Workshop insights: Calls for collaboration and certification for IoT security
Ana Tavares Lattibeaudiere, Executive Director of GlobalPlatform
Keynotes, case studies and panel discussions involving experts from companies including Amazon Web Services, Microsoft, NIST and PSA Certified treated delegates to an entire day of IoT security insights, highlighting the importance of collaboration between security schemes to safeguard the future of connected devices and industries.
On April 14th 2022 GlobalPlatform convened stakeholders from across the IoT ecosystem to discuss the value of the Security Evaluation Standard for IoT Platforms (SESIP) Methodology in reducing complexity in security evaluation processes and aligning with other important industry standards.
Session 1 – SESIP, secure memory & mapping with IoT security standards and requirements
GlobalPlatform Chair, Stéphanie El Rhomri, gave the opening address, setting the scene on the state of IoT, and why GlobalPlatform has invested in SESIP to help the industry achieve its potential.
The first keynote of the day was presented by Carlos Serratos, of platinum sponsor SGS Brightsight. Carlos began by giving an overview of how SESIP offers users the capability to reuse certified components and gives additional flexibility to developers. He posed the all-important question – what is next? In an environment where a growing number of device types are increasingly varied in their requirements, it is up to the ecosystem to work out a unified way to evaluate security. This open challenge was left to the rest of the day’s speakers to address.
The next keynote came from Ilia Stolov, of gold sponsor Winbond, who began with a fascinating look back into the history of secure memory and storage capabilities, running from the early memory disks 1990s to the MCU and SoC devices found in the present day. In his presentation, Ilia assessed how manufacturers can protect storage, that may not even be held on the device itself due to process and cost considerations, concluding that the new class of secure storage mechanisms need to be aligned in terms of evaluation processes to ensure a baseline level of security. The only way to achieve this? Certification.
Rounding off the opening session, Olivier Van Nieuwenhuyze of supporting sponsor STMicroelectronics’ gave insights into how, by mapping to other standards, SESIP provides security guarantees which decrease the end cost of evaluation. Olivier looked at standards from around the world, with a particular focus on how SESIP maps to ETSI’s EN 303 645 and TS 103 701 standards. He also offered an insight to how mapping standards through SESIP allows manufacturers to assess their own components, alongside existing ones that have been reused or combined, to decrease the overall costs of security evaluation. The session ended with Carlos Serratos joining Olivier to answer questions from delegates.
Session 2 – Real world insights from Amazon, NXP and STMicroelectronics
First up after the break was Gavin Yao of NXP, who delved into how SESIP addresses security requirements horizontally, to overcome the varied requirements of different standards and markets. He also looked at the IEC 62443 standards and how, through SESIP, it can be aligned with other security standards like EN 303 645.
Richard Elberger, IoT Principal Technologist at Amazon, presented the next case study to demonstrate how Amazon Web Services leveraged SESIP to help customers get certified for security practices easier, faster and with less risk. Richard gave the example of the FreeRTOS software and how SESIP certifications were achieved through the process of composition of already certified software and hardware parts.
Bruno Mussard of STMicroelectronics showed the audience how his company went from providing general purpose MCUs and basic security features to state-of-the-art MCUs which align with PSA Certified and SESIP level 3 certifications, with physical attack resistance.
Session 3 – Microsoft’s ECN PP, SESIP’s value & certificate reuse
Following the lunch break, Microsoft’s Eustace Asanghanwa delivered a case study around how Microsoft’s ECN Protection Profile is solving the challenge of how to claim device security and providing a baseline for security developers to build upon. He also explored the reasons to certify, noting that security and compliance aren’t always aligned and that regulation is not necessarily always the main driver. Customers often have security requirements before regulations come into force, and these could be organizational or market-related.
The first panel discussion of the workshop brought together different stakeholders to share their individual experiences of where SESIP adds value. Bringing together representatives from Microsoft (Eustace Asanghanwa), Silicon Labs (Michael Dow), STMicroelectronics (Bruno Mussard), and moderated by SGS Brightsight’s Carlos Serratos, the session discussed how certification mitigates risks and can help lower costs. Litigation in the IoT consumer product space was also noted as a key concern for manufacturers developing and launching products. The monetary cost of a lawsuit, for example, can be quantified but what about the reputational cost? Any security breach has the potential to kill your brand or market. This was balanced against the cost of certification. Panellists agreed a scalable approach was needed and that building certification into the design phase will help optimize security evaluation, to avoid incurring additional costs for customers:
“If every time I launched a new product I had to certify each individual component, I would have to the pass that cost on to my customer and that’s a problem.”
Wouter Slegers of TrustCB, a SESIP Certification Body, rounded off the session with his presentation on the re-usability of SESIP certificates. Wouter started by outlining the key reasons to certify, referencing risk management and the fact that product certification and security are now key differentiators. He went on to highlight the flexibility of SESIP in enabling product designers to ’stack’ certified parts when developing solutions to minimize evaluation times without increasing risk.
Session 4 – IoT legislation with NIST & SESIP mapping
Entering the last session of the day, Paul Watrobski from the National Institute of Standards and Technology (NIST), explained the current state of IoT legislation in the USA and NIST’s role in executing the recent Executive Order (EO) 14028 to improve the nation’s cybersecurity. He addressed some of the key day to day cybersecurity challenges, highlighting the importance of educating consumers on security and the need to address fragmentation between security schemes.
The day ended with a final panel discussion on the applicability of SESIP and how it can be used to map to other security standards. Moderated by GlobalPlatform Technical Director, Gil Bernabeu, the panel involved Rob Coombs (PSA Certified), Craig Miller (IoXT) and Paul Watrobski (NIST) who considered how SESIP’s mapping capabilities provide evidence of the security functionality implementation, reducing time and cost of evaluation.
Stéphanie El Rhomri closed the session, leaving delegates with much to take in. Though the future of connected devices and services may still be unclear, what is clear is that through collaboration and alignment of security best practices, the cyber safety of consumers is within our control.
--
I’d like to again thank our sponsors – SGS Brightsight, Winbond and STMicroelectronics – for their support in driving this initiative forward. Please see links to videos of the sessions and presentations (where available) below.
Speaker presentations:
- Keynote - What is SESIP - SGS Brightsight
- Keynote - Overview of Current US IoT Legislation and Outlook for the Future - NIST
- Keynote - Overview of Secure Storage and SESIP Secure Memory Protection Profile - Winbond
- Case Study - The Practical Complementarity of ECN PP and SESIP for Secured Compliant IoT Solutions - Microsoft
- Case Study - Why SESIP™ Certification for FreeRTOS Matters - Amazon
- Case Study - Microcontroller Journey from Basic Security to ARM PSA L3 & SESIP3 Security Certification - ST Microelectronics
- Case Study - SESIP Journey Towards a Powerful Methodology - NXP
- Presentation - Reusability of SESIP Certificates - TrustCB