- 17 March IKERLAN will hold a webinar on the securitisation of the GNU/Linux operating system, increasingly prominent in the industrial sector and now vulnerable to cyber-attacks
January 2020 saw the launch of ÉGIDA, the first and only national network for security and privacy technologies, made up of technology centres of excellence such as Gradiant, Fidesol, Vicomtech and IKERLAN (the latter two belonging to the BRTA - Basque Research and Technology Alliance). Within the framework of the Cervera Programme for Technology Centres and promoted by the Ministry of Science and Innovation and the Centre for the Development of Industrial Technology (CDTI), ÉGIDA is the national endeavour to develop market-oriented research in security and privacy technologies.
Within this framework, the centres that make up the network consortium will work, over a three-year period, on four technical objectives focused on technologies for the protection and privacy of information:
- Cryptography applied to secure information processing and communication
- Digital identity and privacy for the prevention of fraud, via the creation, verification and use of digital identity mechanisms.
- Security in distributed systems, through the generation and incorporation of disruptive technologies on IoT, 5G or DLT / blockchain.
- Development of cyber-secure information systems to increase protection against cyber-attacks.
Certification of Cyber Security Management
Within this last section, the IKERLAN team is working on the definition of new cyber-secure electronic product development methodologies. In other words, they are working on defining the processes or tasks necessary to achieve the development of a system that is cyber-secure throughout all its stages, from the conception of a product idea to certification by a competent authority.
The work carried out by IKERLAN within the framework of ÉGIDA is based on these three main methodologies:
- Cybersecurity risk analysis: which makes it possible to identify and manage the risks associated with a product during its conception or throughout its life.
- The security assessment of the software, in which it works hand in hand with Vicomtech, the other Basque centre in the project. Security assessment techniques make it possible to measure the effectiveness and performance of the measures implemented, and to take corrective action on a product. This assessment can be carried out by means of a variety of tests, for example: implementation testing (side channel analysis and fault injection), communications robustness testing, functional cybersecurity testing, and vulnerability identification, penetration and exploitation testing.
- The development life-cycle: a methodology for developing products with functional safety requirements (Safety) or cybersecurity, managing security through design (secure-by-design).
In relation to the latter, last year, IKERLAN's development life cycle geared towards industrial cybersecurity, obtained the TÜV Rheinland certification for the IEC 62443-4-1 standard. This certification guarantees that the procedures, the organisational structure, the quality system and the training of the people who develop the electronic systems carried out in accordance with this methodology, comply with the highest safety standards. Since 2011, this life-cycle has also been certified with TÜV Rheinland functional safety (Safety), with standard IEC 61508.
Rosa Iglesias, a researcher in IKERLAN's industrial cybersecurity department and part of the ÉGIDA team, explains that “all of this enables IKERLAN, firstly, to support the companies in defining cybersecurity procedures, as well as in component or system development and evaluation activities. And, secondly, to generate the necessary evidence to undertake a product certification process”.
Specialisation in industrial cybersecurity is one of IKERLAN's strategic undertakings, in which it has invested more than six million euros in the last four years, in order to have highly qualified researchers and cutting-edge facilities in this field.
Webinar: cyber-security in the LINUX system
Today, many industries are incorporating the GNU/Linux operating system into their developments. This operating system has a very high level of exposure and strict security measures must be applied. The increasing digitalisation of industrial products and services has made industrial cyber-security an essential element in protecting business activity.
Thus, IKERLAN has organised a webinar for 17 March, dedicated to explaining to interested companies how to get the most out of the Linux capabilities in order to incorporate the cyber-security measures required in embedded systems.
Furthermore, the session will be attended by representatives from companies and clusters such as ARTECHE, BARBARA IoT, ORMAZABAL, BCSC and CYBASQUE, who will share their experience in this field.
You can register now via this link.