As a student, you have:
Education:
- An HBO or WO level of education in the relevant domain.
Technical skills:
- Knowledge of cyber security management domain
- Good knowledge of Operational Technology security (OT)
- Understanding of differences between OT security and IT security
- Knowledge of industry related standards is a bonus: IEC62443, ISO27K
Soft skills:
- The ability to work well in an international team environment;
- Good communication skills
- Organized.
- Clear documentation writing skills.
The project you will be working on:
Secura is an active player in the different sectors of technology
including Operation Technology (OT), IoT and IT (more details can be
found on our web-site https://www.secura.com/markets/product-manufacturers).
One of the major focus areas is the security of products and ultimately
the certification to provide assurance the all types of OT/IoT/IT
products are secure. When we talk about security the products, we always
need to keep in mind that the product should also be developed in a
secure way in a secure environment following best cyber security
practices. This can be ensured by means of creating cyber security
management system (CSMS).
In the recent years, all sectors of technology have realized that it
is of essential importance to ensure cyber security but also realized
that for many industries this is a new topic and that they need
additional guidance. This additional guidance is prepared in different
forms by different sectors: e.g. by means of enforcing mandatory
regulation or by means of creating standards with suggested set of
requirements to implement.
One of the major focus markets for Secura is automotive. The UNECE
(United Nations Economic Commission for Europe) has been working in the
past years on a new regulation, focused on Cybersecurity for road
vehicles. The regulation has been formally adopted in June 2020, and has
entered into force from January 2021. Under the new regulation, vehicle
manufacturers (OEMs) will need to satisfy the Cyber Security Management
System (CSMS) requirements in order to be allowed to apply for type
approval of specific vehicle types. The regulation can be found here:
https://unece.org/transport/documents/2021/03/standards/un-regulation-no-155-cyber-security-and-cyber-security
Recently
Secura has identified that multiple major OEMs in automotive sectors
manufacture products between multiple technology verticals: automotive /
industrial, automotive / railway or all three together. Thus, the
question arised, whether it is possible to create a single CSMS that can
be extended for all three verticals and be complaint with cyber
security publication relevant for those sectors including:
- Automotive: UNECE R155 regulation
- Industrial: IEC62443 (in particular 2-1)
- Railway: CLC/TS 50701
As an intern, you will be responsible for the following:
- Analyzing requirements from all three publications and extracting them within a single framework
- Mapping extracted requirements to the dedicated categories per CSMS topic
- Comparing all the extracted requirements from the considered regulation and standards to identify the gaps
- Creation of the final set of universal CSMS requirements applicable for all three sectors
- Preparing the white paper with final results