Not all discussions are / have been minuted but this is a page that is available to keep some public notes.
Minutes September 05, 2019'
- Bastien Kruck (Itemis)
- Mike Nunnery
- Bevan Watkiss (Irdeto)
- Bastian Kruck (Itemis)
- Till Fischer (Itemis)
- Gunnar Andersson (GENIVI)
- Philippe Robin (GENIVI)
- Steve Crumb (part time)
1. Security Evaluation Framework
Discussed and worked to improve the Security Evaluation Framework page. (This draft is accessible for Security Team only - ask for access if you want to participant). This took the majority of the meeting time today. Results are on the page.
2. Automat and other related security frameworks as identified in Cloud & Connected Services project
Info about the review we did on the Automat-developed security framework
Big Data and privacy - if interested, make sure to read the link provided. http://www.bdva.eu/sites/default/files/BDVA%20DataSharingSpace%20PositionPaper_April2019_V1.pdf
Other related work: SAREF - work on data ontologies to produce common standard.
Also W3C Web of Things. https://www.w3.org/WoT/
Finally comparison of ISO 27001-vs-NIST .
ISO 27001 & 27002 on security and ISO 27701 on data privacy (former ISO 27752) which is a privacy extension of ISO 27001
Please review: US NIST cybersecurity work that addresses the security according to the lifecycle, i.e. the possible threats and countermeasures are structured according to the various stages of the lifecycle of the product (identify, protect, detect, respond, recover) – Look for instance at https://blog.compliancecouncil.com.au/blog/iso-27001-vs-nist-cybersecurity-framework
TBC other links for the actual NIST specifications?
The interesting feature of the Automat cybersecurity work is that it relies on existing standards (at the time of the project execution timeline).
Action: Review Petar's summary presentation (and also the original Automat security specification). Both are linked from here.
Antonio works in a WG (unknown which one?) on meta-architecture (for vehicle data)
Antonio mentions also the work done Industrial Internet Consortium (IOC) on IOT 4.0 / IIOT, look at: https://www.iiconsortium.org/vertical-markets/transportation.htm
The work done in automat on cybersecurity is good and relates to a big data architecture, We recommend the GENIVI security team to review it and amend it w.r.t. US NIST work and extract possibly use cases to benchmark the MoRa tool.
Minutes August 22, 2019