DOCTORA L T H E S I S
Ani Bicaku Secur
ity Standar
d Compliance in System of Systems
Department of Computer Science, Electrical and Space Engineering Division of EISLAB
ISSN 1402-1544 ISBN 978-91-7790-632-2 (print)
ISBN 978-91-7790-633-9 (pdf) Luleå University of Technology 2020
Security Standard Compliance
in
System of Systems
Ani Bicaku
Cyber-Physical Systems
130208-Bicaku-Oms.indd Alla sidor
Security Standard Compliance
in
System of Systems
Ani Bicaku
Lule˚
a University of Technology
Department of Computer Science, Electrical and Space Engineering
EISLAB
Lule˚
a, Sweden
Supervisors:
To Silia and my family
Abstract
The world we live in is becoming digitalized by transforming our society and economy in an unpredicted way. Digital technologies are transforming products, manufacturing assets, and entire supply chains. These technologies revolutionize how organisations en-gage with customers, other partners, and society depending on the ability to connect people, technology, and processes. Distributed services through different platforms, or-ganisations, and even regions are becoming very common with the digital transformation of industrial processes. More and more systems are being constructed by interconnecting existing and new independent systems. The transformation from traditional and isolated systems to connected components in a System of Systems (SoS), provides many advan-tages such as flexibility, efficiency, interoperability, and competitiveness. While it is clear that digital technology will transform most industries, there are a number of challenges to be addressed, especially in terms of standards and security.
In the past, providing a secure environment meant isolation from external access and providing physical protection, usually based on proprietary standards. Nowadays, with the development of state-of-the-art technologies, these systems have to meet and provide proof of fulfilling several requirements and involving many stakeholders. Thus, to assure that organisations can move towards this multi-stakeholder cooperation, security is one of the challenges that need to be addressed. With the increasing number of devices, systems, and services in these complex systems and the number of standards and regulations they should fulfill, the need for automated standard compliance verification is of utmost importance. Such verification will ensure that the components included in their business processes comply with the imposed standards, laws and regulations.
The research presented in this thesis targets the automated and continuous standard compliance verification in SoS. Standard compliance verification provides evidence that processes and their components satisfy the requirements defined by national and interna-tional standards. The thesis proposes an automated and continuous standard compliance verification framework that provides evidence if SoS components fulfill security standards’ requirements based on extracted measurable indicator points. Since these systems evolve over time, the standard compliance is verified in design time and continuously monitored and verified during run time after the SoS has been deployed.
Contents
Part I
1
Chapter 1 – Introduction 3 1.1 Introduction . . . 3 1.2 Motivation . . . 8 1.3 Research Questions . . . 9 1.4 Research Methodology . . . 101.5 Thesis Scope and Outline . . . 10
Chapter 2 – Security: The challenge for Digitalisation 13 2.1 Standards and Digitalisation . . . 13
2.2 Digitalisation and Security . . . 14
2.3 Digitalisation Related Technologies . . . 17
Chapter 3 – Standardization Landscape 23 3.1 Standardization Bodies and Standards . . . 23
3.2 ISA/IEC 62443 series overview . . . 28
3.3 IEC 62443-3-3: System security requirements and security levels . . . 42
Chapter 4 – Monitoring and Standard Compliance Verification 47 4.1 Standard Compliance Verification . . . 47
4.2 Monitoring and Standard Compliance Verification Framework . . . 48
4.3 Security Standards Evaluation . . . 50
4.4 Monitoring and Standard Compliance Verification Integrated in Industrial Internet of Things . . . 52
4.5 Monitoring and Standard Compliance Verification Integrated in Service Oriented Architecture . . . 53
Chapter 5 – Summary of Contributions 55 5.1 Summary of Appended Papers . . . 55
5.2 Additional Publications . . . 60
Chapter 6 – Conclusions and Future Work 61 6.1 Conclusions . . . 61
6.2 Future Work . . . 64
References 65
Paper A 75
1 Introduction . . . 77
2 Property Analysis and Evaluation . . . 79
3 Monitoring Overview and Related Work . . . 80
4 Overview of Security/Assurance Support in Existing Monitoring Tools . . 83
5 Evidence Gathering Mechanism Design . . . 84
6 Conclusion . . . 88
7 Acknowledgement . . . 88
Paper B 91 1 Introduction . . . 93
2 Related Work . . . 94
3 Security Related Baselines . . . 95
4 ENISA Evaluation . . . 97
5 Assessment of IAAS Platforms . . . 98
6 Conclusion and Future Work . . . 102
7 Acknowledgment . . . 103 Paper C 105 1 Introduction . . . 107 2 Related Work . . . 108 3 The CPPS Meta-model . . . 113 4 Security in CPPS . . . 116
5 Conclusions and Future Work . . . 120
6 Acknowledgement . . . 122
Paper D 125 1 Introduction . . . 127
2 Related Work . . . 128
3 Proposed Authentication Mechanism . . . 131
4 Security Analysis . . . 135 5 Performance evaluation . . . 137 6 Conclusion . . . 139 7 Acknowledgment . . . 140 Paper E 145 1 Introduction . . . 147 2 Related Work . . . 148 3 Operations Security . . . 149
4 Standards and Best Practice Guidelines . . . 150
5 Operations Security Controls . . . 152
6 Assessment of Cloud Platforms . . . 154
7 Conclusions . . . 159 viii
8 Acknowledgements . . . 160 Paper F 163 1 Introduction . . . 165 2 Related Work . . . 166 3 Arrowhead Framework . . . 168 4 On-boarding Procedure . . . 173 5 Conclusion . . . 176 6 Acknowledgment . . . 176 Paper G 179 1 Introduction . . . 181 2 Related Work . . . 183
3 Monitoring and Standard Compliance Verification Framework . . . 184
4 A representative set of MIPs for the Monitoring and Standard Compliance Verification Framework . . . 189 5 Conclusions . . . 192 6 Acknowledgement . . . 192 Paper H 197 1 Introduction . . . 199 2 Related Work . . . 201
3 Monitoring and Standard Compliance Verification Framework . . . 203
4 A representative set of MIPs for the Monitoring and Standard Compliance Verification Framework . . . 208 5 Conclusions . . . 212 6 Acknowledgement . . . 213 Paper I 217 1 Introduction . . . 219 2 Related Work . . . 221 3 Standardization Landscape . . . 227
4 Standards and Best Practice Guidelines Evaluation . . . 232
5 Metric Model . . . 235
6 Monitoring and Standard Compliance Verification Framework - Architecture237 7 IIoT Use Case . . . 240
8 Conclusion . . . 246
9 Acknowledgements . . . 246
Paper J 251 1 Introduction . . . 253
2 Related Work . . . 255
3 Monitoring and Standard Compliance Verification . . . 256
4 Eclipse Arrowhead Framework . . . 259
5 Measurable Security Indicators . . . 262 ix
ation Time . . . 266 7 Conclusion . . . 272 8 Acknowledgement . . . 272
Acknowledgments
This PhD thesis is the result of the effort and support of several people, universities, and other institutions to whom I am incredibly grateful.
Firstly, I would like to express my gratitude to the University of Applied Science Burgenland that allowed me to pursue my research while employed.
Secondly, I would like to thank my supervisors, Prof (FH) Dr. Markus Tauber and Professor Jerker Delsing, for their guidance, feedback, and advice. I enjoyed working with you and would like to thank you for helping me grow as a researcher and engineer. I enjoyed and appreciated the opportunity of being part of several European funded projects such as SemI4.0, Productive 4.0, and Arrowhead Tools project, where I had the chance to know, collaborate and discuss with academic and industrial partners. I want to thank all the researchers, experts, and students who contributed to the appended papers and helped conduct my research. I also want to thank the EISLAB team for their support, even though our offices are separated by more than 2500 kilometers.
My warm gratitude goes to my family for supporting me throughout my life in gen-eral. Finally, I would like to thank Silia for her advice, motivation, and patience she has given me. Without her support, it would not have been possible to make this journey.
Vienna, October 2020 Ani Bicaku
List of Abbreviations
AO Asset Owner
API Application Programming Interface
AUTOSTAR Automotive Open System Architecture AWS Amazon Web Services
CIA Confidentiality, Integrity, Availability CPS Cyber Physical Systems
CPPS Cyber Physical Production Systems CR Component Requirements
CRM Customer Relation Manager DCS Distributed Control Systems
ECSE Experimental Computer Science and Engineering ETSI European Telecommunications Standards Insti-tute EU European Union
FR Foundational Requirements
GSM Global System for Mobile Communication
HIPPA Health Insurance Portability and Accountability HMI Human Machine Interface
IAAS Infrastructure as a Service
IDS Industrial Data Space
IEC International Electrotechnical Commission IoT Internet of Things
ICS Industrial Control Systems
ISO International Organization for Standardization IT Information Technology
ISA International Society of Automation MIP Measurable Indicator Points MOI Measurable Organizational Points
MSCV Monitoring and Standard Compliance Verification MSI Measurable Security Indicator
MSFI Measurable Safety Indicator
NIST National Institute of Standards and Technology OCF Open Connectivity Foundation
OT Operational Technology PaaS Platform as a Service
PLC Programmable Logic Controller PS Product Supplier
RA Risk Assessment RTU Remote Terminal Unit
SA Security Assurance SaaS Software as a Service
SCADA Supervisory Control and Data Acquisition SI System Integrator
SM Maintenance Service Provider SPR Security Program Rating SoA Service oriented Architecture SoS System of Systems
SuC System under Consideration TPM Trusted Platform Module TR Technical Report
TS Technical Specification
Part I
Chapter 1
Introduction
”The only system which is truly secure is one which is switched off and unplugged, locked in a titanium safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it” Gene Spafford
1.1
Introduction
The technological progress is changing the way we live. Recent industrial production de-velopments are revolutionizing our economy and society by preparing strong foundations for efficiency, sustainability, and usability. As the digital transformation is on its rise, today’s society relies more and more on connected services utilizing embedded sensors and actuators. This creates new business opportunities, but the ability of traditional systems (such as Operational Technology (OT) systems) to cope with new technologies will be a significant factor to success in the business [1]. Even though many OT have been initially set up in isolation, they are getting interconnected following digital trans-formation. Thus, it is critical to exploit technologies that can integrate and operate with legacy systems. These technologies will facilitate the development of new systems. Still, at the same time, they will maintain in operation legacy systems by increasing their efficiency, real-time capabilities, and resource usage by interconnecting processes, people, and technology [2]. Digitalisation affects not only the industry but organizations across all domains. Several European research projects have been funded on this topic. Productive 4.0 [3], ArrowheadTools [4], SemI40 [5], Ai4Di [6], CPS4EU [7], iDev40 [8], and many others, address the topic of Industry 4.0 and automation enabling technologies to transform the potentials of the digital revolution into business success [9]. The dig-ital transformation facilitates the adaption of new technologies with new products and services. Therefore, organizations have to decide if they should migrate into Industry 4.0 and which technologies are appropriate by considering initial costs and benefits on
productivity. To support the digital transformation of industry, the implementation of standards and compliance with their requirements is of utmost importance. This will en-sure the compatibility and interoperability of products by endorsing digital technologies. Interoperability is the guarantee that connected devices, systems, and services commu-nicate with each other regardless of the manufacturer, location, operating system, or hosted services [10], as shown in Figure 1.1.
Figure 1.1: Communication across several organisations providing interoperability be-tween devices, systems, and services via a trust center and certificate authorities (CA)
Automation systems and service platforms play a significant role in digital transfor-mation. They enable connectivity, monitoring, analysing and controlling of processes.
The digitalisation of industry is supported by emerging technologies such as Internet of Things (IoT), Cyber-Physical Systems (CPS), Service Oriented Architectures (SoA), Systems of Systems (SoS), and Cloud Computing, which are the main enablers for the dig-ital transformation [11]. They enable interoperability, customized production, predictive maintenance, develop new products or improve older ones (e.g., industrial manufacturers use sensors to collect data about processes and analyse the collected data to improve the quality of products, minimize errors and reduce time to market) [12]. A brief introduc-tion of these technologies is provided here, and they are further discussed in chapter 2. CPS provides full integration of Information Technology (IT) and control systems with physical objects, software, sensors and connectivity to optimize manufacturing processes. They provide advanced functionalities in control and communication for an infrastructure that automatically handles different tasks in different locations [13], [14]. IoT provides the connection and network capabilities that help integrate the physical world by col-lecting, processing, and analysing the gathered data by IoT devices. The data collected
1.1. Introduction 5
from the sensors are converted into digital payloads, which are sent over the network us-ing communication protocols to cloud computus-ing services (e.g., databases, maintenance services, etc.) where they will be further processed and analysed [15].
SoS is a composition of independent systems configured to interact with one or several systems, which provide capabilities that a single system cannot achieve [16], [17]. SoS can operate in different regions or platforms and can have various applications or production elements, as shown in Figure 1.2.
Figure 1.2: Schematic representation of SoS. Each component can operate in different regions and consists of platforms, applications, or physical production elements
ISO/IEC/IEEE 21839 defines SoS as :
“System of Systems (SoS) - Set of systems or system elements that interact to provide a unique capability that none of the constituent systems can accomplish on its own. Note: Systems elements can be necessary to facilitate the interaction of the constituent systems in the system of systems” [18].
“Constituent Systems - Constituent systems can be part of one or more SoS. Note: Each constituent is a useful system by itself, having its own development, man-agement goals and resources, but interacts within the SoS to provide the unique capability of the SoS” [18].
Examples of SoS, either existing or proposed, can be found in diverse domains, such as manufacturing, transportation, energy, healthcare, telecommunication, etc.
Despite the benefits of adopting digital transformation technologies, many challenges are still to be addressed. These challenges increase continuously due to a large number of products, complexity, and ability to orchestrate processes in different platforms or even regions. In such environments, assuring interoperability and establishing a secure and robust communication is a vital element. Therefore, security is one of the main challenges for such complex systems, which is more critical for systems that previously have been isolated and highly protected, and now are exposed to the internet [10].
In cloud computing, it is essential not only to offer a user friendly access to the data but also to assure that security techniques are in place in physical infrastructure (infras-tructure level), virtual infras(infras-tructure (tenant level) and applications (service level). In IoT, it is important to show that it is possible to support several application domains and ecosystems while providing secure communication and secure storage [19]. The data collected by sensors are mostly critical infrastructure data stored in the organisation’s internal systems, meaning that several departments or roles can access them. Their se-curity is essential because, without proper sese-curity measures, non-authorised access will result in high costs and leaks in critical data. In SoS, it is essential to take into account the security aspects not only to ensure business operations, but also managing security objectives (e.g., confidentiality, availability, integrity, authenticity, non-repudiation, reli-ability, etc). If someone compromise any of these objectives, the consequences would be from an incident to an unsafe situation or system performance degradation.
Recent studies and surveys show that many organisations need to address better their security since the interconnection of devices, systems, and services through IoT platforms increases the possibility of security being compromised [20], [21], [22], [23]. As a consequence, cyberattacks on industrial environments have become more common and even more sophisticated than they have been in the past. The Stuxnet (named the world’s first digital weapon) was the first attack on OT systems. In difference from other attacks, it targets supervisory control and data acquisition (SCADA) systems, more specifically the programmable logic controller (PLC) used to control the centrifuges of Iran’s nuclear facility in Natanz [23], [24]. After the report of Stuxnet attack in 2010, cybersecurity has become a major concern for critical infrastructures. Since then, several vulnerabilities have been identified and have demonstrated that critical infrastructure operate in an unsecure environment. The Night Dragon, reported in 2010, used sophisticated malware to attack global oil, gas, and petrochemical organisations [25]. In 2015, Ukraine Power Grid attack was the first known attack on a country power grid, where attackers were able to compromise information systems of energy distribution [26]. Also, in 2016 a second attack compromised the Ukraine power grid again by cutting electricity to 225.000 customers. Triton/Trisis (named the wold’s most murderous malware) in 2017, targeted the safety instrumented systems of an energy plant in the Middle East [27]. It was the first time that a safety instrumented system was directly attacked with the objective of disabling them. But fortunately, there was an error in the code that caused a safe shutdown of the facility, and this was how they discovered the cyberattack.
The consequences of these attacks can vary from interruption or modification of an operational process to sabotage with the intention to cause harm. They can lead to
1.1. Introduction 7
the financial impact, loss of brand loyalty, loss of reputation, espionage, environmental damage, injury, or even loss of life depending on the attack’s severity. These attacks could have been detected or even prevented if security techniques could have been in place. ISA/IEC series proposes defense-in-depth, separation of physical and logical assets in different zones, and other countermeasures [28] (more details in section 3.2).
To efficiently respond to these types of threats against critical infrastructure and OT systems, and to benefit from digitalisation technologies, it is crucial that security decisions are made based on international standards. It is not only important to securely access the data, but also to securely exchange the data and make possible that only authorised persons access them without reducing the security level. This avoids security incidents by assuring that all security measures are in place. Measurable indicator points (e.g., security metrics or security controls) from recognized standards can be used by devices, systems and services to measure and if needed to improve security. There are several national and international security standards that organizations can choose to comply with, such as: (i) information security standards - COBIT, ITIL, ISO 27001 etc., (ii) cybersecurity standards - NIST SP 800-series, ISO/IEC 27000 family of standards, ISA/IEC 62443 series, etc., (iii) web services security standards - OASIS, OWSM, etc.
Standards are agreed publications and can be implemented as a preferred way or as mandatory requirements to comply with specific policies by providing rules or guidelines including tests, methods, reference data, and analysis [23], [29]. They provide a common language and agreements for individuals and organizations to avoid misunderstanding. Complying with standards is important for communication, trade, and production since they ensure compatibility and interoperability of products between multiple stakeholders. Standards provide advantages to organizations and users by reducing costs, avoiding re-dundancy, minimizing errors, reducing time to market, and improving security. As they usually are not mandatory (organizations are not legally constrained to fulfill them), they facilitate compliance with other legal requirements such as those documented in Euro-pean Directive [30]. With the development and adaption of new technologies, existing standards need to be adapted or new ones need to be drafted and published.
Usually, an organisation needs to comply with more than one standard for specific domains and products. Most of them are subject to at least one security regulation. An organisation’s difficulty is to select a proper standard and provide evidence of compliance with its requirements and security metrics. There are several challenges in selecting and understanding standards because they are not written so that every person can easily understand it. An experienced security professional is employed to implement the standard to show if the organisation is compliant with it or not. Another challenge is to automatically verify compliance since most of the standards do not provide technical ways to implement the measurable indicator points.
This thesis provides an automatic way to continuously monitor standard compliance verification for a transparent, efficient, and effective interoperable system of systems based on international security standards and recommendations. This will guarantee the parties that devices, systems, and services within the organisation operate in a secure and standard compliant way without compromising the underlying infrastructure.
1.2
Motivation
The industrial environment is experiencing a radical digital transformation relying on innovative technologies that cannot work in isolation. Standards, recommendations and best practices facilitate the ongoing digitalisation of industry by providing interoperabil-ity and liabilinteroperabil-ity across technologies, while providing means to assess securinteroperabil-ity.
Standards are guidelines that provide specifications, reports, and best practices on devices, systems, services, and processes. The development of a standard involves pro-fessionals with different backgrounds and roles, from normal users to public authorities. The role of standard compliance can be easily illustrated in the telecommunication do-main. The development of the Global System for Mobile Communication (GSM), first deployed in 1983, showed a mobile phone’s ability to operate in different countries. After the acceptance and publication by the European Telecommunications Standards Insti-tute (ETSI), it was adopted by most EU countries, and the GSM network soon expanded all over the world (193 countries in 2010) by achieving 90% of market share. Moreover, standards regulate and impact competition by providing for every producer equal oppor-tunities and market access. They also make it possible that all types of organizations can access national and international markets and compete. An example is the Android and iOS operating system, where developers published 1.1 million new iOS apps and 1.3 million new Android apps in 2016 [31]. In the context of digital transformation, there is no boundary between the connection of objects, devices, people, and the environment. Proprietary standards may provide advantages for single organizations within a specific market, but they will limit their broader market opportunities. A wrong implementation or interpretation of standards can limit interoperability and can also have a negative im-pact on users. International standards that are available for all industries provide generic specifications (protocols, data format, interfaces, etc.) to ensure interoperability across industries in different countries and push the usage of new technologies. Compliance with these standards ensures that components and processes are operating in accordance with well known and globally agreed set of norms and recommendations. Non-compliance may not result only in financial impact, loss of reputation, and loss of brand loyalty, but can also lead to legal actions and fines. If standard compliance is verified, it helps legal cases to show that there was no negligence at any point in time, and the system has been compliant to security standards.
The security standards involve many requirements and security controls (e.g., ISA/IEC 62443 series include different standard for system requirements and other for component requirements). Achieving compliance with these standards can be complicated and costly, based on the nature of the standard. Many organisations find it difficult to maintain stan-dard compliance and are investing effort and resources in order to be compliant. Usually, the compliance verification is done via manual audits maintaining several documents as checklist [32]. The standards provide requirements listed in this checklist and verified against the devices, systems, and services. Several works such as, [33], [34], and [35] outline the issues with manual compliance audits, the ability to build the checklist, and humans’ need to interpret them [23].
1.3. Research Questions 9
1.3
Research Questions
Considering the problem formulation and motivation presented in the previous section, the following research questions are formulated:
Q1: What existing standards can be considered relevant to address security from edge devices to the back-end infrastructure, including their communication and what are the difficulties of implementing them?
Given the large number of existing standards, organisations have to comply with different rules from different standardization bodies, and they find it challenging to choose the right standards to comply with. The components in an end-to-end communication from edge devices to the backend infrastructure should fulfill sev-eral standards to provide secured communication and interoperability. To identify the best standards to comply with, security requirements of the system under con-sideration should be defined and documented in a structured way. Several security standards should be evaluated and measurable security indicator points should be extracted based on the system requirements. Therefore, standard compliance de-pends on whether the standards can provide technical implementation possibilities. Q2: How can standard compliance be verified, and how can the requirements of an already implemented solution be addressed in standard compliance?
In order to provide an automated approach to check standard compliance verifi-cation, the standards should be written in such a form that all the requirements, metrics, controls or countermeasures should be technically implemented. Most of them currently do not provide an implementation solution, and most of the metrics can not be technically implemented. To have an automated standard compliance verification, the standard requirements should be translated into technically mea-surable indicator points based on the collection of devices, systems, and services. Q3: How to integrate standard compliance verification in a dynamic and evolving system of systems (SoS) environment?
SoS has the ability to collaborate with different systems by providing new capabil-ities that the independent systems can not achieve. They have dynamic behaviour and consist of systems that can be configured to join or leave the SoS without interrupting the main process. The individual systems are operated from different organisations under different security policies. If a single system does not provide the required security level, the entire SoS can be vulnerable to security breaches. These incompatibilities can be easily discovered if they provide evidence of compli-ance to security standards. Standard complicompli-ance of these systems should be verified during design time, but this is not sufficient since SoS evolve over time and new security requirements need to be addressed during operation time. Therefore, stan-dard compliance should be continuously verified in different time frames or when a new component is added/removed from the SoS.
1.4
Research Methodology
The research methodology used in the thesis is Experimental Computer Science and Engineering (ECSE) defined as “the building of, or the experimentation with or on, non-trivial hardware or software systems” [36], considering properties such as complexity of artifacts, technology dependence, universality and the non-reliance on theory [37].
The first step is to formulate the research questions to define the research area. Based on the research questions and the research area, an investigation of state of the art should be conducted, including literature review, scientific publications, projects, presentations, etc., with the scope to distinguish and extend previous works. After a comprehensive state of the art investigation, the hypothesis is formulated. The hypothesis’s scope is to clarify and focus on the research problem defined by the research questions. It should be simple, specific, related to existing knowledge, and measurable.
The next step is to plan a structured way to conduct experiments by designing ap-proaches to test the hypothesis. The experimental plan should include the experiment’s goal, measurable variables, how to gather, present the results, and make them repeatable. Identifying possible techniques to develop the solution is performed through a series of experiments, prototypes, and evaluations. The results are collected and analysed if they support the hypothesis. The result achieved during the experiments are presented to do-main experts and other researchers during scientific meetings, reviewed by the scientific community, and published in scientific papers and articles.
The methodology and the prototype are applied in different use cases considering sev-eral levels of complexity in order to demonstrate that the results support the hypothesis even if implemented in different scenarios and they are repeatable.
1.5
Thesis Scope and Outline
Digitalisation and SoS are broad areas of research, and they have a significant interest in standard compliance to achieve interoperability and secure communication. These systems demand deep knowledge in other domains, technologies, and topics such as IoT platforms, modelling, secure communication protocols, end-to-end communication, cloud computing, legacy devices, IoT devices, standards, regulations, best practice guidelines, etc. Experiments in different testbeds with different technologies are necessary to produce results that can better understand the importance and need for standard compliance verification of these systems. This thesis’s work was performed in close collaboration with other researchers, industrial partners, and experts in several domains.
The research work presented in the thesis shows the benefits and challenges of auto-mated and continuous standard compliance verification in SoS. In this thesis are evaluated several aspects of the digital transformation by investigating secure communication pro-tocols (Paper C and D), reference architectures to show the dependability of connected components in a dynamic environment (Paper C), different monitoring tools and frame-works (Paper A and I), and cloud computing technologies (Paper B and E). Overall trustworthiness of SoS can be achieved by proofing that the components are compliant
1.5. Thesis Scope and Outline 11
to standards, and they communicate and operate based on the requirements and controls documented in these regulations [23]. Compliance proves the fulfillment of regulations by including all measures imposed by standards. Every device, application, or service implements several technologies at many levels, and standards support interoperability across them [23]. Thus, several standards that address security are investigated (Paper C, G, H, I, and J). Based on the investigation, measurable indicator points (MIP) are extracted and documented in a metric model. The metric model’s objective is to provide a common understanding and show the relation between standards, requirements, and MIPs. The MIPs are used as input for the Monitoring and Standard Compliance Verifi-cation (MSCV) framework, which aims to show and verify if a specific component or use case is compliant to one/several standards based on the MIPs [23]. The MSCV within this thesis is used to verify the continuous standard compliance of security standards, but it has a generic architecture and can be used to show the standard compliance verifica-tion of other aspects. This research has the scope to enhance trustworthiness and provide interoperability by proofing that the components involved in a SoS operate in a standard compliant manner during design and run time, without compromising the underlying infrastructure. The relevant research areas that are not within the scope of this thesis are: providing security solutions, risk assessment, security levels, safety aspects, safety standards, legal aspects, legal standards, organizational aspects, process management standards, communication protocols development, big data analysis, semantics related activities and hardware (sensors, actuators, IoT devices, etc.) technologies.
This compilation thesis consists of two parts. Part I introduces the research area, formulates the research questions, and provides the thesis’s motivation, research method-ology, and scope. Part II consists of ten appended papers containing the core research contribution of the thesis. They have been reformatted for the layout of the thesis but without any modification of the content. The appended papers have been published, accepted or submitted for publication in peer-reviewed conferences or journals.
Part I is divided into six chapters. Chapter 2 provides an overview of the current chal-lenges of digital transformation. It further describes the digitalisation related technologies such as IoT, CPS, SoS and cloud computing. Additionally, the differences between IT and OT and the security of legacy systems are presented. Chapter 3 addresses the cur-rent standardization landscape and provides an overview of standardisation bodies and standards. It focuses on the importance of standards in everyday life and shows different standards, standard structure, and how to read a standard and their lifecycle. It further provides an introduction of ISA/IEC 62443 series and in particular, describes in more detail the IEC 62443-3-3: Systems security requirements and security levels. Chapter 4 addresses the monitoring and standard compliance verification, and the evaluation of security standards is presented, including an example that shows how measurable indi-cator points are extracted from the standards and documented. Further, the Monitoring and Standard Compliance Verification (MSCV) framework and its application in two different use cases to show its applicability is presented. Chapter 5 summarizes the ap-pended papers, including additional publications and the research contribution of the thesis. Chapter 6 presents the thesis conclusions and shows directions for future work.
Chapter 2
Security: The challenge for
Digitalisation
The main goal of security in an industrial environment is to protect essential functions, even if malicious attackers threaten them. Modification or non-authorised access of data and running processes in these systems may force interruption of operational processes, malfunction, sensitive information loss, or sabotage to cause harm. This chapter provides the related technologies of digital transformation in more detail, including IoT, CPS, SoA, SoS, and cloud computing technologies. Also, the difference between Information Technology (IT) and Operational Technology (OT) is shown, because when dealing with an industrial system it is important to know their differences in terms of security.
2.1
Standards and Digitalisation
Industry 4.0 connects people, technologies, processes, and flow of goods along the value chain. This requires an overall security architecture considering all component and par-ticipants. Security should be assured during the whole lifecycle (from specification until decommissioning). The digital transformation can be effective if all involved parties can trust the security of their data, as well as the protection of their industrial property. As defined in NIST SP 800-152, trust is “a characteristic of an entity that indicates its ability to perform certain functions or services correctly, fairly and impartially, along with assurance that the entity and its identifier are genuine” [38]. ISA/IEC 62443 series defines trust as “confidence that an operation, data transaction source, network or soft-ware process can be relied upon to behave as expected”, note 1 to entry: an entity can be said to “trust” a second entity when it (the first entity) makes the assumption that the second entity will behave as the first entity expects [39], [40]. Digital trust should be an essential part of the digital transformation since it will enable decisions to be made be-tween the organisations that want to interact with each other. These decisions are based on the organizations security levels provided by each entity via standards and guidelines. International standards help organisations to connect services outside their proprietary
systems towards system interoperability. Therefore, governments, industry and science have the responsibility to establish security guidelines to trust the new technologies. This can be guaranteed by standards and the development of secure solutions specific to dig-italisation. For this to be possible, security experts from different industrial domains are involved in preparing regulations for new and existing services in order to establish standardized rules to guarantee secure and digital business models.
2.2
Digitalisation and Security
The development of new technologies is leading to new security threats. Cyberattacks are continuously trying to find new vulnerabilities of systems and technologies with the scope to destroy, steal, or gain unauthorized access to industrial assets. These attacks are improving and getting more sophisticated against OT systems due to insufficient computing resources for additional security capabilities. Creating and maintaining an overall security model to include all components involved in these complex systems is becoming more difficult. Due to the number of components involving different legacy and IoT devices, platforms, and processes, security will always remain a moving target. With the digitalisation, these components are introducing new vulnerabilities because they are not designed to provide security or take into consideration other life cycle dependencies. Most of the security countermeasures today focus on network security. Industries use principles such as defense-in-depth, which is a layered security mechanism with the scope to provide security in different layers, and if one of these layers is compromised, the next layer will provide other security countermeasures [39]. Also, secure elements (to provide hardware security as a root of trust), CCTV, locks, keys, fences, and other physical security measures are used to assure the devices and systems’ integrity. It is crucial to have a separation in different zones of physical and logical assets sharing the same security requirements, and these zones should have boundary protection and a good hardening of the devices. Another security principal used in the industrial environment is the least privileged, where users and accounts should have as few privileges as possible [41].
2.2.1
Differences between IT and OT systems
Information Technology (IT) and Operational Technology (OT) systems have different security perspectives, and it is important to know them when dealing with industrial systems. A major difference is that OT is the technology interacting with the physical world, focusing on automation of machines, process assets, and safety systems; and IT systems focus on business operations and enterprise systems that store and manage data. Other differences are in terms of performance, availability, risk management, operat-ing system, resources, communication protocols, and lifetime as shown in Table 2.1.
OT systems are designed to be offline and stand-alone solutions. Examples of OT include Supervisory Control and Data Acquisition (SCADA), Distributed Control Sys-tems (DCS), Programmable Logic Controller (PLC), Human Machine Interface (HMI), Remote Terminal Unit (RTU), etc., as part of Industrial Control Systems (ICS) [42].
2.2. Digitalisation and Security 15
Requirements IT OT
Performance •• Non real time Response consistent
• Real time
• Response time critical Availability • Rebooting acceptable
• Outages tolerated
• Rebooting non-acceptable • Outages must be planned in advance Risk Management •• Confidentiality and integrity primary
Fault tolerance not very important
• Human safety and processes primary • Fault tolerance is essential Operating system •• Typical operating systems
Possible to upgrade if available
• Proprietary operating systems • Upgrades only from the vendor support Resources •• Enough memory and storage
Computing resources can be added
• Resource constrained • Used only for a specific process
• Not possible to integrate third party solutions • May not possible to add computing resources Communication • Several communication protocols • Proprietary communication protocols
Lifecycle • Three to five years • Ten to fifteen years
Table 2.1: IT systems and OT systems differences
They are implemented in several industries, such as transportation, oil, and gas, energy, buildings, and healthcare, to mention a few.
These industrial environments are controlled and monitored via several IoT devices and use IT technologies, which provide real-time status of the OT devices and make it possible to respond in time for any malfunction. The digitalisation technologies make possible the cooperation of IT and OT by providing more efficiency and interoperability. One of the most significant advantages of IT and OT convergence is the decision making based on real-time data of devices and systems.
The biggest challenge of this convergence is security. The connection of OT will in-troduce new security vulnerabilities, and IT/OT have different security needs. OT has traditionally used proprietary technologies and only a few connections to other systems, making them less likely to be attacked. On the other hand, IT systems have enough re-sources to integrate security solutions and have a higher risk acceptance level. To benefit from IT and OT systems’ advantages, security standards can be used to adequately se-cure and protect these systems. Chapter 3 introduces ISA/IEC 62443 series, and security measures such as defense in depth and zone models are presented.
2.2.2
Security in Legacy Systems
Legacy systems are based on proprietary technologies (operating systems, communication protocols), but they are critical for day-to-day operations [43], [44]. A number of these technologies are still used today. An example is the pager (also known as beeper), which is developed in 1960 and became very popular in 1980, especially in the health industry and other emergency services [45]. A recent review in hospitals found that the most used technology is the pager instead of secure mobile communication [46]. There are several reasons for still using this technology, e.g., in natural disasters, pagers do not rely on the phone transmitters but communicate via high frequency radio signals and do not count on the nearest tower. Other reasons are battery life and security since they transmit only text and digits, and it is not possible to send files or critical data. Nevertheless, they have their disadvantages (e.g., no reply is possible), and many hospitals want to move
towards secure text messaging applications compliant with HIPPA [47], but this is very expensive for the health industry. Other examples of such legacy systems can be found in other domains used for specific functions.
Industry 4.0 is based on the use of new technologies with computational and commu-nication capabilities. Using these technologies out of the box instead of legacy systems is not economically feasible for most scenarios because organizations will need to build entire industrial fabs from scratch. Replacing legacy systems with new technologies is not an easy task. Planning, designing, implementing, and validating a new application needs expertise and time; usually, their design and development team is no longer available or does not support the system anymore. At the same time, the existing legacy system should be maintained. Instead, a transition phase is possible by incorporating legacy devices and systems to cope with digital technologies. Several studies have investigated the engineering effort and costs needed to implement new architectures and approaches without replacing the legacy systems [48], [49], [50], and [51]. As a result, replacing these systems requires a significant amount of work and resources. With the use of technologies such as IoT, CPS, SoS, and cloud computing it is possible to communicate with legacy systems and devices by providing a digital representation of the physical world.
As mentioned in the previous sections, the industrial environment consists of several devices, systems, and services where a single solution is not feasible in terms of security. In general, industrial devices need further security protection by extending existing concepts like CIA (confidentiality, integrity, and availability), usually restricted to IT systems’ protection. For legacy devices, objectives unique to production environments should be fulfilled, such as human safety, equipment, and process protection.
These systems should fulfill other objectives such as authenticity (the property that an entity is what it claims to be) [52], accountability (the property ensuring that the actions of a system can be traced) [53] and non-repudiation (the property that an entity can be claimed responsible for its actions by proofing the origin) [54]. Therefore, legacy devices need to be secured, and their communication encrypted [55].
In principle, the data could be encrypted by simply using available security APIs. Unfortunately, software-based encryption is prone to attacks that reveal the used en-cryption key. A dedicated hardware module often referred to as secure element, should be integrated into the industrial devices and ideally into all devices involved in the critical communication flow to overcome this issue [55]. Secure elements provide tamper-resistant storage holding cryptographic keys. This storage is designed to protect the key from any kind of attack, even physical access to the device. Secure elements can also perform sign-ing, encryption, or decryption, and check the validity of signatures. In general, a Trusted Platform Module (TPM) hardware is a particular variant of a secure element with a standardized feature set for integration into various computing platforms [56], [9]. TPMs can be used to identify a device and check the device’s software on startup to ensure that the operating system and programs are not manipulated. It uses a non-volatile memory able to securely store cryptographic material. This material can be used to encrypt or sign data to ensure integrity, confidentiality, authenticity, and non-repudiation [9].
2.3. Digitalisation Related Technologies 17
2.3
Digitalisation Related Technologies
2.3.1
Internet of Things
As defined by ISO/IEC JTC 1, the Internet of Things (IoT) is “an infrastructure of interconnected objects, people, systems and information resources together with intelli-gent services to allow them to process information of the physical and the virtual world and react” [57]. Thus, IoT is a platform used to connect heterogeneous and distributed things embedded with electronics, software, and sensors to the internet, enabling them to collect and exchange vast amounts of data. These data are then analyzed to build business intelligence and new business models to improve user experience. There is no standardised architecture for IoT that is agreed universally because different users have different requirements. However, a basic architecture includes: (i) the perception layer, where sensors are used to sense and gather information from the environment, (ii) the network layer, which is responsible for connecting things and for transmitting and pro-cessing sensor data, and (iii) the application layer, which is responsible for delivering application specific services to the users [55]. IoT utilizes the available resources effi-ciently, reduces human intervention, and saves time. Applications of IoT can be found in our everyday life, such as healthcare, smart cities, agriculture, industrial automation, etc. IoT applied to industrial production systems is knows as Industrial IoT (IIoT).
2.3.2
Cyber-Physical Systems
Cyber-Physical Systems (CPS) integrate information processing (communication, com-putation, and control) with physical processes. Information processing is performed using embedded systems, which provide fundamental technologies, e.g., A/D converters, sensors, actuators, control systems, and robots, to ensure real-time and dependability. Embedded systems monitor and control physical processes, usually with feedback loops, where physical processes affect computations and vice versa [58] [59]. Thus, a CPS is an entire system containing the embedded systems and the physical environment. CPS must be dependable because everything happening in the information processing part will im-pact the physical environment. Making CPS dependable should be considered from the very beginning by addressing reliability, maintainability, availability, safety, and security. CPS must meet real-time constraints. Thus they must respond to external changes within the time interval directed by the environment. CPS are reactive and dynamic systems, thus they adapt to rapid changes in the environment and system itself, and they meet a number of agreed requirements. CPS are dedicated to a specific application. CPS appli-cation areas include communiappli-cation, energy, infrastructure, health care, manufacturing, military, robotics, transportation, etc. CPS applied to industrial production systems are known as Cyber-Physical Production Systems (CPPS) [55].
2.3.3
System of Systems
The technologies mentioned above, CPS, IoT, and cloud computing, allow for creating an integrated and self-regulating SoS. SoS are large-scale integrated systems that are independently operable on their own but are networked together for a period of time to achieve a higher goal, e.g., costs, performance, robustness, etc [16]. They are distributed systems composed of several components. SoS architecture examples are applied in public transportation [60], health care systems [61], cloud services [62], etc. They have several characteristics that distinguish them from traditional systems, such as: (i) operational in-dependence, (ii) managerial inin-dependence, (iii) evolutionary development, (iv) emergent behaviour, (v) geographic distribution and other characteristics including autonomy, be-longing, connectivity, diversity and emergence [63]. These characteristics should be taken into consideration when designing an SoS. Since these systems evolve during the time, security is a major challenge since a SoS can integrate systems with different security requirements where systems with a low security level can compromise systems requiring a high level of security. To enable interoperability between systems in SoS and provide evidence that they fulfill the security requirements to share information, security stan-dard compliance should be verified. Considering the nature of SoS, stanstan-dard compliance should be verified during the entire lifecycle.
Figure 2.1, shows the lifecycle processes from ISA/IEC 62443 series, based on the IEC 24748 lifecycle [64] with the difference that the production phase is divided into implementation and verification and validation phase. It is important to know what are the implications of each phase in order to be able to address standard compliance verification in run time [65].
Figure 2.1: System life cycle phases and their interactions
The lifecycle phases are described in more detail in section 3.2.6. The following are explained the security requirements that each phase should accomplish to maintain a desired security level through the entire lifecycle.
Specification: determines the desired level of security that the system should achieve. Design: defines the technical measures and metrics to achieve the desired security level. Implementation: tests the technical security measures applied to the system.
Verification and validation: verifies and validates the security measures. Operation: assures that the security measures are performed effectively.
2.3. Digitalisation Related Technologies 19
Decommissioning: disposes the system by maintaining the desired security level. Based on the lifecycle phases, the system should show that it has the desired security level by proofing that the security requirements are fulfilled during the entire lifecycle.
2.3.4
Cloud Computing
As defined by NIST SP 800-145, cloud computing is “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing re-sources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interac-tion” [66]. Thus, cloud computing offers the possibility to store data/applications on remote servers, process data/applications from servers, and access data/applications via the Internet. Cloud providers offer three different service models: (i) Software as a Ser-vice (SaaS), cloud users can consume a software that is handled by cloud providers e.g., Salesforce provides the CRM (Customer Relation Manager) on a cloud infrastructure to its users and charges them for it, (ii) Platform as a Service (PaaS), cloud providers give the ability to the users to deploy user created applications using programming languages, tools, etc. that are provided by the cloud provider, but the users have no control over the underlying architecture, e.g., OS, storage, servers, etc., (iii) Infrastructure as a Service (IaaS), the cloud provides the entire infrastructure to the users to create their own appli-cations. Also, there are three different cloud deployment models: (i) public cloud, which makes the resources available to the general public over the Internet, e.g., pay for what you use, (ii) private cloud, which offers services to a limited number of users, e.g., firewall is used to reduce security concerns, and (iii) hybrid cloud, which uses a combination of on-premises, private and public cloud services to help leverage the best of both worlds.
2.3.5
Architectures and platforms
To show the Monitoring and Standard Compliance Verification (MSCV) functionality, several existing architectures, frameworks, and IoT platforms based on scientific publi-cations, white papers, and technical articles are evaluated and documented in the ap-pended papers. The evaluation highlights the need for an automated and continuous standard compliance verification solution. Some well-known frameworks for IoT are Eclipse Arrowhead Framework, Automotive Open System Architecture (AUTOSAR), BaSys, FIWARE, Industrial Data Space (IDS), Open Connectivity Foundation (OCF), and IoTivity [67]. Also, well-known cloud platforms are Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, IBM Cloud, OpenStack, VMware, etc.
Following is presented in more detail the Eclipse Arrowhead framework where is implemented the MSCV as a service, and the OpenStack cloud platform used to build several use cases and show the functionality of the MSCV [23].
Eclipse Arrowhead framework
The Eclipse Arrowhead framework is an IoT based automation solution, using the SoA principles to create local automation clouds. The framework’s objective is to provide interoperability, real-time performance, scalability, and secure communication through multi-cloud interaction [10], [67]. The architecture is built based on the SoA fundamentals such as (i) loose coupling, the property that makes possible to implement services in several devices and they are not supervised services, (ii) late binding, the property of connecting to the known resource at a specific time, and (iii) lookup, the property that makes possible to publish, register and lookup existing services [9].
“The architecture addresses the move from large monolithic organisations towards multi-stakeholder cooperations, thus addressing the high level requirements in today’s so-ciety, such as sustainability, flexibility, efficiency, and competitiveness” [10]. In order to be able to develop Eclipse Arrowhead compliant devices, systems, and services, it is important to know their definition based on the Eclipse Arrowhead framework:
Device is a piece of hardware equipment with computational and communication capa-bilities. The device can dynamically host one or several systems, including their services. All Arrowhead compliant devices should be registered within the DeviceRegistry [9]. System is the software system that is hosting and/or consuming one or multiple services. An Arrowhead compliant system can be the provider/consumer of one or several servicesA at the same time. All systems should be registered within the SystemRegistry [9]. Service is the information exchanged with a providing system to a consuming system. It is produced by a system, can have metadata and should support functional and non-functional requirements. All services should be registered within the ServiceRegistry [10]. Local cloud is a self-contained network containing at least the three mandatory core systems and at least one application system deployed [10].
The Eclipse Arrowhead architecture is composed from a number of systems classified in mandatory core systems, automation support core systems and application systems [9], as shown in Figure 2.2. The mandatory core systems are:
ServiceRegistry system, color coded in blue, provides the database of all running and registered services within the Eclipse Arrowhead local cloud. This system makes possible to register, unregister and lookup a service in the ServiceRegistry.
Authorisation system, color coded in red, provides authentication, authorisation and optionally accountability. It defines and provides the rules for consumption of services. Based on these rules a specific device, system or service is allowed or not to consume other services registered within the local cloud.
Orchestrator system, color coded in green, provides the necessary mechanisms for distributing orchestration rules and endpoints to dynamically allow the consumption of existing services and systems to create new functionalities [9].
The automation support core systems, such as SystemRegistry, DeviceRegistry, PlantDescription [68], EventHandler [69] etc., are used to facilitate automation applica-tion design, engineering and operaapplica-tion [9]. They are used to provide support for automa-tion, security, interoperability and many other features of the local cloud.
2.3. Digitalisation Related Technologies 21
Figure 2.2: Eclipse Arrowhead framework architecture, where a service is what used to exchange information from a providing system to a consuming system
in the ServiceRegistry or providing new services for the local cloud. In order to build an Eclipse Arrowhead compliant local cloud it is mandatory to consume at least the three mandatory core systems and at least consuming or producing one application system. The Eclipse Arrowhead framework is used to develop the MSCV during secure onboarding and run time of devices, systems, and services within the local cloud [9].
OpenStack Cloud Platform
OpenStack is an open-source cloud computing platform providing an IaaS and used to deploy scalable public and private clouds with the objective of controlling large resources of computing, storage, and networking. Rackspace and Nasa first launched it in July 2010, and it has more than twenty releases. The architecture contains a number of components providing APIs to access the resources.
Each service in OpenStack has a unique code name, some important services are: • Keystone is the identity service, which provides authentication and authorisation
of the services and their API endpoints.
• Glance is the image service, where it is possible to register, unregister, and lookup virtual machine images.
• Nova is the network service, which manage all the networking within OpenStack. • Horizon is the web based user interface of OpenStack .
• Cinder is the block storage service, used to create, attach, and deattach block devices to servers.
OpenStack offers a number of features for the cloud environment, but in order to have it running, at least Keystone, Glance, Nova, and Horizon should be installed. The main
characteristics of Openstack are (i) scalability, gives the possibility to deploy massively scalable machines, (ii) compatibility and flexibility, supports most of the virtualization solutions, and (iii) open, the source code can be modified based on the needs.
An OpenStack cloud testbed is used to develop and test IIoT use case monitored by the MSCV for standard compliance verification in different time intervals.
Chapter 3 introduces standards and standardisation bodies and, in more detail the ISA/IEC 62443 series that address security for such architectures and platforms necessary for the secure implementation of Industrial Automation and Control Systems (IACS).
Chapter 3
Standardization Landscape
The role of standards is well recognized as one of the key enablers towards digitali-sation and automation. Several working groups from several standardization bodies are contributing towards the automation of industrial systems. They address the require-ments in a broad spectrum of solutions for several domains such as railway, telecom-munication, healthcare, production, energy, etc. This chapter introduces the world of standards, standardization bodies, and standards in specific domains. It is shown why standards are necessary, and how they are categorized, how to read a standard, and their lifecycle. Also, it provides a representative list of security standards evaluated in several aspects to understand how they can be used to check standard compliance verification in an automated manner. It is also presented an overview of principals and fundamentals of ISA/IEC 62443 series and a detailed description of IEC 62443-3-3.
3.1
Standardization Bodies and Standards
A standardization body is an organization responsible for gathering together all the ex-perts and stakeholders (for specific standards also other interested groups) who will draft, approve, vote, and publish the standard. Also, they are responsible for updating, revise, and distribute the standard. The industrial community has a large number of standards and standardization bodies. Below are listed several organizations that aim to publish standards in numerous application areas [70], also shown in Figure 3.1. To show the im-portance of standard compliance, it is important to know from which groups of interest they are drafted and published [23].
In Europe there are three well known standardization bodies: • CEN (European Committee for Standardization)
• CENELEC (Comit´e Europ´een de Normalisation Electro-technique) • ETSI (European Telecommunications Standards Institute)
Figure 3.1: Standardization bodies
Other international standardization bodies: • ISO (International Standards Organisation) • IEC (International Electro-technical Commission)
• IEEE-SA (Institute of Electrical and Electronics Engineers Standard Association) • OMG (Object Management Group)
• ISA (Instrument Society of America) • OSGi Alliance
• OASIS (Organization for Advancement of Structures Information Standards) • ASI (Accellera Systems Initiative)
Paper I provides more information for each standardization body, their expertise and the number of standards published.
3.1.1
Standards and their importance
“The primary objective of standardization is the definition of voluntary technical or qual-ity specifications with which current or future products, production processes or services may comply. Standardization can cover various issues, such as standardization of differ-ent grades or sizes of a particular product or technical specifications in product or services markets where compatibility and interoperability with other products or systems are es-sential” [71]. A standard is a report used to set requirements and definitions for a specific component, system, or service approved by a recognized evaluation authority [23].
3.1. Standardization Bodies and Standards 25
Standards support society’s everyday life much more than people think by making life safe, simple, comfortable, and efficient (e.g., building where we live are constructed based on construction standards, electrical equipment we use are based on specific standards, etc.). They make sure that products and services are safe and reliable, and they can interconnect for a better experience. There is not a single day that we are not in contact with standards. To understand the number of standards we use in our everyday life, in Figure 3.2 are shown some of the most important standards used by the smartphone.
Figure 3.2: Standards involved when using a smartphone
Standards have existed since the beginning of recorded history by recognizing the importance of standardized measurements such as weight, distance, and length (e.g., King Henry I of England standardized the ell as a measurement in 1120 AD equivalent to the length of his arm) [72]. Engineering Standards Committee developed the first official standards established in 1901 as the world’s first national standardization body.
3.1.2
Types of standards
There are several different types of standards and more than 35 000 different CEN, CENELEC, ISO, and IEC standards, and more than 10 000 national standards. Some of the standards cover requirements and cover subjects for a specific product, service, or process. Other types of standards consider testing methods, terminology, and definitions, or compatibility of connections. One way to categorize them is by requirements such as (i) dimension, (ii) performance, (iii) testing methods, (iv) management systems, (v) symbols, (vi) terminology, etc.
Another categorization is based on the development process:
• De Jure standards are formal standards endorsed by a formal international stan-dard development organization such as ISO, IEC, CEN, CENELEC, ETSI, etc., or national and endorse standards through official procedures and approve them. • De Facto standards are not developed by the standard development organizations
but are adopted by a specific industry or accepted by public acceptance. Microsoft, MP3 audio format, HTML, etc., are several well known de facto standards. Several standards can be developed as de facto standards and be approved as de jure standards. An example is the pdf, which started as a de facto and was approved by ISO 3200 as de jure standard.
3.1.3
Standard life cycle
Standards are developed in several technical committees, and their working groups and their members contribute to standardization to address their interests (usually from spe-cific communities, organizations, or stakeholders). The membership and participation are open for everyone, is voluntary work, and members can have different roles (partic-ipating, contributing, or observing). Publishing a standard goes through different steps from draft to publishing and implementation, as shown in Figure 3.3.
Figure 3.3: Standard development stages
These steps can have minor differences in different standardization bodies.
3.1.4
Standard structure
The de jure standards are all structured in the same format to make it easier to provide and overview and find specific information within the standard. A typical standard structure [73] is shown in Table 3.1. If the reader is familiar with this structure, it is easier to understand the scope of the standard and use it without spending time reading non-relevant parts or sections [42].
The title page contains the title and number of the document. The table of contents includes lists clauses and annexes, bibliography, summary, figures, and tables. The fore-word gives information about the committee included in preparing the document and
3.1. Standardization Bodies and Standards 27 Table 3.1: Standard structure
Standard Elements Elements in the document
Preliminary informative Title page Table of contents Foreword Introduction Title Scope General normative Normative references
Technical normative Terms, acronyms, and conventions Abbreviated terms and acronyms Informative annex
Supplementary informative
Bibliography
information regarding approval of the document. The introduction provides the content of the document and the goal for the preparation and some background information. The scope provides the subject and what are the covered aspects. Normative references give the list of referenced documents for the preparation. Terms and definitions give the necessary definitions to understand and read the document. Abbreviated terms and acronyms are the lists of abbreviations used through the document.
Figure 3.4: Standard number and title
