Fig 1 - uploaded by Markus Fockel
Content may be subject to copyright.
Source publication
With the growing number of incidents, the topic security gains more and more attention across all domains. Organizations realize their lack of state-of-the-art security practices, however, they struggle to improve their software lifecycle in terms of security. In this talk, we introduce the concept of security by design that implements security pra...
Context in source publication
Context 1
... order to systematically develop secure products and services, security must be emphasized throughout the whole software lifecycle, such that the results are secure by design. Thus, every step of a common software lifecycle is enhanced with security practices as illustrated in Figure 1. The shown high-level process can be further tailored and refined towards specific domains and system classes [1] and many aspects also correlate with security standards for specific domains, e.g., IEC 62443 for industrial automation. ...
Citations
... An introduction to our method can be found in [1]. In this section, we explain the details needed to understand our experiences and lessons learned. ...
[Context and motivation] Cyber-physical systems, like modern cars and industrial automation systems, are highly connected and complex. [Question/problem] Their various interconnections open interfaces for attackers, and their complexity increases the risk of undetected security vulnerabilities. Hence, an important part of requirements engineering is threat modeling. It is a means to elicit security assets, goals, and assumptions, and to derive required security controls. Effective threat modeling needs a systematic workshop setup. [Principal ideas/results] In this paper, we report our experiences and lessons learned from threat modeling workshops that we conducted with industry partners from the domains of industrial automation, health care, smart home, and automotive. [Contribution] In conclusion, we derive a set of open challenges.
... Based on the requirements listed in the previous section and Fraunhofer IEM's threat analysis approach [1], we designed a tool-supported threat analysis process and integrated it into the existing development process at Phoenix Contact. In that development process, work products are specified as Polarion work items as depicted in Fig. 3. ...
... In addition, we work on the enhancement of risk management on system level based on the illustrated component-level threat analysis. Fraunhofer IEM is constantly improving and customizing its threat analysis approach [1] for further domains and companies. ...
Cybersecurity gains more and more attention as the number of security incidents rises. In order to strengthen the security of products within the industrial automation domain, the novel standard IEC 62443 prescribes security practices throughout the development lifecycle that improve the security of the resulting product. However, implementing and integrating concrete security practices into the existing development processes is challenging, as best practices for the automation domain are still missing. Hence, in this paper we present our implementation of a standard compliant threat analysis for the development process of the industrial control systems manufacturer Phoenix Contact. Phoenix Contact was successfully certified for its compliance with IEC 62443. We illustrate the requirements of the standard, the resulting threat analysis process, and its tight integration into the existing development process and its tools.
