With Industry 4.0, cyber physical systems are connected and need of the day is to ensure protection of these systems from any security threats generated internally and externally. ISA/IEC 62443 4-1 defines the practices for Secure product development lifecycle requirements. The objective here is to defence against negligent and wilful actions to protect devices and facilities. The Secure development lifecycle (SDL) process activities includes security requirements definition, secure design, secure implementation with application of coding guidelines, verification and validation, defect management, patch management and product end-of-life. These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware for new or existing products. The process activities are initiated by identifying the secure components and performing a risk assessment on it, with respect to security threats while developing and deploying the product.
The process will help to ensure that the security capabilities are implemented correctly in the product
and that any known security vulnerabilities in the product are eliminated or mitigated. As far as we are looking from the perspective of minimising the risk originated from a security threat, we can assure a level of confidence in the product.
Friday, Sep 11 2020
3:00 PM - 4:00 PM IST
Technical Manager, LDRA India
Deepu Chandran is a graduate of the Visvesvaraya Technological University and an ISO 26262 CFSP (Certified Functional Safety Professional) with experience in the aerospace, automotive and industrial domains. His research work is focused on embedded security, with papers including “Building secure embedded software” and “The verification and validation of secure and safe embedded systems” published in international journals or presented at industry conferences.
He has spent more than 13 years supporting clients in the selection, integration, and maintenance of embedded systems throughout the development lifecycle. He applies his high-level programming and related technical skills to his consulting work across the safety critical sectors, developing and delivering technology- and standards-focused training courses on topics including ISO 26262, IEEE 12207 and V&V.
Deepu is currently working as a Technical Manager with LDRA’s India office