Security of Cyber-Physical Systems and Cross-SDO Collaboration

2Addressing security challenges on a global scale Geneva, 6-7 December 2010

ISO/IEC/ITU-T Strategic Advisory Group on Security

• Outgrowth of ISO Advisory Group on Security (2004)

• Expanded to ISO+IEC+ITU-T in 2005• First meeting: April 2005• Initiative of the World Standards

Collaboration

Terms of Reference• To oversee standardization activities

in ISO, IEC and ITU-T relevant to the field of security

• To provide advice and guidance to the ISO Technical Management Board, the IEC Standardization Management Board and the ITU-T Telecommunication Standardization Advisory Group (TSAG) relative to the co-ordination of work relevant to security, and in particular to identify areas where new standardization initiatives may be warranted.

• To monitor the implementation of the recommendations of the Advisory Group on Security

3Addressing security challenges on a global scale Geneva, 6-7 December 2010

SAG-S Web Portal

4Addressing security challenges on a global scale Geneva, 6-7 December 2010

Standardization Areas with Security Aspects

• Electric grid• Buildings and structures• Ships and marine technology• Aircraft and space vehicles• Fire protection and fire safety• Alarm systems• Food products• Financial services• Nuclear energy• Personal safety – protective

clothing and equipment• Design of structures• Societal security

• Freight Containers• Air Quality• Intelligent transportation

systems• Environmental management• Health informatics• Drinking water supply and

water quality• Cards and personal

identification• ICT security• Biometrics• Automatic identification and

data capture

5Addressing security challenges on a global scale Geneva, 6-7 December 2010

Not a complete list - and ICT Underpins Everything!

Security Must be “Baked In”

6Addressing security challenges on a global scale Geneva, 6-7 December 2010

Cyber-Physical Systems

7Addressing security challenges on a global scale Geneva, 6-7 December 2010

ICT SystemsICT SystemsPhysical SystemsPhysical Systems

ICT is an embedded infrastructure within a larger system. Security requires sound overall system architecture and an integrated

approach encompassing both ICT and physical system security

Example: The Smart Grid

8Addressing security challenges on a global scale Geneva, 6-7 December 2010

New Types of Cyber-Physical Threats

9Addressing security challenges on a global scale Geneva, 6-7 December 2010

Observations

• Overall system security requires sound overall architecture

• Interactions between ICT and physical systems must be considered

• Security requires co-development of standards for both the physical application and embedded ICT infrastructures

• Standards are typically done by different communities

• New forms of collaboration within and among SDOs is needed

10Addressing security challenges on a global scale Geneva, 6-7 December 2010