Presentation is loading. Please wait.

Presentation is loading. Please wait.

Markus Braendle, ABB Power Systems

Published byRuby Morris Modified over 6 years ago

Similar presentations

Presentation on theme: "Markus Braendle, ABB Power Systems"— Presentation transcript:

1 Markus Braendle, ABB Power Systems
Certifying Control Systems Vendors' Security 2010 European Community SCADA and Process Control Summit © ABB Group November 21, 2018 | Slide 1

2 Compliance / Certification – The fundamentals
Compliance or certification should never be the main goal of any security activity Compliance or certification should be natural step or a side effect of any sound security program (assuming the regulation / standard / certification program is reasonable) © ABB Group November 21, 2018 | Slide 2

3 Challenges with Certification Defining a true benchmark
“The FSA (Functional Security Assessment) examines the device from the point of view of required security capability and correct implementation. Security capabilities may be supported directly by the device itself or may be explicitly allocated to higher level components that support the device in its intended system environment.” Source: ISASecure Embedded Device Security Assurance Certification If there is no true benchmark certification becomes useless for both vendors and end users © ABB Group November 21, 2018 | Slide 3

4 Challenges with Certification Consistent, invariable audits
Results of audits should not never depend on auditor and his interpretation  requirements need to be unambiguous Results of audits should not depend on technical limitations of audit procedures Example: Device Robustness Testing does not always bring consistent results  Certify vendor’s process and policies on regularly performing robustness tests © ABB Group November 21, 2018 | Slide 4

5 Challenges with Certification Development costs and release schedules
Certification must be economically reasonable ABB performs more than 120 robustness tests every year in its dedicated device security assurance (Re)Certification would be needed after (almost) every test run  Certify vendor’s process and policies © ABB Group November 21, 2018 | Slide 5

6 Challenges with Certification Gaining global acceptance
Investing in certification is a significant effort for everyone, certification programs therefore need to have widespread, global acceptance  Certification programs must involve all stakeholders © ABB Group November 21, 2018 | Slide 6

7 Contact information Dr. Markus Braendle Division Cyber Security Manager Power Systems ABB Inc 940 Main Campus Drive Raleigh, NC 27606 Phone Mobile © ABB Group November 21, 2018 | Slide 7 7

8

Download ppt "Markus Braendle, ABB Power Systems"

Similar presentations

In Harmony, In the Cloud: Harmonizing Data Protection Rules In a Cross-Border World Steve Mutkoski Worldwide Director Policy Microsoft Corporation.

In Harmony, In the Cloud: Harmonizing Data Protection Rules In a Cross-Border World Steve Mutkoski Worldwide Director Policy Microsoft Corporation.
Www.theiia.org Continuous Auditing Global Technology Auditing Guide 3 Twelfth Continuous Auditing and Reporting Symposium Rutgers Business School November.

Continuous Auditing Global Technology Auditing Guide 3 Twelfth Continuous Auditing and Reporting Symposium Rutgers Business School November.
Dd. This learning session will help the auditor: Design audit objectives understand why audit criteria are used in performance audits; learn how to develop.

Dd. This learning session will help the auditor: Design audit objectives understand why audit criteria are used in performance audits; learn how to develop.
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective.

Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective.
Introducing the Global Standard for Packaging and Packaging Materials Issue 4 Joanna Griffiths Packaging Technical Manager.

Introducing the Global Standard for Packaging and Packaging Materials Issue 4 Joanna Griffiths Packaging Technical Manager.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.

Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.
WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.

WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.
SEMINAR on the EEA Financial Mechanism THE EUROPEAN COMMISSION DIRECTORATE- GENERAL REGIONAL POLICY Brussels 13 June 2005 Control and Audit Nicholas Martyn.

SEMINAR on the EEA Financial Mechanism THE EUROPEAN COMMISSION DIRECTORATE- GENERAL REGIONAL POLICY Brussels 13 June 2005 Control and Audit Nicholas Martyn.
SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.

SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.

Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
Secretary of State Voting System Security Standards Juanita Woods Secretary of State Elections Division HAVA Information Security.

Secretary of State Voting System Security Standards Juanita Woods Secretary of State Elections Division HAVA Information Security.
Data Integrity Lesson 12. Skills Matrix Maintaining Data Integrity Maintaining data integrity is your most important responsibility. –Performing backups.

Data Integrity Lesson 12. Skills Matrix Maintaining Data Integrity Maintaining data integrity is your most important responsibility. –Performing backups.
Chapter 4 of the Executive Guide manual

Chapter 4 of the Executive Guide manual
Michael Cagle and Holly Langer-Evans | Nov. 2012 U.S. Department of Education 2012 Fall Conference FSA Assessments: Find It, Fix It, and Enhance Compliance.

Michael Cagle and Holly Langer-Evans | Nov U.S. Department of Education 2012 Fall Conference FSA Assessments: Find It, Fix It, and Enhance Compliance.
Visit us at E mail: Tele: +91-79-2656

Visit us at E mail: Tele:
© The McGraw-Hill Companies, Inc., 2003 McGraw-Hill/Irwin Slide 1-1 ACCOUNTING: Information for Decision Making Chapter 1.

© The McGraw-Hill Companies, Inc., 2003 McGraw-Hill/Irwin Slide 1-1 ACCOUNTING: Information for Decision Making Chapter 1.
1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.

1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.

Similar presentations

Ads by Google