DELIVERABLE D8.4 - Standardization Activities and ...secureiot.eu/D8.4.pdf · Innovation (AIOTI), Big Data Value Association (BDVA), Plattform Industrie 4.0, European Telecommunications

This document is part of a project that has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 779899. It is the property of the SecureIoT consortium and shall not be distributed or reproduced without the formal approval of the SecureIoT Management Committee. The content of this report reflects only the authors’ view. The Innovation and Networks Executive Agency (INEA) is not responsible for any use that may be made of the information it contains.

Project Acronym: SecureIoT

Grant Agreement number: 779899 (H2020-IoT03-2017 - RIA)

Project Full Title: Predictive Security for IoT Platforms and Networks of Smart

Objects

DELIVERABLE D8.4 - Standardization Activities

and Participation in Associations_First version Deliverable Number D8.4 Deliverable Name Standardization Activities and Participation

in Associations_First version Dissemination level Public

Type of Document Report

Contractual date of delivery 30/06/2019

Deliverable Leader FUJITSU

Status & version 1.0 - Final

WP / Task responsible WP8 (INTRASOFT) / T8.2 (FUJITSU)

Keywords: Standardization Activities, Associations

Abstract (few lines): SecureIoT as a member of the European Cluster of the eight IoT

security and data protection H2020 projects participates with

project contributions in events of standardization organizations

(SDOs) and presents results from 2018 and 2019. These refer to

standards, participation in face-to-face and telephone

conferences, and project contributions to standards. The results

are summarised in this document.

Deliverable Leader: Thomas Walloschke (FUJITSU), Jürgen Neises (FUJITSU)

Contributors: INTRASOFT, ATOS, IDIADA, INRIA, AIT, ITSOWL, SIEMENS

Reviewers: John Soldatos (INTRASOFT), George Moldovan (SIEMENS)

Approved by: Stylianos Georgoulas (INTRASOFT)

Ref. Ares(2019)4507996 - 12/07/2019

Page | 2

Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.

D8.4 - Standardization Activities and Participation in Associations_First version ,

Version: v1.0 - Final, Date 12/07/2019

Executive Summary The SecureIoT project contributions of the last 18 months for standardization organizations

(Industrial Internet Consortium (IIC), International Organization for Standardization (ISO),

European Cluster of H2020 IoT Security and Privacy projects, Alliance for Internet of Things

Innovation (AIOTI), Big Data Value Association (BDVA), Plattform Industrie 4.0, European

Telecommunications Standards Institute (ETSI), etc.) are presented here.

The SecureIoT project results for 2018 and 2019 refer on the one hand to existing standards, but

at the same time also place new requirements on extensions and further developments of these

standards, which in turn must be incorporated into the standardization organizations (SDOs).

SecureIoT is presented as a member of the European Cluster of the eight IoT security and data

protection H2020 projects. Here, the transfer of knowledge between the projects plays an

important role, which is demonstrated by Deliverable D8.4.

The participation of the SecureIoT project in the activities of standards development

organisations and associations is explained: on the one hand participation in face-to-face and

telephone conferences, on the other hand project contributions to standards, as already

mentioned above.

In particular, these activities have been carried out by the project partners ATOS, AIT, INTRASOFT,

ITSOWL, SIEMENS and INRIA together with FUJITSU. More than sixteen important events were

organized as meetings, cluster events within the IoT Week 2018 and 2019 and for

standardization. The cooperation with the Industrial Internet Consortium (IIC), the Industry 4.0

platform, and the Japanese Robot Revolution Initiative (RRI) is worth mentioning.

The importance of the IIoT security requirements, to which this project is dedicated, became

again clear. Regularly the not yet everywhere existing security understanding for IIoT Security

requirements must be triggered.

The previous results of the Work Packages 2-7 form the basis of the presentations to the SDOs

and at the same time represent the input for Task 8.2.

In addition to constructive cooperation with the committees, there are also interest groups with

different views on our project objectives (e.g. safety experts from non-EU countries do not

necessarily follow the strongly EU-oriented project objectives or the safety requirements of

European industry and consider an overinterpretation to be dangerous and not economical).

The intensification of the cooperation with the SDOs is a permanent task in this project and will

be further promoted. Overall, SecureIoT is successfully integrated into the committee landscape.

Page | 3




Document History

Version Date Contributor(s) Description

0.1 05.06.2019 Thomas Walloschke

(FUJITSU) Initial Draft of D8.4

0.2 16.06.2019 John Soldatos (AIT)

Thomas Walloschke

Update

New chapter 2

0.3 17.06.2019 Jérôme François (Inria)

Thomas Walloschke Update of Standardization chapter 3

0.4 21.06.2019 Thomas Walloschke Prefinal version

chapters 3.3 – 3.6 to be updated

0.5 02.07.2019 Daniel Calvo (ATOS)

Thomas Walloschke Atos contribution, ITSOWL

0.6 04.07.2019 Thomas Walloschke Input from Intrasoft; Reformat

0.7 08.07.2019 Thomas Walloschke Preparation for INRIA, ATOS, ITSOWL

for finalization

0.8 09.07.2019 Thomas Walloschke Review

0.9 11.07.2019 Thomas Walloschke Adjustments

1.0 12.07.2019 Thomas Walloschke Final version

Page | 4




Table of Contents Executive Summary ......................................................................................................................... 2

Definitions, Acronyms and Abbreviations ...................................................................................... 7

1 Introduction ............................................................................................................................. 8

1.1 Participants and Objectives ................................................................................................... 8

1.2 Document Structure .............................................................................................................. 9

2 Contributions in Clusters and Associations ........................................................................... 10

2.1 Contributions to the Cluster of IoT Security and Privacy Projects ...................................... 10

2.1.1 Overview ................................................................................................................... 10

2.1.2 Participation in Meetings .......................................................................................... 11

2.1.3 Representation of the Cluster of Projects ................................................................ 12

2.1.4 Coordination of the Risk Assessment Activity .......................................................... 13

2.1.5 Participation in Events organized by the Cluster ...................................................... 14

2.2 Contributions to Alliance for IoT Innovation (AIOTI) .................................................... 14

2.2.1 Contribution to AIOTI WG11 ........................................................................................ 14

2.2.2 Organization of Industry 4.0 Session during IoT Week 2018, Bilbao, Spain ................ 14

2.2.3 Organization of Industry 4.0 Session during IoT Week 2019, Aarhus, Denmark ......... 16

3 Standardization Activities and Participation in Associations ................................................ 17

3.1 Overview ............................................................................................................................. 17

3.2 FUJITSU ................................................................................................................................ 18

3.3 ATOS .................................................................................................................................... 19

3.4 INTRASOFT ........................................................................................................................... 20

3.5 ITSOWL ................................................................................................................................ 20

3.6 INRIA .................................................................................................................................... 20

4 Summary ................................................................................................................................ 22

5 Conclusion and Next Steps .................................................................................................... 23

References .................................................................................................................................... 24

Appendix ....................................................................................................................................... 25

IoT Week 2018, Bilbao – Workshop organized by AIOTI WG11 ............................................... 25

IoT Week 2019, Aarhus – Presentation organized by AIOTI WG11 .......................................... 27

SDN NFV World Congress 2018 - Layer 123 .............................................................................. 28

Page | 5




Table of Figures FIGURE 1: RELATION BETWEEN DELIVERABLE D8.4 AND THE OTHER WORK PACKAGES ..................................................................... 8 FIGURE 2: OVERVIEW OF THE EIGHT EC PROJECTS THAT PARTICIPATE IN THE CLUSTER .................................................................... 10 FIGURE 3: OVERVIEW OF COLLABORATION AREAS FOR THE PROJECTS OF THE CLUSTER ................................................................... 11 FIGURE 4: CHALLENGES FOR THE GLOBAL VALUE CHAIN AT THE IOT WEEK 2018, BILBAO .............................................................. 15 FIGURE 5: THE MISSION OF SECUREIOT AT THE IOT WEEK 2018, BILBAO ................................................................................... 15 FIGURE 6: SECUREIOT AT A GLANCE AT THE IOT WEEK 2019, AARHUS ...................................................................................... 16 FIGURE 7: THE SECURITY DATA COLLECTION INFRASTRUCTURE OF SECUREIOT AT THE IOT WEEK 2019, AARHUS ............................... 16 FIGURE 8: PREDICTIVE CYBERSECURITY SOLUTIONS FOR INDUSTRIAL IOT APPLICATIONS ................................................................. 25 FIGURE 9: THE MVI CLUSTER, DISCUSSION BEFORE SECUREIOT PRESENTATION ............................................................................ 25 FIGURE 10: SECUREIOT PRESENTATION DURING THE WORKSHOP (JÜRGEN NEISES, THOMAS WALLOSCHKE) ...................................... 26 FIGURE 11: AIOTI GUEST (R) FROM RRI (JAPAN) AFTER SECUREIOT PRESENTATION ..................................................................... 26 FIGURE 12: SCALABLE AND CONFIGURABLE END-TO-END COLLECTION AND ANALYSIS OF IOT SECURITY DATA ................................... 27 FIGURE 13: PRESENTATION (JÜRGEN NEISES) ........................................................................................................................ 27 FIGURE 14: JEROME FRANCOIS, RESEARCH SCIENTIST, INRIA AT THE LAYER123 .......................................................................... 28

Page | 6




List of Tables TABLE 1: MEETINGS AND TELEONFERENCES OF THE CLUSTER .................................................................................................... 11 TABLE 2: INITIAL MAPPING OF THE ACTIVITIES OF THE CLUSTER’S PROJECTS RISK ASSESSMENT WORK IN DIFFERENT ACTIVITIES

ASSOCIATED WITH IOT SECURITY RISK ASSESSMENT ....................................................................................................... 13 TABLE 3: EVENTS ORGANIZED BY THE CLUSTER ....................................................................................................................... 14 TABLE 4: ACTIVITIES IN THE AREA OF STANDARDIZATION ........................................................................................................... 17

Page | 7




Definitions, Acronyms and Abbreviations Acronym Title

ABAC Attribute based access control

AI Artificial Intelligence

AIOTI Alliance for Internet of Things Innovation

BDVA Big Data Value Association

DLT Distributed Ledger Technology

DP Data processing

Dx Deliverable (where x defines the deliverable identification number e.g. D1.1.1)

ECSO European Cyber Security Organization

EBDVF European Big Data Value Forum

ETSI European Telecommunications Standards Institute

IEEE Institute of Electrical and Electronics Engineers

IIC Industrial Internet Consortium

IRTF Internet Research Task Force

ISO International Organization for Standardization

ISKB IoT Security Knowledge Base

ISTE IoT Security Templates Extraction

Mx Month (where x defines a project month e.g. M10)

MVI Multi-Vendor Industry (Use Case)

NMRG Network Management Research Group

NOMS Network Operations and Management Symposium

PPP Public Private Partnership

PU Public

R Report

RAMI Reference Architectural Model Industrie

RE Restricted to a group specified by the consortium (including Commission Services)

SDOs Standards Development Organizations

TL Task Leader

WP Work Package

WPL Work Package Leader

WPS Work Package Structure

Page | 8




1 Introduction 1.1 Participants and Objectives This task concerns the preparation and provision of SecureIoT project contributions to standards development organizations (SDOs) such as the Industrial Internet Consortium1 (IIC), International Organization of Standardization2 (ISO), as well as to European Union (EU) clusters and associations such as the Alliance for Internet of Things Innovation3 (AIOTI), the Big Data Value Association4 (BDVA) and the CyberSecurity proposal for a Public-Private Partnership5 (cPPP). The previous results of Work Packages 2 to 7 form the basis of the presentations to the SDOs, which are shown in Figure 1 below.

Figure 1: Relation between deliverable D8.4 and the other Work Packages

As part of the task, the project will be regularly presented in the meetings of these organisations, where the project results will be presented with particular emphasis on the adoption and implementation of existing standards by the project, but also on the SecureIoT-based extensions and further developments of these standards.

1 https://www.iiconsortium.org 2 https://www.iso.org 3 https://aioti.eu 4 http://www.bdva.eu 5 https://ecs-org.eu/cppp

https://www.iiconsortium.org/

https://www.iso.org/home.html

https://aioti.eu/

http://www.bdva.eu/

https://ecs-org.eu/cppp

Page | 9




As another part of the task, the partners will prepare presentations on the contributions of the project as well as contributions to documents and results of the various associations and SDOs. The work will be divided as follows:

• FUJITSU: participation and collaboration in most of the listed standards and associations. Representation of projects in SDOs through other partners:

• ATOS: ECSO, BDVA. • AIT: AIOTI • INTRASOFT: BDVA • ITSOWL: Industry4.0 • SIEMENS: IIC • INRIA: Internet Research Task Force (IRTF) – Network Management Group6

(NMRG) This deliverable presents a report on the respective activities in the Associations/SDOs.

Documentation of the activities and contents follows.

1.2 Document Structure This rest of the deliverable is structured as follows:

Chapter 2: Contributions in Clusters and Associations

Chapter 3: Standardization Activities

Chapter 4: Summary

Chapter 5: Conclusion and Next Steps

Appendix: Images from events where SecureIoT was represented

6 https://irtf.org/nmrg

https://irtf.org/nmrg

Page | 10




2 Contributions in Clusters and Associations 2.1 Contributions to the Cluster of IoT Security and Privacy Projects 2.1.1 Overview

SecureIoT is a member of the European Cluster of Horizon 2020 (H2020) IoT Security and Privacy

projects, where seven more projects (i.e. Brain-IoT (http://www.brain-iot.eu/), ENACT

(https://www.enact-project.eu/), CHARIOT (https://www.chariotproject.eu/), IoTCrawler

(https://iotcrawler.eu/), SemIoTics (https://www.semiotics-project.eu/), SerIoT (https://seriot-

project.eu/), and SOFIE (https://www.sofie-iot.eu/)) participate. These projects share common

research interests and conduct research in similar topics, notably topics related to IoT Security

and Privacy. This is the reason why the projects have decided to form a cluster (under the

supervision of the EC) in order to collaborate in research, transfer knowledge and share

experiences between each other, while at the same time collaborating in jointly disseminating

and communicating their results.

Figure 2: Overview of the eight EC projects that participate in the Cluster

SecureIoT has been actively participating in all activities of the Cluster, including the meetings

organized by the cluster, joint research activities such as the collaboration of the projects on risk

assessment, as well as joint dissemination activities.

Brain-IoT

ENACT

CHARIOT

IoTCrawler

SecureIoT

SemIoTics

SerIoT

SOFIE

Eight (8) EC Funded Projects

Successful in the H2020 IoT-03-2017 Call for Proposals “R&I on IoT integration and platforms”

Timeframe: 01/01/2018-31/12/2020 (36 months)

Focal Area: Solutions for Federation, Interoperability, Security and Privacy

Total Budget ~ 37.000.000 EUR (IoT-03-2017 Call Budget)

Page | 11




Figure 3: Overview of Collaboration Areas for the projects of the Cluster

2.1.2 Participation in Meetings SecureIoT has been participating in Face-to-Face meeting and teleconferences of the cluster,

where the planning of cluster activities was discussed. An overview of these meetings is provided

in the following table:

Table 1: Meetings and Teleonferences of the Cluster

Date Location Discussion

Theme

Decisions and Follow up

March 21st

2018

Brussels, Belgium Establishment of

the Cluster and

Initial Plan

Plan for dissemination activities

including participation of

projects in the IoT Week 2018 in

Bilbao

August 30th

2018

N/A (Teleconference) Definition of

Joint Research

and

Dissemination

Activities

Initial exchange of information

between the projects in the

form of documents and

deliverables

Joint Standardization Efforts

• Specify/Standardize Common Tools for risk assessment and threat analysis

• Explore existing standards in lifecycle management for security and trust

Knowledge & Experience Sharing

• Blockchain & DLT Deployment, Operation and Use

• Joint “Thematic” workshops on Blockchain

IoT Platforms Interoperability and Integration

• Emphasis on Data-Driven Security Monitoring

• Streamlining with other EU Efforts (e.g., IoT-EPI)

Joint Dissemination and Policy Contributions

• Common workshops and conferences – Joint participation in exhibitions

• Collaborative contributions to policies (e.g., GDPR compliance, inputs to ECSO)

Page | 12




September

19th 2018

Brussels, Belgium BDVA-EU

Robotics

workshop - Data

for AI workshop -

Presentation of the IIoT Security

with connection of AI

December

13th 2018

Brussels, Belgium Presentations of

individual

projects in areas

like blockchain,

threat analysis,

risk assessment,

lifecycle

management

Follow up on joint research,

dissemination and

standardization activities

March 14th

2019

N/A (Teleconference) Follow up of

action points set

in December

meeting and

tracking of

progress

Planning of a next wave of joint

dissemination activities;

definition of milestones and

outputs for other collaboration

areas (e.g., Blockchain/DLT, risk

assessment)

May

14th/15th

2019

Berlin, Germany

Panel discussion with

AIOTI Working Group

11 – Smart

Manufacturing,(WG11),

IIC, and participants

from Japan and China

International

Conference on

Cyber Security in

Industry 4.0:

"Securing Global

Industrial Value

Networks -

synchronizing

international

approaches"

The Federal Ministry of

Economics and Energy and the

Platform Industry 4.0 brought

together some 140 international

decision-makers from business

and politics. At the conference

the participants discussed IIoT

security in industrial production

from a political, regulatory and

technical point of view as well as

for a common approach of the

international partners.

In addition to these meetings, the projects held bi-lateral discussions in the scope of events like

the 2018 edition of the IoT Week in Bilbao, Spain and the 2019 edition of the IoT Week in Aarhus,

Denmark (see also Table 3) [1].

2.1.3 Representation of the Cluster of Projects

SecureIoT represented the cluster during the ETSI IoT Week 2018 [2], where a presentation of

the cluster of projects was given. In particular, SecureIoT presented an overview of the cluster

(including information about each one of the participating projects) in the scope of a workshop

titled: “Challenging IoT Security & Privacy Workshop”. The title of the presentation was:

Page | 13




“Overview and Accomplishment of the H2020 IoT Security/Privacy Cluster Projects”

(https://docbox.etsi.org/Workshop/2018/201810_IoTWEEK/01_IoTSECURITY_PRIVACY/SESSIO

N01/ATHENSINFORMATIONTECHNOLOGY_SOLDATOS.pdf). It was held on October 22nd, 2018, at

ETSI premises, Sophia Antipolis, France.

SecureIoT was in charge of creating and delivering the presentation, following relevant discussion

and consultation with the rest cluster partners. The presentation is publicly available through

SlideShare [3].

2.1.4 Coordination of the Risk Assessment Activity

Several of the projects of the cluster have activities that involve IoT security risk assessment and

management. The cluster projects initiated a task of sharing information about their risk

management/assessment related activities, including approaches for asset and risk modelling,

consolidation of threat & risk models, risk scoring, risk visualization and more. As part of this task,

SecureIoT led the process of collecting relevant information about the projects and creating an

overview presentation consolidating the different approaches. To this end, SecureIoT

communicated with all projects and collected information in the form of papers and deliverables.

The latter information was analyzed in order to create the consolidated presentation. The

following table illustrates one of the outcomes of the consolidation, which depicts a clustering of

the work areas of the different projects.

Table 2: Initial Mapping of the Activities of the Cluster’s Projects Risk Assessment Work in Different Activities associated with IoT Security Risk Assessment

RA Area / Project Brain-IoT IoTCrawler SecureIoT CHARIOT ENACT SerIoT

Asset Modelling X X X X X X

Threat Modelling X X X X X X

Threat Databases &Knowledge Bases

X X X

Threats & Assets Mapping X X

Data Analytics & AI for Risk Assessment

X

Risk Driven Security Requirements

X X

Risk Simulation & Calculation X

Risk Visualization X X

Risk Mitigation X

Specification of IoT Threats for Search and Crawling

X

https://docbox.etsi.org/Workshop/2018/201810_IoTWEEK/01_IoTSECURITY_PRIVACY/SESSION01/ATHENSINFORMATIONTECHNOLOGY_SOLDATOS.pdf

https://docbox.etsi.org/Workshop/2018/201810_IoTWEEK/01_IoTSECURITY_PRIVACY/SESSION01/ATHENSINFORMATIONTECHNOLOGY_SOLDATOS.pdf

Page | 14




Note that the SecureIoT proposed also a list of joint follow up activities such as the organization

of a joint workshop on risk assessment and the creation of a relevant whitepaper that shall

provide an overview of the different approaches, including their innovative points and their

overlaps. SecureIoT plans to lead these follow up activities.

2.1.5 Participation in Events organized by the Cluster SecureIoT has also responded positively in invitation to participate to dissemination activities

organized by other projects of the cluster. As a prominent example, a set of presentations on

Blockchain Technology and Industry 4.0 have been given by the project during the IoT Week of

2018 and 2019 [1].

Table 3: Events organized by the Cluster

Date Location Event Presentation

June 6th

2018

Bilbao, Spain IoT Week 2018 Industry 4.0 Session, Predictive

Cybersecurity Solutions for Industrial

IoT Applications, The SecureIoT

Approach

June 19th

2019

Aarhus,

Denmark

IoT Week 2019 Industry 4.0 Session, Scalable and

Configurable End-to-End Collection

and Analysis of IoT Security Data,

Towards End-to-End Security in IoT

Systems

2.2 Contributions to Alliance for IoT Innovation (AIOTI) 2.2.1 Contribution to AIOTI WG11

As part of its leadership of the WG11 Smart Manufacturing Industry working group, FUJITSU has

taken on the task of driving forward the requirements for secure interoperable communication

across companies.

This was supported both in the course of chairing the steering board and in the working group

(until March 2019).

• FUJITSU leadership role (up to March 2019) and organization of Industry 4.0 Session during

IoT Week 2018 in Bilbao and 2019 in Aarhus

• SecureIoT contributing to the agenda of the cluster, by providing inputs to the new WG leader

(Tecnalia, https://www.tecnalia.com/en/).

2.2.2 Organization of Industry 4.0 Session during IoT Week 2018, Bilbao, Spain

The figures below are indicative of the session content.

Page | 15




Figure 4: Challenges for the global Value Chain at the IoT Week 2018, Bilbao

Figure 5: The Mission of SecureIoT at the IoT Week 2018, Bilbao

Page | 16




2.2.3 Organization of Industry 4.0 Session during IoT Week 2019, Aarhus, Denmark

The figures below are indicative of the session content.

Figure 6: SecureIoT at a Glance at the IoT Week 2019, Aarhus

Figure 7: The Security Data Collection Infrastructure of SecureIoT at the IoT Week 2019, Aarhus

Page | 17




3 Standardization Activities and Participation in

Associations

3.1 Overview The consortium partners have collaborated at various levels in standardization committees in

order to contribute the findings from the SecureIoT project as shown in the following table.

Table 4: Activities in the area of standardization

Date Location,

Organization

Event, Theme Document, Result, Link when available

2018 Taipei, Taiwan NMRG 47th

meeting, co-located

with IEEE NOMS

2018

Analytics and security monitoring

2018 ETSI, Sophia

Antipolis,

France

Next Generation

Protocol (NGP)

NGP-006 Intelligence-Defined Network

Architecture leveraging machine learning for

operating networks

2018 ETSI,

Den Hague,

Netherlands

New Internet Forum

at SDN NFV Forum

Managing the Security of IoT Devices out of

your control [4]

2018 Plattform

Industrie 4.0

(PI40), Berlin,

Germany

Workgroup 3,

Security (ongoing

process)

Access Control for Industrie 4.0, ABAC,

XACML Profiling for I40 [5]

2018,

2019

Standardisation

Council

Industrie 4.0

(SCI 4.0),

Frankfurt,

Germany

Draft requirements

(in progress 2018-,

2020)

Industrie 4.0 Vocabulary for interoperable

attribution of Access Control [5]

Define Structured Attributes to specify,

characterize, and capture access control

information to improve consistency,

efficiency, interoperability and semantic

understanding of the overall situation.

2018 Industrial

Internet

Working Group Managing and Assessing Trustworthiness for

Industrial IoT in Practice [6]

Page | 18




Consortium

(IIC), USA

The complex process of developing an

overarching understanding of

trustworthiness is to be improved through

intensive collaboration and to have an

impact on the new better orientation of

future implementations of systems and

products

2018 Alliance for

Internet of

Things

Innovation

(AIOTI )

WG11, Smart

Manufacturing

Industry

Integration of IIoT Security Requirements for

I40 into the work programme of WG11 [7]

The aim is to develop measures for the

implementation of IIoT for a better

understanding of industrial security.

2019 Participation

on Boost 4.0

project

Hannover Fair 2019 Via BDVA, a major driver of the project, the

it'sOWL use case was presented; creation of

a secure and common European Industrial

Data Space and Big data for factories:

application and deployment of machine

learning methods for predictive

maintenance

Further details follow, sorted by partners:

3.2 FUJITSU In the area of Industrial IoT, access control (e.g. via ABAC) and policy description and enforcement

(e.g. via XACML7) are currently of great importance and are also changing the ecosystem of

secure cross-company communication. In the area of the German "Plattform Industrie 4.0"

(PI40), work in connection with the RAMI8 reference model is carried out continuously. FUJITSU

actively (as Working Group Leader in WG 3, Security) contributes insights and results from the

SecureIoT project at working level.

Furthermore, the results of SecureIoT were presented and discussed in the WG11 of AIOTI, in

meetings with the BDVA, with the Federal Ministry of Economics9 (BMWi), and with the

Standardization Council of Industry 4.0. The BMWi was particularly interested, for example, in

DWF's legal view. Also, in the cooperation of PI40 with Japan for the secure cross-company

7 http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html 8 https://www.plattform-i40.de/PI40/Redaktion/EN/Downloads/Publikation/rami40-an-introduction.html 9 https://www.bmwi.de

http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html

https://www.plattform-i40.de/PI40/Redaktion/EN/Downloads/Publikation/rami40-an-introduction.html

https://www.bmwi.de/

Page | 19




communication of industry 4.0 there are significant overlaps regarding the results from the MVI

Use Case of the SecureIoT project.

FUJITSU has been working with the following associations and stakeholders since the beginning

of the project:

• Platform Industry 4.0 (PI40), here an intensive cooperation with Working Group 3

(Security) takes place.

• Standardization Council Industrie 4.0 (SCI40), Here, the requirements for ABAC and

XACML for Industry 4.0 are prepared in order to enable a future cross-company and

transnational trust infrastructure.

• Federal Ministry of Economics and Energy (BMWi), on international cooperation with

Japan and China at G20 level, in particular standards and policies are at stake here

• Alliance for Internet of Things Innovation (AIOTI), IIoT for Industry 4.0 and Next

Generation Internet (NGI)

• Industrial Internet Consortium (IIC), collaboration and cross-referencing on

trustworthiness and compliance

• Big Data Value Association (BDVA), discussions on AI for industry 4.0

3.3 ATOS ATOS participates actively in the European Cyber Security Organization10 (ECSO) in different

working groups due to its large expertise. Regarding standardization for the securitization of the

IoT domain, ATOS contributes to WG111 (standardization, certification, labelling and supply chain

management) and WG312 (sectoral demand). ATOS is working and plans to continue for the

duration of the project, in contributing with the expertise and feedback of SecureIoT in different

areas (e.g. exchange of information of connected vehicles) for reports on standardization

activities in the vertical area of IoT and certification mechanisms. The information provided by

ECSO will be analyzed in order to identify ways to benefit SecureIoT of standards mechanisms

and formats while also discussing more advancements using the feedback of the work in

SecureIoT.

Since 2014, ATOS is a founding member of the Big Data Value Association (BDVA), assuming the

roles of Vice-presidency and Deputy Secretary-general. Therefore, the knowledge acquired by

ATOS within SecureIoT, especially in the connected and autonomous vehicle scenarios, is being

shared through the activities of the association. In this line, by the end of the project, ATOS will

10 https://ecs-org.eu 11 https://ecs-org.eu/working-groups/wg1-standardisation-certification-labelling-and-supply-chain-management 12 https://ecs-org.eu/working-groups/wg3-sectoral-demand

https://ecs-org.eu/

https://ecs-org.eu/working-groups/wg1-standardisation-certification-labelling-and-supply-chain-management

https://ecs-org.eu/working-groups/wg3-sectoral-demand

Page | 20




present the results of SecureIoT in some of the events sponsored by the BDVA, e.g., BDV PPP

Summit13 or European Big Data Value Forum14 (EBDVF).

3.4 INTRASOFT INTRASOFT is a BDVA member and in the 2nd half of the project will present SecureIoT’s

predictive analytics at BDVA events such as EBDVF and BDVA summit. INTRASOFT will also

consider organizing a related session in these events to have a broader exchange of views on the

use of big data techniques in the IoT security domain and particularities/needs raised by the

collection and processing of security data.

3.5 ITSOWL it's OWL is an established technology network in the field of intelligent technical systems. Our

200 partners work on topics such as artificial intelligence, digital platforms or digital twins. In

addition, it's OWL engages in the following activities:

• Exclusive events for partners in the network:

o Topics such as machine learning, cyber security, assistance systems etc.

o partners receive information on current national and international projects and

their results

• Platform Industry 4.0 (it's OWL is partner of the transfer network)

• Regular exchanges on digitization issues at EU level

• Participation in the Boost 4.0 EU project, which is complementary to SecureIoT in terms

of the MVI use-case

o Creation of a secure and common European Industrial Data Space

o Big data for factories: application and deployment of machine learning methods

for predictive maintenance

o BDVA as a major driver of the project: Thomas Hahn (BDVA president) presents

it's OWL use case as a best practice at Hannover Fair 2019

3.6 INRIA INRIA is actively involved into the IRTF NMRG (Network Management Research Group) where the

topic of the use of artificial intelligence for network operations including security has recently

emerged. While it is not yet at the agenda of the group, several people have actively started to

launch discussions and presentations for identifying a joint plan. J. François is particularly

involved in this initiative and regularly participated to the meetings of NMRG. Notably, we can

13 https://www.big-data-value.eu/ppp-summit-2019 14 https://www.european-big-data-value-forum.eu

https://www.big-data-value.eu/ppp-summit-2019/

https://www.european-big-data-value-forum.eu/

Page | 21




cite his presentation at NMRG 47th meeting, co-located with IEEE NOMS 2018, Taipei, Taiwan15,

which was entitled Analytics and security monitoring.

He has been recently appointed as the new co-chair of the group in order to foster the AI topic

in this group while refining its agenda accordingly.

In addition, INRIA is also involved at ETSI in two industry groups. First, in the Next Generation

Protocol16 group (NGP), INRIA contributed to the document NGP-006 Intelligence-Defined

Network that promotes an architecture leveraging machine learning for operating networks.

Recently, INRIA joined the Experiential Network Intelligence17 (ENI) group to pursue this

direction.

Through these activities, J. François (INRIA) was invited as a speaker at ETSI New Internet Forum

at SDN NFV Forum, The Hague, Netherlands, October 2018.

15 https://noms2018.ieee-noms.org 16 https://www.etsi.org/technologies/next-generation-protocols 17 https://www.etsi.org/technologies/experiential-networked-intelligence

https://noms2018.ieee-noms.org/

https://www.etsi.org/technologies/next-generation-protocols

https://www.etsi.org/technologies/experiential-networked-intelligence

Page | 22




4 Summary In this Deliverable D8.4 it was shown how SecureIoT, as a member of the European Cluster of the

eight H2020 IoT security and data protection projects, fits in with the content and which focal

points are pursued.

The common research interests and complementary goals of IoT security and data protection are

pursued. In addition, the transfer of knowledge is of course very important, both within the

cluster, but especially with other organizations, which are now active in the industrial policy area,

research or Standardisation.

The following key activities have been carried out in the last 18 months

• Project’s participation in SDO and associations’ activities

On the one hand the participation in presence and teleconferences, the presentation of

project contents, but to a greater extent also to deal with the community, but also to

reach industry associations and platforms, in order to make a stronger awareness with

the users and developers of industrial processes, plants and systems understandable.

• Project’s contributions to standards

Of course, international agreement on uniform policy requirements and technical

standards is essential. In those cases where it has not yet been possible to achieve this

uniformity of IIoT security understanding, for example because geopolitical differences

currently prohibit this or because other social norms or economic requirements exist, it

has become apparent that further urgent measures are needed to promote a holistic

understanding of IIoT security for the benefit of all. To this end, the SecureIoT project

involves intensive cooperation with international and European bodies.

At the same time, we note that there is still room for improvement among the partners in the

project and that intensification is advisable in order to improve the scattering effect of the

project. In any case, this task will continue to occupy the project over the next 18 months.

Page | 23




5 Conclusion and Next Steps It became apparent that the next steps must be to intensify the participation of further project partners and to sharpen the contours of SecureIoT compared to the other projects of the H2020 cluster. Another gap that has arisen, for example, in the context of cooperation with non-EU Security Specialists on trust levels and trustworthiness is the differing willingness there to recognize European data protection requirements as protection goals or to support corresponding protection profiles and guidelines. The statements of the SecureIoT project regarding these legal project objectives are sometimes met with restraint by the audience mentioned above. Apart from that, it turned out during the cooperation and coordination with other organizations that all still seem to be very far away from the optimization of technical transformations, e.g. from legal requirements of the EU, where AI support does not help much at the moment. Thus, the manual effort for the description of legal guidelines and rules is correspondingly high. Discussions with other projects have shown the same level of knowledge so far. This probably also applies to governance issues of our project in the international environment of third countries. We will continue to report on these challenges and coordinate with other committees and organizations.

Page | 24




References

[1] IoT Week Bilbao, Aarhus: https://iotweek.org/, 2018, 2019

[2] ETSI IoT Week: https://secureiot.eu/ETSI-IoT-Week-2018, 2018

[3] Soldatos, J.: https://www.slideshare.net/jsoldat/soldatos-

clusterh2020securityprojectsetsinice221018v-final, 2018

[4] SDN NFV Forum: https://www.youtube.com/watch?v=XeMUfs36PZ4, 2018

[5] Plattform Industrie 4.0, Areas of Action: Security: https://www.plattform-

i40.de/PI40/Navigation/EN/Industrie40/AreasofAction/Security/security.html,

2019

[6] Hirsch, F.; Morrish, J.; Ginter, A.; Molina, J.; Zarkout, B., Buchheit, M., Durand, J.;

Neises, J.; Walloschke, T.: “Managing and Assessing Trustworthiness for Industrial

IoT in Practice” (to be published by IIC), 2019

[7] AIOTI: https://aioti.eu/resources/, 2018

https://iotweek.org/

https://secureiot.eu/ETSI-IoT-Week-2018

https://www.slideshare.net/jsoldat/soldatos-clusterh2020securityprojectsetsinice221018v-final

https://www.slideshare.net/jsoldat/soldatos-clusterh2020securityprojectsetsinice221018v-final

https://www.youtube.com/watch?v=XeMUfs36PZ4

https://www.plattform-i40.de/PI40/Navigation/EN/Industrie40/AreasofAction/Security/security.html

https://www.plattform-i40.de/PI40/Navigation/EN/Industrie40/AreasofAction/Security/security.html

https://aioti.eu/resources/

Page | 25




Appendix Below some pictures document the presentations at the IoT Week 2018 and 2019 together with

some participants.

IoT Week 2018, Bilbao – Workshop organized by AIOTI WG11 At IoT Week 2018, SecureIoT was explained as part of the Industry Cluster in addition to industry

presentations.

Figure 8: Predictive Cybersecurity Solutions for Industrial IoT Applications

Figure 9: The MVI Cluster, discussion before SecureIoT presentation

Page | 26




Figure 10: SecureIoT presentation during the workshop (Jürgen Neises, Thomas Walloschke)

Figure 11: AIOTI guest (r) from RRI (Japan) after SecureIoT presentation

Page | 27




IoT Week 2019, Aarhus – Presentation organized by AIOTI WG11 At the IoT Week in Aarhus SecureIoT was explained to the participants under the data aspect.

Interestingly, various IoT specific security issues were new to many participants and left room

for discussion.

Figure 12: Scalable and Configurable End-to-End Collection and Analysis of IoT Security Data

Figure 13: Presentation (Jürgen Neises)

Page | 28




SDN NFV World Congress 2018 - Layer 123 J. François (INRIA) was invited as a speaker at ETSI New Internet Forum at SDN NFV Forum, The

Hague, Netherlands, October 2018.

Figure 14: Jerome Francois, Research Scientist, INRIA at the Layer123

Documents

DELIVERABLE D8.4 - Standardization Activities and ...secureiot.eu/D8.4.pdf · Innovation (AIOTI), Big Data Value Association (BDVA), Plattform Industrie 4.0, European Telecommunications