Lighting a secure tomorrow - Cybersecurity Challenges in IOT & the lighting industry - Lighting Europe
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Lighting a secure tomorrow Cybersecurity Challenges in IOT & the lighting industry By Mahmoud Ghaddar CISO Standardisation – Legrand November 2018
Summary
Introduction
The link between cybersecurity and lighting
Challenges
Regulation and open standards
What others are doing
2
Introduction
Light is critical in some situations !
Airplane… Fire… Hungry…
…runway lights …Exit lighting …Fridge light.*
3
* Depends on the definition of critical
The link between cybersecurity and lighting
Yesterday ✓Risks are controlled during
manufacturing
Better regulations & standards
Functional risks
Lighting equipment not working Testing and certifications
✓Risks are controlled in run
environment
Safety risks Frequently check equipment
- Contact with live parts causing Replace faulty equipment
shock and burns
- Faults which could cause fires;
- Fire or explosion
✓And we have experience…
We’ve been lighting the world for
over a century
4
Introduction
But we’re not going to talk about light...
5
The link between cybersecurity and lighting
Today
New Cybersecurity risks to address
6
Main challenges
New functions =
New things to think about
➢ Asset lifecycle
➢ Access Control
➢ Cryptography
➢ Malware & Vulnerability management
➢ Network security
➢ Development and maintenance
➢ Supplier relationships
➢ Incident management
➢ Continuity management
➢ Compliance with laws linked to data
➢ Etc.
7
Main challenges
Cost & Size Users
• Physical space within a • Unintended uses or
device improper
• Cost of security within configuration
the cost of a product • Misaligned incentives
Experts Service life
• Cybersecurity experts • Some products with
hard to find over 10 year lifespan
• We are manufacturers,
not software
companies
Liability
• Who is responsible in case of a hack/malware?
• Cyber is borderless
8
Regulations and standards
Regulation will help address some issues
Some good examples : GDPR, Cyber Act
Some potential bad examples if not studied thoroughly : Cyber Security
requirements in RED Directive ?
Cybersecurity should always be risk oriented
Both risks must be considered in IOT : Inward risks : Risks from the
environment on the solution) and Outward risks : Risks from the solution to the
environment
Cybersecurity is about Process, People and Technology.
9
Regulations and standards
Develop and focus on open industry led standards
We don’t want a false sense of security, or a label, we want real security
10
https://xkcd.com/927/What others are doing
Industrial organisations or consortia (ex: Orgalime, CECAPI, Ignes,
FIEEC, ZVEI, Digital Europe, etc.)
All have an equivalent of a WG on cybersecurity
Main objectives : Follow-up and lobbying on regulations (position papers,
communication with the commission, impact analysis of regulations, etc.)
Standardisation
In transversal/horizontal standards : Defining a framework, principles and guidelines
for cybersecurity and privacy in IOT
▪ Examples :
– ISO/IEC CD 27030, ISO/IEC SP S&P in IOT Domotics,
– ISO/IEC SP for S&P recommendations for IOT Devices
In verticals : Including basic security requirements in products
▪ Examples :
– ISO/SAE CD 21434 - Road Vehicles -- Cybersecurity engineering
– IEC SC 121A - PT 63208 Security aspects of switchgear and controlgear - Security aspects
11Final word
“Great things are not done by impulse, but by a series of small things
brought together.”
George Eliot
12Thank you for your attention!
Questions?
A raised question is one half of knowledge.
A prudent answer is one-half of wisdom.
13You can also read
