Presentation is loading. Please wait.

Presentation is loading. Please wait.

Conformity Assessment

Published byAri Leppänen Modified over 5 years ago

Similar presentations

Presentation on theme: "Conformity Assessment"— Presentation transcript:

1 Conformity Assessment
Cybersecurity & Conformity Assessment introduction to the Generic Matrix Model David Hanlon IEC Secretary of the Conformity Assessment Board Standardization in the Digital Transformation, St Petersburg, Russia

2 CRITICAL INFRASTRUCTURE
CYBERSECURITY SMART GRID TRANSPORT SYSTEMS BANKING SYSTEMS OIL CLOUD COMPUTING RAIL HACKING AVIONICS INTERNET OF THINGS CRITICAL INFRASTRUCTURE GAS 2

3 CYBERSECURITY Security Risk  International Standards
 Appropriate level of Conformity Assessment 3

4 CYBERSECURITY value creation Standards and Conformity Assessment
are like two sides of a coin… …neither side has value without the other side Standards + Conformity Assessment = Value 4

5 GENERIC MATRIX MODEL  a system’s-approach to cybersecurity
A tool in a process Cross-references  Technical system elements against  Objects of conformity (things that can actually be assessed) Risk analysis Standards gap analysis  a system’s-approach to cybersecurity 5

6 Technical-system Systems ≈ Systems A technical system Elements
 interacting, interacting, interdependent  physical and/or virtual  Confined or dispersed  Need occasional/constant repair, replace, update, upgrade  many transmit & receive information Forming purposeful whole Periodic or constant modification  by virtual, automated or human intervention 6

7 physical security ≠ physical security cybersecurity ≈ cybersecurity
Technical-system Systems Examples Industrial Automation System  Many components  In confined physical area Railway System  Many components  Spread over large physical area Electrical Energy Grid System  Many components  Spread over large physical area physical security ≠ physical security cybersecurity ≈ cybersecurity 7

8 Technical-system Components SYSTEM MODEL Interconnections
Model of Technical-system Model of Components product A, B… Product development Product manufacture etc Interconnections SYSTEM MODEL Systems integration design Systems integration implementation etc / realisation Interventions Asset owner operation Systems upgrades / patch management Vendor & service providers etc 8

9 Things that can actually be assessed.
Objects of conformity Things that can actually be assessed. Products Physical products or components Virtual products Data, information, identity etc People competency System design, build competencies IT / OT competencies Management process cometencies etc Service = + + Processes Quality management & operational processes Manufacturing, system build processes Supply chain management, detection & recovery processes etc 9

10 Systems-approach to CA
Generic Matrix Model (GMM) OBJECTS OF CONFORMITY Products Products People Processes Components product A, B, C… Product development Product manufacture etc Interconnections Systems integration design Systems integration implementation etc / realisation Interventions Asset owner operation Systems upgrades / patch management Vendor & service providers SYSTEM MODEL People People competency Processes 10

11 Systems-approach to CA
Generic Matrix Model (GMM) Components product A, B, C… Product development Product manufacture etc Interconnections Systems integration design Systems integration implementation etc / realisation Interventions Asset owner operation Systems upgrades / patch management Vendor & service providers SYSTEM MODEL OBJECTS OF CONFORMITY Products People Processes Testing Product design competency Design processes Product manufacturing competency Manufacturing processes Systems design competency Interoperability Component selection processes Systems build competency Design / realization processes IT/OT competency People selection processes Supplier qualification processes IT/OT competency 11 Service processes

12 Generic Matrix Model (GMM)
12

13 Cybersecurity Standards
Situation >600 standards Convergence OT  IEC series IT  ISO/IEC series Examples Industrial Automation System  IEC 62443 Railway System  IEC 62443 Smart Grid Electrical System  IEC 62443, ISO/IEC 27000, IEC 62351 Cloud Computing  ISO/IEC 27000, IEC 62443 ISO/IEC 19086 13

14 Systematic Methodology
Map sector application to Generic Matrix Model (GMM) Risk analysis of sector application map Identify and rate risk points Determine appropriate level of CA for each risk point according to risk level rating Identify requirements documents (standards) Determine what is available/appropriate  standards gap analysis Determine how to fill the gaps ( standards development) Apply appropriate CA to appropriate standards at each risk point Revue, revise, renew (R3) periodic 14

15 IEC standards development (SD) & conformity assessment (CA) activities
global services ISO/IEC 17000 series International Standards for CA 15

16 IECEE global CA schemes
CB-Scheme new Cybersecurity Scheme  IEC series 16

17 Common Regulatory Objectives
UN CRO guidelines Common Regulatory Objectives Cybersecurity A Common Regulatory Framework for Cybersecurity Based on…  Generic Matrix Model  Systematic Methodology  IECEE global cybersecurity CA services  world’s best practice 17

18 Questions 18

19 Thank you David Hanlon Standardization in the Digital Transformation,
IEC Secretary of the Conformity Assessment Board Standardization in the Digital Transformation, St Petersburg, Russia

Download ppt "Conformity Assessment"

Similar presentations

Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
1 Accelerating Standards for the Smart Grid David Wollman National Institute of Standards and Technology 301-975-2433

1 Accelerating Standards for the Smart Grid David Wollman National Institute of Standards and Technology
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All IEEE-SA Smart Grid Steve Mills, President, IEEE Standards Association Document No: GSC16-PLEN-47.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All IEEE-SA Smart Grid Steve Mills, President, IEEE Standards Association Document No: GSC16-PLEN-47.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
DOE’s Smart Grid R&D Needs Steve Bossart Energy Analyst U.S. Department of Energy National Energy Technology Laboratory Materials Challenges in Alternative.

DOE’s Smart Grid R&D Needs Steve Bossart Energy Analyst U.S. Department of Energy National Energy Technology Laboratory Materials Challenges in Alternative.
Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
WHY CONFORMITY ASSESSMENT?. What is conformity assessment?  Conformity assessment is the name given to processes that are used to demonstrate that a.

WHY CONFORMITY ASSESSMENT?. What is conformity assessment?  Conformity assessment is the name given to processes that are used to demonstrate that a.
1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS-10.24.03 Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.

1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.
Standards and innovation What is a standard? How do standards promote innovation? What is the role of governments and the UN?

Standards and innovation What is a standard? How do standards promote innovation? What is the role of governments and the UN?
Using Business Scenarios for Active Loss Prevention Terry Blevins t

Using Business Scenarios for Active Loss Prevention Terry Blevins t
Tom MAZOUR IAEA, Division of Nuclear Power

Tom MAZOUR IAEA, Division of Nuclear Power
Presentation of projects’ ideas. 1. Madrid Network “A public-private network which aim is to contibute actively to position Madrid Region in the top.

Presentation of projects’ ideas. 1. Madrid Network “A public-private network which aim is to contibute actively to position Madrid Region in the top.
1 FP7 ICT Work Programme 2009-10 Update NCP Meeting, 12 May 2009.

1 FP7 ICT Work Programme Update NCP Meeting, 12 May 2009.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.
Overview Privacy Management Reference Model and Methodology (PMRM) John Sabo Co-Chair, PMRM TC.

Overview Privacy Management Reference Model and Methodology (PMRM) John Sabo Co-Chair, PMRM TC.
Vincenzo Artale ENEA Energy and Environment Modeling, ENEA Technical Unit (UTMEA, CR Casaccia, Rome (Italy)

Vincenzo Artale ENEA Energy and Environment Modeling, ENEA Technical Unit (UTMEA, CR Casaccia, Rome (Italy)

Similar presentations

Ads by Google