrial Automation System  IEC 62443 Railway System  IEC 62443 Smart Grid Electrical System  IEC 62443, ISO/IEC 27000, IEC 62351 Cloud Computing  ISO/IEC 27000, IEC 62443 ISO/IEC 19086 13

Systematic Methodology Map sector application to Generic Matrix Model (GMM) Risk analysis of sector application map Identify and rate risk points Determine appropriate level of CA for each risk point according to risk level rating Identify requirements documents (standards) Determine what is available/appropriate  standards gap analysis Determine how to fill the gaps ( standards development) Apply appropriate CA to appropriate standards at each risk point Revue, revise, renew (R3) periodic 14

IEC standards development (SD) & conformity assessment (CA) activities  global services ISO/IEC 17000 series International Standards for CA 15

IECEE global CA schemes CB-Scheme new Cybersecurity Scheme  IEC 62443 series 16

Common Regulatory Objectives UN CRO guidelines Common Regulatory Objectives Cybersecurity A Common Regulatory Framework for Cybersecurity Based on…  Generic Matrix Model  Systematic Methodology  IECEE global cybersecurity CA services  world’s best practice 17

Questions 18

Thank you David Hanlon Standardization in the Digital Transformation, IEC Secretary of the Conformity Assessment Board Standardization in the Digital Transformation, St Petersburg, Russia 2018-05-22