Our economies and societies are increasingly reliant upon “smart products”, i.e. products that contain code and can connect. Connected vehicles, smart homes, smart grids, smart cities and many others are practical examples of smart products. Smart products include traditional Information Communications Technology (ICT) products or managed services, as well as Internet of Things (IoT) or Cyber Physical (CPS) products.
The security gap
It is widely recognized that smart products frequently have an insufficient level of digital security, resulting from gaps that can emerge at different stages of their lifecycle and steps of their value chain. Many national regulators and private organizations have started to address the issue by issuing recommendations on security requirements for the procurement of smart products, promoting the adherence to security principles. As an example, the ENISA recommends security principles as follows:
Security-by-design
the product, or service, should be conceived, designed and implemented to ensure that key security properties (availability, confidentiality, integrity and accountability) are maintained.
Security-by-default
the product, or service, should be supplied with the confirmed capability to support security properties at installation.
Throughout the lifecycle
security should be maintained from initial deployment through maintenance to decommissioning.
And each of the above principles should be verifiable
Security challenges
In order to follow those security principles, there are many security challenges that need to be addressed and for which ProvenRun can help your organization and your projects.
