This document is part of a project that has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 779899. It is the property of the SecureIoT consortium and shall not be distributed or reproduced without the formal approval of the SecureIoT Management Committee. The content of this report reflects only the authors’ view. The Innovation and Networks Executive Agency (INEA) is not responsible for any use that may be made of the information it contains. Project Acronym: SecureIoT Grant Agreement number: 779899 (H2020-IoT03-2017 - RIA) Project Full Title: Predictive Security for IoT Platforms and Networks of Smart Objects DELIVERABLE D8.4 - Standardization Activities and Participation in Associations_First version Deliverable Number D8.4 Deliverable Name Standardization Activities and Participation in Associations_First version Dissemination level Public Type of Document Report Contractual date of delivery 30/06/2019 Deliverable Leader FUJITSU Status & version 1.0 - Final WP / Task responsible WP8 (INTRASOFT) / T8.2 (FUJITSU) Keywords: Standardization Activities, Associations Abstract (few lines): SecureIoT as a member of the European Cluster of the eight IoT security and data protection H2020 projects participates with project contributions in events of standardization organizations (SDOs) and presents results from 2018 and 2019. These refer to standards, participation in face-to-face and telephone conferences, and project contributions to standards. The results are summarised in this document. Deliverable Leader: Thomas Walloschke (FUJITSU), Jürgen Neises (FUJITSU) Contributors: INTRASOFT, ATOS, IDIADA, INRIA, AIT, ITSOWL, SIEMENS Reviewers: John Soldatos (INTRASOFT), George Moldovan (SIEMENS) Approved by: Stylianos Georgoulas (INTRASOFT) Ref. Ares(2019)4507996 - 12/07/2019
28
Embed
DELIVERABLE D8.4 - Standardization Activities and ...secureiot.eu/D8.4.pdf · Innovation (AIOTI), Big Data Value Association (BDVA), Plattform Industrie 4.0, European Telecommunications
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
This document is part of a project that has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 779899. It is the property of the SecureIoT consortium and shall not be distributed or reproduced without the formal approval of the SecureIoT Management Committee. The content of this report reflects only the authors’ view. The Innovation and Networks Executive Agency (INEA) is not responsible for any use that may be made of the information it contains.
Project Acronym: SecureIoT
Grant Agreement number: 779899 (H2020-IoT03-2017 - RIA)
Project Full Title: Predictive Security for IoT Platforms and Networks of Smart
Objects
DELIVERABLE D8.4 - Standardization Activities
and Participation in Associations_First version Deliverable Number D8.4 Deliverable Name Standardization Activities and Participation
in Associations_First version Dissemination level Public
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
Table of Figures FIGURE 1: RELATION BETWEEN DELIVERABLE D8.4 AND THE OTHER WORK PACKAGES ..................................................................... 8 FIGURE 2: OVERVIEW OF THE EIGHT EC PROJECTS THAT PARTICIPATE IN THE CLUSTER .................................................................... 10 FIGURE 3: OVERVIEW OF COLLABORATION AREAS FOR THE PROJECTS OF THE CLUSTER ................................................................... 11 FIGURE 4: CHALLENGES FOR THE GLOBAL VALUE CHAIN AT THE IOT WEEK 2018, BILBAO .............................................................. 15 FIGURE 5: THE MISSION OF SECUREIOT AT THE IOT WEEK 2018, BILBAO ................................................................................... 15 FIGURE 6: SECUREIOT AT A GLANCE AT THE IOT WEEK 2019, AARHUS ...................................................................................... 16 FIGURE 7: THE SECURITY DATA COLLECTION INFRASTRUCTURE OF SECUREIOT AT THE IOT WEEK 2019, AARHUS ............................... 16 FIGURE 8: PREDICTIVE CYBERSECURITY SOLUTIONS FOR INDUSTRIAL IOT APPLICATIONS ................................................................. 25 FIGURE 9: THE MVI CLUSTER, DISCUSSION BEFORE SECUREIOT PRESENTATION ............................................................................ 25 FIGURE 10: SECUREIOT PRESENTATION DURING THE WORKSHOP (JÜRGEN NEISES, THOMAS WALLOSCHKE) ...................................... 26 FIGURE 11: AIOTI GUEST (R) FROM RRI (JAPAN) AFTER SECUREIOT PRESENTATION ..................................................................... 26 FIGURE 12: SCALABLE AND CONFIGURABLE END-TO-END COLLECTION AND ANALYSIS OF IOT SECURITY DATA ................................... 27 FIGURE 13: PRESENTATION (JÜRGEN NEISES) ........................................................................................................................ 27 FIGURE 14: JEROME FRANCOIS, RESEARCH SCIENTIST, INRIA AT THE LAYER123 .......................................................................... 28
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
List of Tables TABLE 1: MEETINGS AND TELEONFERENCES OF THE CLUSTER .................................................................................................... 11 TABLE 2: INITIAL MAPPING OF THE ACTIVITIES OF THE CLUSTER’S PROJECTS RISK ASSESSMENT WORK IN DIFFERENT ACTIVITIES
ASSOCIATED WITH IOT SECURITY RISK ASSESSMENT ....................................................................................................... 13 TABLE 3: EVENTS ORGANIZED BY THE CLUSTER ....................................................................................................................... 14 TABLE 4: ACTIVITIES IN THE AREA OF STANDARDIZATION ........................................................................................................... 17
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
1 Introduction 1.1 Participants and Objectives This task concerns the preparation and provision of SecureIoT project contributions to standards development organizations (SDOs) such as the Industrial Internet Consortium1 (IIC), International Organization of Standardization2 (ISO), as well as to European Union (EU) clusters and associations such as the Alliance for Internet of Things Innovation3 (AIOTI), the Big Data Value Association4 (BDVA) and the CyberSecurity proposal for a Public-Private Partnership5 (cPPP). The previous results of Work Packages 2 to 7 form the basis of the presentations to the SDOs, which are shown in Figure 1 below.
Figure 1: Relation between deliverable D8.4 and the other Work Packages
As part of the task, the project will be regularly presented in the meetings of these organisations, where the project results will be presented with particular emphasis on the adoption and implementation of existing standards by the project, but also on the SecureIoT-based extensions and further developments of these standards.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
As another part of the task, the partners will prepare presentations on the contributions of the project as well as contributions to documents and results of the various associations and SDOs. The work will be divided as follows:
• FUJITSU: participation and collaboration in most of the listed standards and associations. Representation of projects in SDOs through other partners:
• ATOS: ECSO, BDVA. • AIT: AIOTI • INTRASOFT: BDVA • ITSOWL: Industry4.0 • SIEMENS: IIC • INRIA: Internet Research Task Force (IRTF) – Network Management Group6
(NMRG) This deliverable presents a report on the respective activities in the Associations/SDOs.
Documentation of the activities and contents follows.
1.2 Document Structure This rest of the deliverable is structured as follows:
Chapter 2: Contributions in Clusters and Associations
Chapter 3: Standardization Activities
Chapter 4: Summary
Chapter 5: Conclusion and Next Steps
Appendix: Images from events where SecureIoT was represented
N01/ATHENSINFORMATIONTECHNOLOGY_SOLDATOS.pdf). It was held on October 22nd, 2018, at
ETSI premises, Sophia Antipolis, France.
SecureIoT was in charge of creating and delivering the presentation, following relevant discussion
and consultation with the rest cluster partners. The presentation is publicly available through
SlideShare [3].
2.1.4 Coordination of the Risk Assessment Activity
Several of the projects of the cluster have activities that involve IoT security risk assessment and
management. The cluster projects initiated a task of sharing information about their risk
management/assessment related activities, including approaches for asset and risk modelling,
consolidation of threat & risk models, risk scoring, risk visualization and more. As part of this task,
SecureIoT led the process of collecting relevant information about the projects and creating an
overview presentation consolidating the different approaches. To this end, SecureIoT
communicated with all projects and collected information in the form of papers and deliverables.
The latter information was analyzed in order to create the consolidated presentation. The
following table illustrates one of the outcomes of the consolidation, which depicts a clustering of
the work areas of the different projects.
Table 2: Initial Mapping of the Activities of the Cluster’s Projects Risk Assessment Work in Different Activities associated with IoT Security Risk Assessment
RA Area / Project Brain-IoT IoTCrawler SecureIoT CHARIOT ENACT SerIoT
Asset Modelling X X X X X X
Threat Modelling X X X X X X
Threat Databases &Knowledge Bases
X X X
Threats & Assets Mapping X X
Data Analytics & AI for Risk Assessment
X
Risk Driven Security Requirements
X X
Risk Simulation & Calculation X
Risk Visualization X X
Risk Mitigation X
Specification of IoT Threats for Search and Crawling
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
Note that the SecureIoT proposed also a list of joint follow up activities such as the organization
of a joint workshop on risk assessment and the creation of a relevant whitepaper that shall
provide an overview of the different approaches, including their innovative points and their
overlaps. SecureIoT plans to lead these follow up activities.
2.1.5 Participation in Events organized by the Cluster SecureIoT has also responded positively in invitation to participate to dissemination activities
organized by other projects of the cluster. As a prominent example, a set of presentations on
Blockchain Technology and Industry 4.0 have been given by the project during the IoT Week of
2018 and 2019 [1].
Table 3: Events organized by the Cluster
Date Location Event Presentation
June 6th
2018
Bilbao, Spain IoT Week 2018 Industry 4.0 Session, Predictive
Cybersecurity Solutions for Industrial
IoT Applications, The SecureIoT
Approach
June 19th
2019
Aarhus,
Denmark
IoT Week 2019 Industry 4.0 Session, Scalable and
Configurable End-to-End Collection
and Analysis of IoT Security Data,
Towards End-to-End Security in IoT
Systems
2.2 Contributions to Alliance for IoT Innovation (AIOTI) 2.2.1 Contribution to AIOTI WG11
As part of its leadership of the WG11 Smart Manufacturing Industry working group, FUJITSU has
taken on the task of driving forward the requirements for secure interoperable communication
across companies.
This was supported both in the course of chairing the steering board and in the working group
(until March 2019).
• FUJITSU leadership role (up to March 2019) and organization of Industry 4.0 Session during
IoT Week 2018 in Bilbao and 2019 in Aarhus
• SecureIoT contributing to the agenda of the cluster, by providing inputs to the new WG leader
(Tecnalia, https://www.tecnalia.com/en/).
2.2.2 Organization of Industry 4.0 Session during IoT Week 2018, Bilbao, Spain
The figures below are indicative of the session content.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
5 Conclusion and Next Steps It became apparent that the next steps must be to intensify the participation of further project partners and to sharpen the contours of SecureIoT compared to the other projects of the H2020 cluster. Another gap that has arisen, for example, in the context of cooperation with non-EU Security Specialists on trust levels and trustworthiness is the differing willingness there to recognize European data protection requirements as protection goals or to support corresponding protection profiles and guidelines. The statements of the SecureIoT project regarding these legal project objectives are sometimes met with restraint by the audience mentioned above. Apart from that, it turned out during the cooperation and coordination with other organizations that all still seem to be very far away from the optimization of technical transformations, e.g. from legal requirements of the EU, where AI support does not help much at the moment. Thus, the manual effort for the description of legal guidelines and rules is correspondingly high. Discussions with other projects have shown the same level of knowledge so far. This probably also applies to governance issues of our project in the international environment of third countries. We will continue to report on these challenges and coordinate with other committees and organizations.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
Appendix Below some pictures document the presentations at the IoT Week 2018 and 2019 together with
some participants.
IoT Week 2018, Bilbao – Workshop organized by AIOTI WG11 At IoT Week 2018, SecureIoT was explained as part of the Industry Cluster in addition to industry
presentations.
Figure 8: Predictive Cybersecurity Solutions for Industrial IoT Applications
Figure 9: The MVI Cluster, discussion before SecureIoT presentation
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
IoT Week 2019, Aarhus – Presentation organized by AIOTI WG11 At the IoT Week in Aarhus SecureIoT was explained to the participants under the data aspect.
Interestingly, various IoT specific security issues were new to many participants and left room
for discussion.
Figure 12: Scalable and Configurable End-to-End Collection and Analysis of IoT Security Data