deliverable d8.4 - standardization activities and ...secureiot.eu/d8.4.pdf · innovation (aioti),...
TRANSCRIPT
This document is part of a project that has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 779899. It is the property of the SecureIoT consortium and shall not be distributed or reproduced without the formal approval of the SecureIoT Management Committee. The content of this report reflects only the authors’ view. The Innovation and Networks Executive Agency (INEA) is not responsible for any use that may be made of the information it contains.
Project Acronym: SecureIoT
Grant Agreement number: 779899 (H2020-IoT03-2017 - RIA)
Project Full Title: Predictive Security for IoT Platforms and Networks of Smart
Objects
DELIVERABLE D8.4 - Standardization Activities
and Participation in Associations_First version Deliverable Number D8.4 Deliverable Name Standardization Activities and Participation
in Associations_First version Dissemination level Public
Type of Document Report
Contractual date of delivery 30/06/2019
Deliverable Leader FUJITSU
Status & version 1.0 - Final
WP / Task responsible WP8 (INTRASOFT) / T8.2 (FUJITSU)
Keywords: Standardization Activities, Associations
Abstract (few lines): SecureIoT as a member of the European Cluster of the eight IoT
security and data protection H2020 projects participates with
project contributions in events of standardization organizations
(SDOs) and presents results from 2018 and 2019. These refer to
standards, participation in face-to-face and telephone
conferences, and project contributions to standards. The results
are summarised in this document.
Deliverable Leader: Thomas Walloschke (FUJITSU), Jürgen Neises (FUJITSU)
Contributors: INTRASOFT, ATOS, IDIADA, INRIA, AIT, ITSOWL, SIEMENS
Reviewers: John Soldatos (INTRASOFT), George Moldovan (SIEMENS)
Approved by: Stylianos Georgoulas (INTRASOFT)
Ref. Ares(2019)4507996 - 12/07/2019
Page | 2
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
Executive Summary The SecureIoT project contributions of the last 18 months for standardization organizations
(Industrial Internet Consortium (IIC), International Organization for Standardization (ISO),
European Cluster of H2020 IoT Security and Privacy projects, Alliance for Internet of Things
Innovation (AIOTI), Big Data Value Association (BDVA), Plattform Industrie 4.0, European
Telecommunications Standards Institute (ETSI), etc.) are presented here.
The SecureIoT project results for 2018 and 2019 refer on the one hand to existing standards, but
at the same time also place new requirements on extensions and further developments of these
standards, which in turn must be incorporated into the standardization organizations (SDOs).
SecureIoT is presented as a member of the European Cluster of the eight IoT security and data
protection H2020 projects. Here, the transfer of knowledge between the projects plays an
important role, which is demonstrated by Deliverable D8.4.
The participation of the SecureIoT project in the activities of standards development
organisations and associations is explained: on the one hand participation in face-to-face and
telephone conferences, on the other hand project contributions to standards, as already
mentioned above.
In particular, these activities have been carried out by the project partners ATOS, AIT, INTRASOFT,
ITSOWL, SIEMENS and INRIA together with FUJITSU. More than sixteen important events were
organized as meetings, cluster events within the IoT Week 2018 and 2019 and for
standardization. The cooperation with the Industrial Internet Consortium (IIC), the Industry 4.0
platform, and the Japanese Robot Revolution Initiative (RRI) is worth mentioning.
The importance of the IIoT security requirements, to which this project is dedicated, became
again clear. Regularly the not yet everywhere existing security understanding for IIoT Security
requirements must be triggered.
The previous results of the Work Packages 2-7 form the basis of the presentations to the SDOs
and at the same time represent the input for Task 8.2.
In addition to constructive cooperation with the committees, there are also interest groups with
different views on our project objectives (e.g. safety experts from non-EU countries do not
necessarily follow the strongly EU-oriented project objectives or the safety requirements of
European industry and consider an overinterpretation to be dangerous and not economical).
The intensification of the cooperation with the SDOs is a permanent task in this project and will
be further promoted. Overall, SecureIoT is successfully integrated into the committee landscape.
Page | 3
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
Document History
Version Date Contributor(s) Description
0.1 05.06.2019 Thomas Walloschke
(FUJITSU) Initial Draft of D8.4
0.2 16.06.2019 John Soldatos (AIT)
Thomas Walloschke
Update
New chapter 2
0.3 17.06.2019 Jérôme François (Inria)
Thomas Walloschke Update of Standardization chapter 3
0.4 21.06.2019 Thomas Walloschke Prefinal version
chapters 3.3 – 3.6 to be updated
0.5 02.07.2019 Daniel Calvo (ATOS)
Thomas Walloschke Atos contribution, ITSOWL
0.6 04.07.2019 Thomas Walloschke Input from Intrasoft; Reformat
0.7 08.07.2019 Thomas Walloschke Preparation for INRIA, ATOS, ITSOWL
for finalization
0.8 09.07.2019 Thomas Walloschke Review
0.9 11.07.2019 Thomas Walloschke Adjustments
1.0 12.07.2019 Thomas Walloschke Final version
Page | 4
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
Table of Contents Executive Summary ......................................................................................................................... 2
Definitions, Acronyms and Abbreviations ...................................................................................... 7
1 Introduction ............................................................................................................................. 8
1.1 Participants and Objectives ................................................................................................... 8
1.2 Document Structure .............................................................................................................. 9
2 Contributions in Clusters and Associations ........................................................................... 10
2.1 Contributions to the Cluster of IoT Security and Privacy Projects ...................................... 10
2.1.1 Overview ................................................................................................................... 10
2.1.2 Participation in Meetings .......................................................................................... 11
2.1.3 Representation of the Cluster of Projects ................................................................ 12
2.1.4 Coordination of the Risk Assessment Activity .......................................................... 13
2.1.5 Participation in Events organized by the Cluster ...................................................... 14
2.2 Contributions to Alliance for IoT Innovation (AIOTI) .................................................... 14
2.2.1 Contribution to AIOTI WG11 ........................................................................................ 14
2.2.2 Organization of Industry 4.0 Session during IoT Week 2018, Bilbao, Spain ................ 14
2.2.3 Organization of Industry 4.0 Session during IoT Week 2019, Aarhus, Denmark ......... 16
3 Standardization Activities and Participation in Associations ................................................ 17
3.1 Overview ............................................................................................................................. 17
3.2 FUJITSU ................................................................................................................................ 18
3.3 ATOS .................................................................................................................................... 19
3.4 INTRASOFT ........................................................................................................................... 20
3.5 ITSOWL ................................................................................................................................ 20
3.6 INRIA .................................................................................................................................... 20
4 Summary ................................................................................................................................ 22
5 Conclusion and Next Steps .................................................................................................... 23
References .................................................................................................................................... 24
Appendix ....................................................................................................................................... 25
IoT Week 2018, Bilbao – Workshop organized by AIOTI WG11 ............................................... 25
IoT Week 2019, Aarhus – Presentation organized by AIOTI WG11 .......................................... 27
SDN NFV World Congress 2018 - Layer 123 .............................................................................. 28
Page | 5
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
Table of Figures FIGURE 1: RELATION BETWEEN DELIVERABLE D8.4 AND THE OTHER WORK PACKAGES ..................................................................... 8 FIGURE 2: OVERVIEW OF THE EIGHT EC PROJECTS THAT PARTICIPATE IN THE CLUSTER .................................................................... 10 FIGURE 3: OVERVIEW OF COLLABORATION AREAS FOR THE PROJECTS OF THE CLUSTER ................................................................... 11 FIGURE 4: CHALLENGES FOR THE GLOBAL VALUE CHAIN AT THE IOT WEEK 2018, BILBAO .............................................................. 15 FIGURE 5: THE MISSION OF SECUREIOT AT THE IOT WEEK 2018, BILBAO ................................................................................... 15 FIGURE 6: SECUREIOT AT A GLANCE AT THE IOT WEEK 2019, AARHUS ...................................................................................... 16 FIGURE 7: THE SECURITY DATA COLLECTION INFRASTRUCTURE OF SECUREIOT AT THE IOT WEEK 2019, AARHUS ............................... 16 FIGURE 8: PREDICTIVE CYBERSECURITY SOLUTIONS FOR INDUSTRIAL IOT APPLICATIONS ................................................................. 25 FIGURE 9: THE MVI CLUSTER, DISCUSSION BEFORE SECUREIOT PRESENTATION ............................................................................ 25 FIGURE 10: SECUREIOT PRESENTATION DURING THE WORKSHOP (JÜRGEN NEISES, THOMAS WALLOSCHKE) ...................................... 26 FIGURE 11: AIOTI GUEST (R) FROM RRI (JAPAN) AFTER SECUREIOT PRESENTATION ..................................................................... 26 FIGURE 12: SCALABLE AND CONFIGURABLE END-TO-END COLLECTION AND ANALYSIS OF IOT SECURITY DATA ................................... 27 FIGURE 13: PRESENTATION (JÜRGEN NEISES) ........................................................................................................................ 27 FIGURE 14: JEROME FRANCOIS, RESEARCH SCIENTIST, INRIA AT THE LAYER123 .......................................................................... 28
Page | 6
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
List of Tables TABLE 1: MEETINGS AND TELEONFERENCES OF THE CLUSTER .................................................................................................... 11 TABLE 2: INITIAL MAPPING OF THE ACTIVITIES OF THE CLUSTER’S PROJECTS RISK ASSESSMENT WORK IN DIFFERENT ACTIVITIES
ASSOCIATED WITH IOT SECURITY RISK ASSESSMENT ....................................................................................................... 13 TABLE 3: EVENTS ORGANIZED BY THE CLUSTER ....................................................................................................................... 14 TABLE 4: ACTIVITIES IN THE AREA OF STANDARDIZATION ........................................................................................................... 17
Page | 7
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
Definitions, Acronyms and Abbreviations Acronym Title
ABAC Attribute based access control
AI Artificial Intelligence
AIOTI Alliance for Internet of Things Innovation
BDVA Big Data Value Association
DLT Distributed Ledger Technology
DP Data processing
Dx Deliverable (where x defines the deliverable identification number e.g. D1.1.1)
ECSO European Cyber Security Organization
EBDVF European Big Data Value Forum
ETSI European Telecommunications Standards Institute
IEEE Institute of Electrical and Electronics Engineers
IIC Industrial Internet Consortium
IRTF Internet Research Task Force
ISO International Organization for Standardization
ISKB IoT Security Knowledge Base
ISTE IoT Security Templates Extraction
Mx Month (where x defines a project month e.g. M10)
MVI Multi-Vendor Industry (Use Case)
NMRG Network Management Research Group
NOMS Network Operations and Management Symposium
PPP Public Private Partnership
PU Public
R Report
RAMI Reference Architectural Model Industrie
RE Restricted to a group specified by the consortium (including Commission Services)
SDOs Standards Development Organizations
TL Task Leader
WP Work Package
WPL Work Package Leader
WPS Work Package Structure
Page | 8
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
1 Introduction 1.1 Participants and Objectives This task concerns the preparation and provision of SecureIoT project contributions to standards development organizations (SDOs) such as the Industrial Internet Consortium1 (IIC), International Organization of Standardization2 (ISO), as well as to European Union (EU) clusters and associations such as the Alliance for Internet of Things Innovation3 (AIOTI), the Big Data Value Association4 (BDVA) and the CyberSecurity proposal for a Public-Private Partnership5 (cPPP). The previous results of Work Packages 2 to 7 form the basis of the presentations to the SDOs, which are shown in Figure 1 below.
Figure 1: Relation between deliverable D8.4 and the other Work Packages
As part of the task, the project will be regularly presented in the meetings of these organisations, where the project results will be presented with particular emphasis on the adoption and implementation of existing standards by the project, but also on the SecureIoT-based extensions and further developments of these standards.
1 https://www.iiconsortium.org 2 https://www.iso.org 3 https://aioti.eu 4 http://www.bdva.eu 5 https://ecs-org.eu/cppp
Page | 9
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
As another part of the task, the partners will prepare presentations on the contributions of the project as well as contributions to documents and results of the various associations and SDOs. The work will be divided as follows:
• FUJITSU: participation and collaboration in most of the listed standards and associations. Representation of projects in SDOs through other partners:
• ATOS: ECSO, BDVA. • AIT: AIOTI • INTRASOFT: BDVA • ITSOWL: Industry4.0 • SIEMENS: IIC • INRIA: Internet Research Task Force (IRTF) – Network Management Group6
(NMRG) This deliverable presents a report on the respective activities in the Associations/SDOs.
Documentation of the activities and contents follows.
1.2 Document Structure This rest of the deliverable is structured as follows:
Chapter 2: Contributions in Clusters and Associations
Chapter 3: Standardization Activities
Chapter 4: Summary
Chapter 5: Conclusion and Next Steps
Appendix: Images from events where SecureIoT was represented
6 https://irtf.org/nmrg
Page | 10
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
2 Contributions in Clusters and Associations 2.1 Contributions to the Cluster of IoT Security and Privacy Projects 2.1.1 Overview
SecureIoT is a member of the European Cluster of Horizon 2020 (H2020) IoT Security and Privacy
projects, where seven more projects (i.e. Brain-IoT (http://www.brain-iot.eu/), ENACT
(https://www.enact-project.eu/), CHARIOT (https://www.chariotproject.eu/), IoTCrawler
(https://iotcrawler.eu/), SemIoTics (https://www.semiotics-project.eu/), SerIoT (https://seriot-
project.eu/), and SOFIE (https://www.sofie-iot.eu/)) participate. These projects share common
research interests and conduct research in similar topics, notably topics related to IoT Security
and Privacy. This is the reason why the projects have decided to form a cluster (under the
supervision of the EC) in order to collaborate in research, transfer knowledge and share
experiences between each other, while at the same time collaborating in jointly disseminating
and communicating their results.
Figure 2: Overview of the eight EC projects that participate in the Cluster
SecureIoT has been actively participating in all activities of the Cluster, including the meetings
organized by the cluster, joint research activities such as the collaboration of the projects on risk
assessment, as well as joint dissemination activities.
Brain-IoT
ENACT
CHARIOT
IoTCrawler
SecureIoT
SemIoTics
SerIoT
SOFIE
Eight (8) EC Funded Projects
Successful in the H2020 IoT-03-2017 Call for Proposals “R&I on IoT integration and platforms”
Timeframe: 01/01/2018-31/12/2020 (36 months)
Focal Area: Solutions for Federation, Interoperability, Security and Privacy
Total Budget ~ 37.000.000 EUR (IoT-03-2017 Call Budget)
Page | 11
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
Figure 3: Overview of Collaboration Areas for the projects of the Cluster
2.1.2 Participation in Meetings SecureIoT has been participating in Face-to-Face meeting and teleconferences of the cluster,
where the planning of cluster activities was discussed. An overview of these meetings is provided
in the following table:
Table 1: Meetings and Teleonferences of the Cluster
Date Location Discussion
Theme
Decisions and Follow up
March 21st
2018
Brussels, Belgium Establishment of
the Cluster and
Initial Plan
Plan for dissemination activities
including participation of
projects in the IoT Week 2018 in
Bilbao
August 30th
2018
N/A (Teleconference) Definition of
Joint Research
and
Dissemination
Activities
Initial exchange of information
between the projects in the
form of documents and
deliverables
Joint Standardization Efforts
• Specify/Standardize Common Tools for risk assessment and threat analysis
• Explore existing standards in lifecycle management for security and trust
Knowledge & Experience Sharing
• Blockchain & DLT Deployment, Operation and Use
• Joint “Thematic” workshops on Blockchain
IoT Platforms Interoperability and Integration
• Emphasis on Data-Driven Security Monitoring
• Streamlining with other EU Efforts (e.g., IoT-EPI)
Joint Dissemination and Policy Contributions
• Common workshops and conferences – Joint participation in exhibitions
• Collaborative contributions to policies (e.g., GDPR compliance, inputs to ECSO)
Page | 12
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
September
19th 2018
Brussels, Belgium BDVA-EU
Robotics
workshop - Data
for AI workshop -
Presentation of the IIoT Security
with connection of AI
December
13th 2018
Brussels, Belgium Presentations of
individual
projects in areas
like blockchain,
threat analysis,
risk assessment,
lifecycle
management
Follow up on joint research,
dissemination and
standardization activities
March 14th
2019
N/A (Teleconference) Follow up of
action points set
in December
meeting and
tracking of
progress
Planning of a next wave of joint
dissemination activities;
definition of milestones and
outputs for other collaboration
areas (e.g., Blockchain/DLT, risk
assessment)
May
14th/15th
2019
Berlin, Germany
Panel discussion with
AIOTI Working Group
11 – Smart
Manufacturing,(WG11),
IIC, and participants
from Japan and China
International
Conference on
Cyber Security in
Industry 4.0:
"Securing Global
Industrial Value
Networks -
synchronizing
international
approaches"
The Federal Ministry of
Economics and Energy and the
Platform Industry 4.0 brought
together some 140 international
decision-makers from business
and politics. At the conference
the participants discussed IIoT
security in industrial production
from a political, regulatory and
technical point of view as well as
for a common approach of the
international partners.
In addition to these meetings, the projects held bi-lateral discussions in the scope of events like
the 2018 edition of the IoT Week in Bilbao, Spain and the 2019 edition of the IoT Week in Aarhus,
Denmark (see also Table 3) [1].
2.1.3 Representation of the Cluster of Projects
SecureIoT represented the cluster during the ETSI IoT Week 2018 [2], where a presentation of
the cluster of projects was given. In particular, SecureIoT presented an overview of the cluster
(including information about each one of the participating projects) in the scope of a workshop
titled: “Challenging IoT Security & Privacy Workshop”. The title of the presentation was:
Page | 13
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
“Overview and Accomplishment of the H2020 IoT Security/Privacy Cluster Projects”
(https://docbox.etsi.org/Workshop/2018/201810_IoTWEEK/01_IoTSECURITY_PRIVACY/SESSIO
N01/ATHENSINFORMATIONTECHNOLOGY_SOLDATOS.pdf). It was held on October 22nd, 2018, at
ETSI premises, Sophia Antipolis, France.
SecureIoT was in charge of creating and delivering the presentation, following relevant discussion
and consultation with the rest cluster partners. The presentation is publicly available through
SlideShare [3].
2.1.4 Coordination of the Risk Assessment Activity
Several of the projects of the cluster have activities that involve IoT security risk assessment and
management. The cluster projects initiated a task of sharing information about their risk
management/assessment related activities, including approaches for asset and risk modelling,
consolidation of threat & risk models, risk scoring, risk visualization and more. As part of this task,
SecureIoT led the process of collecting relevant information about the projects and creating an
overview presentation consolidating the different approaches. To this end, SecureIoT
communicated with all projects and collected information in the form of papers and deliverables.
The latter information was analyzed in order to create the consolidated presentation. The
following table illustrates one of the outcomes of the consolidation, which depicts a clustering of
the work areas of the different projects.
Table 2: Initial Mapping of the Activities of the Cluster’s Projects Risk Assessment Work in Different Activities associated with IoT Security Risk Assessment
RA Area / Project Brain-IoT IoTCrawler SecureIoT CHARIOT ENACT SerIoT
Asset Modelling X X X X X X
Threat Modelling X X X X X X
Threat Databases &Knowledge Bases
X X X
Threats & Assets Mapping X X
Data Analytics & AI for Risk Assessment
X
Risk Driven Security Requirements
X X
Risk Simulation & Calculation X
Risk Visualization X X
Risk Mitigation X
Specification of IoT Threats for Search and Crawling
X
Page | 14
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
Note that the SecureIoT proposed also a list of joint follow up activities such as the organization
of a joint workshop on risk assessment and the creation of a relevant whitepaper that shall
provide an overview of the different approaches, including their innovative points and their
overlaps. SecureIoT plans to lead these follow up activities.
2.1.5 Participation in Events organized by the Cluster SecureIoT has also responded positively in invitation to participate to dissemination activities
organized by other projects of the cluster. As a prominent example, a set of presentations on
Blockchain Technology and Industry 4.0 have been given by the project during the IoT Week of
2018 and 2019 [1].
Table 3: Events organized by the Cluster
Date Location Event Presentation
June 6th
2018
Bilbao, Spain IoT Week 2018 Industry 4.0 Session, Predictive
Cybersecurity Solutions for Industrial
IoT Applications, The SecureIoT
Approach
June 19th
2019
Aarhus,
Denmark
IoT Week 2019 Industry 4.0 Session, Scalable and
Configurable End-to-End Collection
and Analysis of IoT Security Data,
Towards End-to-End Security in IoT
Systems
2.2 Contributions to Alliance for IoT Innovation (AIOTI) 2.2.1 Contribution to AIOTI WG11
As part of its leadership of the WG11 Smart Manufacturing Industry working group, FUJITSU has
taken on the task of driving forward the requirements for secure interoperable communication
across companies.
This was supported both in the course of chairing the steering board and in the working group
(until March 2019).
• FUJITSU leadership role (up to March 2019) and organization of Industry 4.0 Session during
IoT Week 2018 in Bilbao and 2019 in Aarhus
• SecureIoT contributing to the agenda of the cluster, by providing inputs to the new WG leader
(Tecnalia, https://www.tecnalia.com/en/).
2.2.2 Organization of Industry 4.0 Session during IoT Week 2018, Bilbao, Spain
The figures below are indicative of the session content.
Page | 15
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
Figure 4: Challenges for the global Value Chain at the IoT Week 2018, Bilbao
Figure 5: The Mission of SecureIoT at the IoT Week 2018, Bilbao
Page | 16
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
2.2.3 Organization of Industry 4.0 Session during IoT Week 2019, Aarhus, Denmark
The figures below are indicative of the session content.
Figure 6: SecureIoT at a Glance at the IoT Week 2019, Aarhus
Figure 7: The Security Data Collection Infrastructure of SecureIoT at the IoT Week 2019, Aarhus
Page | 17
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
3 Standardization Activities and Participation in
Associations
3.1 Overview The consortium partners have collaborated at various levels in standardization committees in
order to contribute the findings from the SecureIoT project as shown in the following table.
Table 4: Activities in the area of standardization
Date Location,
Organization
Event, Theme Document, Result, Link when available
2018 Taipei, Taiwan NMRG 47th
meeting, co-located
with IEEE NOMS
2018
Analytics and security monitoring
2018 ETSI, Sophia
Antipolis,
France
Next Generation
Protocol (NGP)
NGP-006 Intelligence-Defined Network
Architecture leveraging machine learning for
operating networks
2018 ETSI,
Den Hague,
Netherlands
New Internet Forum
at SDN NFV Forum
Managing the Security of IoT Devices out of
your control [4]
2018 Plattform
Industrie 4.0
(PI40), Berlin,
Germany
Workgroup 3,
Security (ongoing
process)
Access Control for Industrie 4.0, ABAC,
XACML Profiling for I40 [5]
2018,
2019
Standardisation
Council
Industrie 4.0
(SCI 4.0),
Frankfurt,
Germany
Draft requirements
(in progress 2018-,
2020)
Industrie 4.0 Vocabulary for interoperable
attribution of Access Control [5]
Define Structured Attributes to specify,
characterize, and capture access control
information to improve consistency,
efficiency, interoperability and semantic
understanding of the overall situation.
2018 Industrial
Internet
Working Group Managing and Assessing Trustworthiness for
Industrial IoT in Practice [6]
Page | 18
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
Consortium
(IIC), USA
The complex process of developing an
overarching understanding of
trustworthiness is to be improved through
intensive collaboration and to have an
impact on the new better orientation of
future implementations of systems and
products
2018 Alliance for
Internet of
Things
Innovation
(AIOTI )
WG11, Smart
Manufacturing
Industry
Integration of IIoT Security Requirements for
I40 into the work programme of WG11 [7]
The aim is to develop measures for the
implementation of IIoT for a better
understanding of industrial security.
2019 Participation
on Boost 4.0
project
Hannover Fair 2019 Via BDVA, a major driver of the project, the
it'sOWL use case was presented; creation of
a secure and common European Industrial
Data Space and Big data for factories:
application and deployment of machine
learning methods for predictive
maintenance
Further details follow, sorted by partners:
3.2 FUJITSU In the area of Industrial IoT, access control (e.g. via ABAC) and policy description and enforcement
(e.g. via XACML7) are currently of great importance and are also changing the ecosystem of
secure cross-company communication. In the area of the German "Plattform Industrie 4.0"
(PI40), work in connection with the RAMI8 reference model is carried out continuously. FUJITSU
actively (as Working Group Leader in WG 3, Security) contributes insights and results from the
SecureIoT project at working level.
Furthermore, the results of SecureIoT were presented and discussed in the WG11 of AIOTI, in
meetings with the BDVA, with the Federal Ministry of Economics9 (BMWi), and with the
Standardization Council of Industry 4.0. The BMWi was particularly interested, for example, in
DWF's legal view. Also, in the cooperation of PI40 with Japan for the secure cross-company
7 http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html 8 https://www.plattform-i40.de/PI40/Redaktion/EN/Downloads/Publikation/rami40-an-introduction.html 9 https://www.bmwi.de
Page | 19
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
communication of industry 4.0 there are significant overlaps regarding the results from the MVI
Use Case of the SecureIoT project.
FUJITSU has been working with the following associations and stakeholders since the beginning
of the project:
• Platform Industry 4.0 (PI40), here an intensive cooperation with Working Group 3
(Security) takes place.
• Standardization Council Industrie 4.0 (SCI40), Here, the requirements for ABAC and
XACML for Industry 4.0 are prepared in order to enable a future cross-company and
transnational trust infrastructure.
• Federal Ministry of Economics and Energy (BMWi), on international cooperation with
Japan and China at G20 level, in particular standards and policies are at stake here
• Alliance for Internet of Things Innovation (AIOTI), IIoT for Industry 4.0 and Next
Generation Internet (NGI)
• Industrial Internet Consortium (IIC), collaboration and cross-referencing on
trustworthiness and compliance
• Big Data Value Association (BDVA), discussions on AI for industry 4.0
3.3 ATOS ATOS participates actively in the European Cyber Security Organization10 (ECSO) in different
working groups due to its large expertise. Regarding standardization for the securitization of the
IoT domain, ATOS contributes to WG111 (standardization, certification, labelling and supply chain
management) and WG312 (sectoral demand). ATOS is working and plans to continue for the
duration of the project, in contributing with the expertise and feedback of SecureIoT in different
areas (e.g. exchange of information of connected vehicles) for reports on standardization
activities in the vertical area of IoT and certification mechanisms. The information provided by
ECSO will be analyzed in order to identify ways to benefit SecureIoT of standards mechanisms
and formats while also discussing more advancements using the feedback of the work in
SecureIoT.
Since 2014, ATOS is a founding member of the Big Data Value Association (BDVA), assuming the
roles of Vice-presidency and Deputy Secretary-general. Therefore, the knowledge acquired by
ATOS within SecureIoT, especially in the connected and autonomous vehicle scenarios, is being
shared through the activities of the association. In this line, by the end of the project, ATOS will
10 https://ecs-org.eu 11 https://ecs-org.eu/working-groups/wg1-standardisation-certification-labelling-and-supply-chain-management 12 https://ecs-org.eu/working-groups/wg3-sectoral-demand
Page | 20
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
present the results of SecureIoT in some of the events sponsored by the BDVA, e.g., BDV PPP
Summit13 or European Big Data Value Forum14 (EBDVF).
3.4 INTRASOFT INTRASOFT is a BDVA member and in the 2nd half of the project will present SecureIoT’s
predictive analytics at BDVA events such as EBDVF and BDVA summit. INTRASOFT will also
consider organizing a related session in these events to have a broader exchange of views on the
use of big data techniques in the IoT security domain and particularities/needs raised by the
collection and processing of security data.
3.5 ITSOWL it's OWL is an established technology network in the field of intelligent technical systems. Our
200 partners work on topics such as artificial intelligence, digital platforms or digital twins. In
addition, it's OWL engages in the following activities:
• Exclusive events for partners in the network:
o Topics such as machine learning, cyber security, assistance systems etc.
o partners receive information on current national and international projects and
their results
• Platform Industry 4.0 (it's OWL is partner of the transfer network)
• Regular exchanges on digitization issues at EU level
• Participation in the Boost 4.0 EU project, which is complementary to SecureIoT in terms
of the MVI use-case
o Creation of a secure and common European Industrial Data Space
o Big data for factories: application and deployment of machine learning methods
for predictive maintenance
o BDVA as a major driver of the project: Thomas Hahn (BDVA president) presents
it's OWL use case as a best practice at Hannover Fair 2019
3.6 INRIA INRIA is actively involved into the IRTF NMRG (Network Management Research Group) where the
topic of the use of artificial intelligence for network operations including security has recently
emerged. While it is not yet at the agenda of the group, several people have actively started to
launch discussions and presentations for identifying a joint plan. J. François is particularly
involved in this initiative and regularly participated to the meetings of NMRG. Notably, we can
13 https://www.big-data-value.eu/ppp-summit-2019 14 https://www.european-big-data-value-forum.eu
Page | 21
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
cite his presentation at NMRG 47th meeting, co-located with IEEE NOMS 2018, Taipei, Taiwan15,
which was entitled Analytics and security monitoring.
He has been recently appointed as the new co-chair of the group in order to foster the AI topic
in this group while refining its agenda accordingly.
In addition, INRIA is also involved at ETSI in two industry groups. First, in the Next Generation
Protocol16 group (NGP), INRIA contributed to the document NGP-006 Intelligence-Defined
Network that promotes an architecture leveraging machine learning for operating networks.
Recently, INRIA joined the Experiential Network Intelligence17 (ENI) group to pursue this
direction.
Through these activities, J. François (INRIA) was invited as a speaker at ETSI New Internet Forum
at SDN NFV Forum, The Hague, Netherlands, October 2018.
15 https://noms2018.ieee-noms.org 16 https://www.etsi.org/technologies/next-generation-protocols 17 https://www.etsi.org/technologies/experiential-networked-intelligence
Page | 22
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
4 Summary In this Deliverable D8.4 it was shown how SecureIoT, as a member of the European Cluster of the
eight H2020 IoT security and data protection projects, fits in with the content and which focal
points are pursued.
The common research interests and complementary goals of IoT security and data protection are
pursued. In addition, the transfer of knowledge is of course very important, both within the
cluster, but especially with other organizations, which are now active in the industrial policy area,
research or Standardisation.
The following key activities have been carried out in the last 18 months
• Project’s participation in SDO and associations’ activities
On the one hand the participation in presence and teleconferences, the presentation of
project contents, but to a greater extent also to deal with the community, but also to
reach industry associations and platforms, in order to make a stronger awareness with
the users and developers of industrial processes, plants and systems understandable.
• Project’s contributions to standards
Of course, international agreement on uniform policy requirements and technical
standards is essential. In those cases where it has not yet been possible to achieve this
uniformity of IIoT security understanding, for example because geopolitical differences
currently prohibit this or because other social norms or economic requirements exist, it
has become apparent that further urgent measures are needed to promote a holistic
understanding of IIoT security for the benefit of all. To this end, the SecureIoT project
involves intensive cooperation with international and European bodies.
At the same time, we note that there is still room for improvement among the partners in the
project and that intensification is advisable in order to improve the scattering effect of the
project. In any case, this task will continue to occupy the project over the next 18 months.
Page | 23
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
5 Conclusion and Next Steps It became apparent that the next steps must be to intensify the participation of further project partners and to sharpen the contours of SecureIoT compared to the other projects of the H2020 cluster. Another gap that has arisen, for example, in the context of cooperation with non-EU Security Specialists on trust levels and trustworthiness is the differing willingness there to recognize European data protection requirements as protection goals or to support corresponding protection profiles and guidelines. The statements of the SecureIoT project regarding these legal project objectives are sometimes met with restraint by the audience mentioned above. Apart from that, it turned out during the cooperation and coordination with other organizations that all still seem to be very far away from the optimization of technical transformations, e.g. from legal requirements of the EU, where AI support does not help much at the moment. Thus, the manual effort for the description of legal guidelines and rules is correspondingly high. Discussions with other projects have shown the same level of knowledge so far. This probably also applies to governance issues of our project in the international environment of third countries. We will continue to report on these challenges and coordinate with other committees and organizations.
Page | 24
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
References
[1] IoT Week Bilbao, Aarhus: https://iotweek.org/, 2018, 2019
[2] ETSI IoT Week: https://secureiot.eu/ETSI-IoT-Week-2018, 2018
[3] Soldatos, J.: https://www.slideshare.net/jsoldat/soldatos-
clusterh2020securityprojectsetsinice221018v-final, 2018
[4] SDN NFV Forum: https://www.youtube.com/watch?v=XeMUfs36PZ4, 2018
[5] Plattform Industrie 4.0, Areas of Action: Security: https://www.plattform-
i40.de/PI40/Navigation/EN/Industrie40/AreasofAction/Security/security.html,
2019
[6] Hirsch, F.; Morrish, J.; Ginter, A.; Molina, J.; Zarkout, B., Buchheit, M., Durand, J.;
Neises, J.; Walloschke, T.: “Managing and Assessing Trustworthiness for Industrial
IoT in Practice” (to be published by IIC), 2019
[7] AIOTI: https://aioti.eu/resources/, 2018
Page | 25
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
Appendix Below some pictures document the presentations at the IoT Week 2018 and 2019 together with
some participants.
IoT Week 2018, Bilbao – Workshop organized by AIOTI WG11 At IoT Week 2018, SecureIoT was explained as part of the Industry Cluster in addition to industry
presentations.
Figure 8: Predictive Cybersecurity Solutions for Industrial IoT Applications
Figure 9: The MVI Cluster, discussion before SecureIoT presentation
Page | 26
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
Figure 10: SecureIoT presentation during the workshop (Jürgen Neises, Thomas Walloschke)
Figure 11: AIOTI guest (r) from RRI (Japan) after SecureIoT presentation
Page | 27
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
IoT Week 2019, Aarhus – Presentation organized by AIOTI WG11 At the IoT Week in Aarhus SecureIoT was explained to the participants under the data aspect.
Interestingly, various IoT specific security issues were new to many participants and left room
for discussion.
Figure 12: Scalable and Configurable End-to-End Collection and Analysis of IoT Security Data
Figure 13: Presentation (Jürgen Neises)
Page | 28
Project Title: SecureIoT Contract No. 779899 Project Coordinator: INTRASOFT International S.A.
D8.4 - Standardization Activities and Participation in Associations_First version ,
Version: v1.0 - Final, Date 12/07/2019
SDN NFV World Congress 2018 - Layer 123 J. François (INRIA) was invited as a speaker at ETSI New Internet Forum at SDN NFV Forum, The
Hague, Netherlands, October 2018.
Figure 14: Jerome Francois, Research Scientist, INRIA at the Layer123