Future-ProofSecurity & Privacy in IoT

From State of Play, To State of The Art

ETSI Security Week 2018DAY 2 / WRAP UP & SOME OBSERVATIONS

Challenges &

Opportunities

A. Commission: Compared to last years, industry is not making progress. No industry-led improvements in the markets regarding security. IoT needs to be made human-centric; one of the key elements is to make it understandable and familiar to users.

B. ANEC: Many consumer products do not have any security and privacy features,even though these become more and more cyber-physical. These products howeverare still on the EU market. There is no appropriate, mandatory legal framework toget and keep these insecure, high-impact/-risk products and services out.

C. GSMA: Mobile operators are in a great position. Baseline on connectivity is there.However, no IoT baseline, yet. More focus on applications and ROI.

Challenges & Opportunities in Security in IoT

A. Huawei: Security in IoT is complex but important. Context is everything. ByDesign and By Default pre-requisites.

B. Schneider Electric: Also in Industry 4.0 and critical infrastructure it is abouttrustworthiness. A risk-based approach is preferred. Collaboration and educationare a need to have.

C. Symantec: The attack surface of IoT is even bigger than we currently have. Both-ways & all-the-way, end to end attack scenarios, at least including all technicallayers in IoT ecosystems are prerequisites to make security in IoT Future-Proof.

Challenges & Opportunities in Security in IoT

A. NXP: Focus on Life Cycle Management of cyber-physical products,systems and services are pre-requisite. From micro-controller all the way tothe customer, and its current and future end-users. Collaboration andaccountability in security therefore are need to haves.

B. TIM: Address IoT Security from ecosystem perspective, not just one pieceof the puzzle in splendid isolation. Focus on giving control to IoTcustomers.

Challenges & Opportunities in Security in IoT

A. CEN/CENELEC: Fragmentation. No Borders. Beyond the mapping exercises. Who picks up what?How to get to relevant standards?

B. ENISA: What’s out there? Landscaping mapping, against IoT baseline requirements published inNovember 2017. Link standards together. Fragmentation is a challenge, and an opportunity. Time to buildawareness, capacities and capabilities.

C. ETSI TC CYBER: Fragmentation, diversity, orchestration. Leadership is prerequisite.D. AIOTI: State of the Art IoT Security baselines, dynamic frameworks and continuous dynamic assurance

it the next generation to address security in IoT & privacy in IoT.E. Industry Platform 4.0: Security incidents add to EUR55B cost in an EUR240B market. Reference

architecture made. Almost half result from insider threats or other incidents.F. OneM2M Security: Gaps because of IoT need to be identified and need to be filled.G. IoTSF: Take up of IoT Security frameworks/best practices now priority. Customer have the right to

expect security by design and by default.H. TCG: Stepping up to the plate, with enriching existing frameworks/best practices with IoT specifics.I. IIC: Time to translate the best practises to engineers, developers, to code. Both bottom-up and top-down.

What Are The Plans In Standardisation? The Pros & Cons of Fragmentation. Some Keywords:

Stand-Alone Standard &

Collaborative Approach

FragmentationAs a Problem

or As part of the Solution

Voluntary And/Or

Mandatory

X By (Re)Designin Plendid Isolation?

Interconnected Vessels

All rights reserved, Arthur’s Legal B.V.

Vertical& H

orizontalValue Chains

Vert

ical

s

Horizontals

Hyperconnected, accountable Smart Society Value Chain towards the Customer: x2x

Digital Services

Data

Software

Devices

Infra &Networks

MU

NIC

IPA

LIT

IES

PAR

KIN

G

PUB

LIC

TR

AN

SPO

RTA

TIO

N

EV

CH

AR

GIN

G

All rights reserved, Arthur’s Legal B.V.

You are here:

Upstream #Data Up, Mid & Downstream

#AlgorithmUp&Downstream#CodeUp&Downstream

You are here:

Midstream#Data Up, Mid & Downstream

#AlgorithmUp&Downstream#CodeUp&Downstream

You are here:

Downstream#Data Up, Mid & Downstream

#AlgorithmUp&Downstream#CodeUp&Downstream

Man & Technology Symbiosis: Hyperconnectivity!

Legal NoticesAll rights reserved, Arthur’s Legal B.V. The content of this document is provided ‘as-is’ and for general information purposes only; itdoes not constitute strategic, legal or any other professional advice. The content or parts thereof may not be complete, accurate or upto date. Notwithstanding anything contained in this document, Arthur’s Legal B.V. and the Institute for Future of Living disclaimresponsibility (including where Arthur’s Legal B.V., the Institute for Future of Living or any of its officers, employees or contractorshave been negligent) for any direct or indirect loss, damage, claim, or liability any person, company, organisation or other entity or bodymay incur as a result, this to the maximum extent permitted by law.