June 1, 2021 • 22 mins
certMILS seeks to find ways of shortening, simplifying, and implementing new certification methodologies with the ultimate goal of efficient security in cyber physical systems across Europe.
In this episode, Peter Balint from Technikon speaks with Jan Rollo from project partner Sysgo in Prague. He delves into the idea of cyber-physical systems (CPS) and explains how the efforts in certMILS could deliver a streamlined approach to system certification.
The certMILS project has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No. 731456.
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Intro (00:03):
Powerful collaborations, cutting edge science and curious minds coming together
for a glimpse of the future. Stay tuned as we
look at the latest updates on some of the most
promising technology projects.
Peter Balint (host) (00:20):
Hello and welcome. I'm Peter Balint from Technikon and today
we look at the certMILS project once again. This EU
funded effort is researching ways of keeping certified infrastructural systems
safe and secure. If we use trains or smart grids
as an example, we quickly see that these systems consist
of so many independent components that certifying their integrity as
(00:43):
a whole becomes a mammoth undertaking. Using the existing mills
or multiple independent levels of security platform, Certmils is shortening,
simplifying and implementing new certification methodologies with the ultimate goal
of efficient and safe certification methods for systems across Europe. Today,
(01:03):
we speak with Jan Rollo from Sysgo. Sysgo is an organization
that specializes in safety and security certification in many industries,
including railway, automotive and industrial automation. They are an active
partner in certMILS a nd today we get answers to
questions like what is a cyber physical system and what
(01:24):
can be done to speed up safety certifications. Thank you, Jan,
for coming on our podcast today.
Jan Rollo (01:30):
Thanks for the invitation. It's a pleasure. Thank you very much.
Peter Balint (host) (01:33):
To start today, if one wants to look at the
certMILS web page, they would quickly run across the term
cyber physical systems. What is a cyber physical system and
can you give us an example?
Jan Rollo (01:45):
Yeah, that's a good question. So from my point of view,
cyber physical system is a system which is controlled by
a higher level of automation... so electronics and is connected
to another systems. And those systems I already explained as
IoT or the interconnection of those cyber physical systems. So
(02:08):
typical IoT system could be a server or a computer
checking the status of cyber physical systems or sensor ...
single sensors or maybe a railroad providing information to end users,
maybe to a manufacturing company about a state of the
(02:28):
running system or to the operators. And this is all IoT.
A cyber physical system is a system which controls all
the own parts. So you can imagine a self-driving car
which controls all installed systems and maybe also provides information
(02:50):
to third parties via connection or maybe in future communicating
with our cyber physical systems. So you can imagine there
could be a flying system, which is a cyber physical system. So,
nowadays the airplanes have already installed automatic pilots. So automatic software,
(03:14):
which can be bypassed by the physical person sitting there, but
the airplane is able to start and to land automatically
and communicating with the control stations, with airports, with our
airplanes as well, partially automatically. So this is already a
good example. And this is a system which which introduces
(03:39):
safety functions and maybe already some security requirements. And so
this is all what certMILS is about. So I'll just
add one more, because this this is also one of
the pilots in certMILS. So already known cyber physical systems
(04:01):
or running in operation in Europe are trains. So driverless trains.
So it means we are talking about electronics on the train,
interconnected with the wayside electronics and some dispatching.
Peter Balint (host) (04:17):
So we can say that cyber physical systems are machines
that are basically controlling themselves.
Jan Rollo (04:25):
Exactly. But not only machines, I don't I don't want
to limit this on machines because we do not know
what the future will bring, but yeah, we even do
not know whether whether the IoT and cyber physical system
so will be defined separately or they will grow together.
That's actually actually the problem. And so that's what the
(04:47):
market or the next generations of users will define. So
just don't limit it. It's just not a machine. It
could be something more or something completely different, but controlled
by higher intelligence, which currently is stored on on some
piece of silicon in the form of software. But in
(05:08):
the future, it might be different.
Peter Balint (host) (05:10):
So that's being very inclusive to what might happen down
the road in the future yeah...
Jan Rollo (05:15):
Exactly, yeah. So today we do not know what what
will come. We already have a defined sort of levels
of automation of such a systems. We reach maybe milestones
one or two, but we are not talking, for instance,
in an automotive area about fully automated systems. And it's
just not about cyber physical system, which might be already prepared,
(05:40):
but also about infrastructure. So the roads, the regulations, etc..
So it's not just about the cyber physical system. You
need the whole environment to be prepared for this.
Peter Balint (host) (05:52):
Right. There's an industry saying which goes, never change a
running system. I completely understand the sentiment in a dynamic
environment of embedded systems which are everywhere and constantly evolving
cyber threats. One cannot really live by this motto. How
is certMILS contributing to changing this way of thinking?
Jan Rollo (06:16):
Actually, this is not about change of thinking in in reality,
it's a mandatory requirement on some systems. So if you
have a certified system and now we are talking about safety,
functional safety certification, you are not allowed to touch such
a system, even not to change a bit on a
(06:39):
on a installed software without recertifying the system. So never
change a running system, you can do it if you
like to see a progress or connector system on, let's say,
noncritical systems or infrastructure. But for certified systems, you need
(06:59):
to recertify it again and again and again; even if you
are doing security updates. That's a mandatory thing. certMILS is
trying to contribute with making the recertification more affordable. So
you can imagine a piece of silicon running... OK, let's
(07:21):
come back to the to the cyber physical systems. I
cannot imagine one manufacturer has under control the whole development
and all the parts of such a systems, starting from
silicon with some bootloaders, operating system, application software. So we
(07:42):
are here talking about dozens of of suppliers and the
OEM just try to put it all together and get
it under control. This is the current state and certMILS
is bringing pre certified platform to be used for for
such a system; where you can easily separate software from different
(08:04):
manufacturers or with different criticality or with different requirements on
safety or security. So, yeah, you're talking about about new methods,
how to recertify the system and make the certification more affordable.
So cost effective. With this approach, we also research new ways,
(08:31):
maybe new new chips or new software, new tools So
that's whole environment or let's say ecosystem. CertMILS involves not
only industrial partners, but also certification authorities, which is actually
a good motivation for us to contribute to such a
(08:51):
project because we get early enough feedback from the authorities
whether our approach is correct or not. So to not
be on the right track here will be really costly.
So here with certMILS, we have three pilots and trying
(09:11):
to certified according to different standards with different authorities to
prove wheather our approach is correct.
Peter Balint (host) (09:20):
And you mentioned that the recertification process could be improved
as far as economics go. So if certMILS is in
place and a success, then recertification becomes cheaper. But it
seems to me also that this could present a huge
advantage in terms of the time required to recertify as well.
Jan Rollo (09:43):
Exactly in Czech Republic, we say "time is money", so
it's again goes. Yeah, but it's all the time to market.
It's really important. If you just need to add more
functionalities or let's say some security feature or update, which is...
which is necessary because some some or security hole
(10:06):
was found and it's done on, let's say, non-critical part,
you easily can recertified the whole system in a few
weeks and it won't take years as the state is
right now.
Peter Balint (host) (10:21):
Right? Yeah, that sounds great. Now, let's talk about use
cases for a little bit. CertMils is a project which
has some use cases attached to it. And these are
in the railway, subway and smart grid areas. These are
infrastructural things which most people can identify with. Tell us
(10:43):
then how certMILS can improve or make a difference in
these systems and I mean in a way which will
reflect the benefit to the EU citizens or users of
the infrastructure.
Jan Rollo (10:55):
European citizens should benefit in the future from having all
the critical infrastructure under control of European authorities, not hackers,
and I mean, this is the most important point. So
the railway or subway will stay safe and secure and
(11:17):
energy will be available to the citizens. I can bring
maybe one example from Czech Republic from last year where
we have been faced several attacks on hospitals and those
hospitals were not able to operate for several weeks. You
(11:39):
can imagine in the pandemic situation, how critical is this.
So as a very first thing, what what happened that
the regulation of a critical infrastructure changed in the Czech
Republic and now the authorities are starting to rethink their
security strategy for this critical infrastructure. So maybe in the
(12:01):
next project we will add some medical systems as well.
Peter Balint (host) (12:05):
That's a great example. And I'm glad that you brought
that up. Part of your work is ensuring the reusability
of artefacts, and I got that from the description of
the project, this idea of artefacts. But what what do
you mean when you refer to artefacts? And why is
this important to certMILS that these artefacts are reusable?
Jan Rollo (12:27):
The artefacts are part of the package which is brought
to the certification authority to convince the auditors about the
safety or security of the systems. In our case, as
we are a software company, we are talking about pieces
of software which have to be defined somehow, typically by requirements.
(12:50):
So you need to have a list of requirements for
for such such pieces of software and you need to
test it, whether it does what it should do in
some levels of safety or security. You even need a
review of, let's say, un.... or not involved persons, not
involved developers so some independent reviews and all these are artefacts,
(13:14):
so it's in addition to to a software development, which is,
let's say, one quarter of the work. The remaining work
are the artefacts. So you can imagine if you if
you have, for instance, Linux systems, we are talking about
millions of lines of code. And you need to count
(13:38):
like one day of work to verify for each line
of code. So it's a huge portion of work done here.
So certMILS is coming up with a so-called compositional approach
where you divide the whole system to, let's say, portions
(14:00):
which are, let's say, definable or which can be used separately,
for instance, hardware, independent code or operating system, independent code
or some communication stacks, etc. So you can relatively easily
define such a piece of code and you can certify
(14:24):
them separately and reuse them. So this is, let's say,
one reason why to make the reusability of artifacts available.
The second point is there are different standards on the safety
and security fields we are here talking about... even our
(14:46):
product is targeting like 10 different standards. So you need
to prepare your artefact that way that they fulfill all
of those standards if possible.
Peter Balint (host) (14:58):
It sounds like that by reusing artifacts, the end result
is that you're gaining economically and you're gaining time wise benefits.
Jan Rollo (15:08):
That's right. So embedded systems are or let's say cyber
physical systems, you can imagine they are coming or going
across all the vertical markets. We have been already talking
about automotive, railway systems, avionics, etc. or medical systems. And
all the time you need some control system, which might
(15:31):
be similar to a system from a different industry. But
each industry has own safety and security standards. In most
of the cases, so with certMILS we are trying to
develop an approach and artifacts that way, that we are
fulfilling the standards of several industries to make the certification cheaper.
(15:57):
We are also trying to define the packages that way
that the systems are portable to a different platforms. So
we are trying to define the packages in a way
that you have most reuse of the hardware, independent packages
(16:18):
to all of these markets.
Peter Balint (host) (16:20):
And so this sounds like that with reusing artefacts. This
just sort of aligns with the big goal of certMILS ,
which is making the certification process better, faster, cheaper, easier.
Jan Rollo (16:33):
Exactly. Wherever possible.
Peter Balint (host) (16:36):
Yeah. So let's let's look at the certMILS Consortium. Did
you have any kind of challenges that were exceptional or
perhaps setbacks or situations where you had to change course
a little bit? Anything significant that you could bring up?
At this point?
Jan Rollo (16:53):
I'm not sure whether we had really big challenges. We're
not talking about a pandemic situation right now. Maybe the
problem was with the hardware selection. And so I think
this problem has the whole Europe that we are depending on,
(17:14):
on the silicone manufacturers from from Asia or the United States.
And we can really not ensure delivery in time or
export regulation or such a stuff. So we try to
find some hardware, you know, which is, let's say more
European and more under the control of the of the
(17:36):
European regulation, which was not possible. But we have been
supported by, by NXP, so we have to demonstrate suite
with power architecture. And I think there was also some
demonstration of it with ARM and it was high demand
(17:57):
on x86 architecture. So those three architectures were supported in
the work package five, which actually means that the work
package five common criteria certification artefacts cover all those three architectures.
I cannot remember any other big challenges.
Peter Balint (host) (18:18):
Well, I guess that's a good thing. So certMILS will
end in June and that's right around the corner. So
I wonder what happens at the end of this effort.
Is there some continuation of the work in this area?
Is there another project that sort of continues where you
left off or how does that go?
Jan Rollo (18:37):
That's a good question. A good question, because I do
not personally I do not like discontinued projects or work
to be to be finished and put in some some
folder and that's it, so in this way, we already
prepared some other projects where we can reuse the work
(18:58):
done in certMILS. The good point is that we have
visible results from certMILS already. So in our case it
means artefacts and certificates from authorities. For instance, last week
our Prague office passed the common criteria site visit, which means
(19:20):
it's a part of the of the common criteria evaluation
by Chairman, BSI with with a positive feedback. So we
hope this... we will get the report until the end
of the project. If not, nothing happens because we need
it anyway. We will use it for our next projects
as well. So it's it's a must it's a boosting industry,
(19:48):
all the security aspects across all the industries in electronics
or the digitalisation area is really important. So the results
of this project will be used in the future.
Peter Balint (host) (20:04):
Well, that's great for the synergy in the long run.
It seems like there's quite a bit of activity in
the background or perhaps things that people don't see. Are
the results of your efforts visible on the surface yet?
They might be. So that's a... I already mentioned the
critical infrastructure, a new regulation. So we have already pre
(20:26):
certified systems. And if, for instance, the rail road operators
or the speedway operators will say, OK, on this speedway,
you can you can operate the driverless cars, but you
need to fulfil these and these standards, we are prepared
and then it's visible. Yeah, now. The problem by all
(20:50):
the hospitals or the pipelines in the United States, the
only regulation valid currently is it's a criminal act if
you hack it. And that's it. Yeah, but there's not
a the counterpart where you say to the operator, you need
to ensure the safety and security. You are just saying
(21:11):
by regulation to the hackers, it's a criminal act, what
you are doing, but you are not doing... because it's
increasing the cost. There was not a way how to
make the car or the pipeline affordable. It would cost
like 10 times more. Nobody wanted to pay the money,
but once it was hacked and you see the damages
(21:34):
in billions, then there will be pressure on doing it
let's say more secure, more safe and maybe certified; and
we have already certified system which can be reused.
So great things have come out of certMILS so far
and there's not much more time in the project, but
best wishes for a successful wrap up. And thanks for
(21:55):
coming on to talk with us today.
Jan Rollo (21:57):
Thank you for inviting me. It was a pleasure. Thanks
a lot.
Outro (22:03):
For more information about certainly go to certain that you.
This podcast has been brought to you by Technica. The
Mills project has received funding from the European Union's Horizon
2020 Research and Innovation Program under grant agreement number 731456.
Powerful collaborations, cutting edge science and curious minds coming together
for a glimpse of the future. Stay tuned as we
look at the latest updates on some of the most
promising technology projects.
Peter Balint (host) (00:20):
Hello and welcome. I'm Peter Balint from Technikon and today
we look at the certMILS project once again. This EU
funded effort is researching ways of keeping certified infrastructural systems
safe and secure. If we use trains or smart grids
as an example, we quickly see that these systems consist
of so many independent components that certifying their integrity as
(00:43):
a whole becomes a mammoth undertaking. Using the existing mills
or multiple independent levels of security platform, Certmils is shortening,
simplifying and implementing new certification methodologies with the ultimate goal
of efficient and safe certification methods for systems across Europe. Today,
(01:03):
we speak with Jan Rollo from Sysgo. Sysgo is an organization
that specializes in safety and security certification in many industries,
including railway, automotive and industrial automation. They are an active
partner in certMILS a nd today we get answers to
questions like what is a cyber physical system and what
(01:24):
can be done to speed up safety certifications. Thank you, Jan,
for coming on our podcast today.
Jan Rollo (01:30):
Thanks for the invitation. It's a pleasure. Thank you very much.
Peter Balint (host) (01:33):
To start today, if one wants to look at the
certMILS web page, they would quickly run across the term
cyber physical systems. What is a cyber physical system and
can you give us an example?
Jan Rollo (01:45):
Yeah, that's a good question. So from my point of view,
cyber physical system is a system which is controlled by
a higher level of automation... so electronics and is connected
to another systems. And those systems I already explained as
IoT or the interconnection of those cyber physical systems. So
(02:08):
typical IoT system could be a server or a computer
checking the status of cyber physical systems or sensor ...
single sensors or maybe a railroad providing information to end users,
maybe to a manufacturing company about a state of the
(02:28):
running system or to the operators. And this is all IoT.
A cyber physical system is a system which controls all
the own parts. So you can imagine a self-driving car
which controls all installed systems and maybe also provides information
(02:50):
to third parties via connection or maybe in future communicating
with our cyber physical systems. So you can imagine there
could be a flying system, which is a cyber physical system. So,
nowadays the airplanes have already installed automatic pilots. So automatic software,
(03:14):
which can be bypassed by the physical person sitting there, but
the airplane is able to start and to land automatically
and communicating with the control stations, with airports, with our
airplanes as well, partially automatically. So this is already a
good example. And this is a system which which introduces
(03:39):
safety functions and maybe already some security requirements. And so
this is all what certMILS is about. So I'll just
add one more, because this this is also one of
the pilots in certMILS. So already known cyber physical systems
(04:01):
or running in operation in Europe are trains. So driverless trains.
So it means we are talking about electronics on the train,
interconnected with the wayside electronics and some dispatching.
Peter Balint (host) (04:17):
So we can say that cyber physical systems are machines
that are basically controlling themselves.
Jan Rollo (04:25):
Exactly. But not only machines, I don't I don't want
to limit this on machines because we do not know
what the future will bring, but yeah, we even do
not know whether whether the IoT and cyber physical system
so will be defined separately or they will grow together.
That's actually actually the problem. And so that's what the
(04:47):
market or the next generations of users will define. So
just don't limit it. It's just not a machine. It
could be something more or something completely different, but controlled
by higher intelligence, which currently is stored on on some
piece of silicon in the form of software. But in
(05:08):
the future, it might be different.
Peter Balint (host) (05:10):
So that's being very inclusive to what might happen down
the road in the future yeah...
Jan Rollo (05:15):
Exactly, yeah. So today we do not know what what
will come. We already have a defined sort of levels
of automation of such a systems. We reach maybe milestones
one or two, but we are not talking, for instance,
in an automotive area about fully automated systems. And it's
just not about cyber physical system, which might be already prepared,
(05:40):
but also about infrastructure. So the roads, the regulations, etc..
So it's not just about the cyber physical system. You
need the whole environment to be prepared for this.
Peter Balint (host) (05:52):
Right. There's an industry saying which goes, never change a
running system. I completely understand the sentiment in a dynamic
environment of embedded systems which are everywhere and constantly evolving
cyber threats. One cannot really live by this motto. How
is certMILS contributing to changing this way of thinking?
Jan Rollo (06:16):
Actually, this is not about change of thinking in in reality,
it's a mandatory requirement on some systems. So if you
have a certified system and now we are talking about safety,
functional safety certification, you are not allowed to touch such
a system, even not to change a bit on a
(06:39):
on a installed software without recertifying the system. So never
change a running system, you can do it if you
like to see a progress or connector system on, let's say,
noncritical systems or infrastructure. But for certified systems, you need
(06:59):
to recertify it again and again and again; even if you
are doing security updates. That's a mandatory thing. certMILS is
trying to contribute with making the recertification more affordable. So
you can imagine a piece of silicon running... OK, let's
(07:21):
come back to the to the cyber physical systems. I
cannot imagine one manufacturer has under control the whole development
and all the parts of such a systems, starting from
silicon with some bootloaders, operating system, application software. So we
(07:42):
are here talking about dozens of of suppliers and the
OEM just try to put it all together and get
it under control. This is the current state and certMILS
is bringing pre certified platform to be used for for
such a system; where you can easily separate software from different
(08:04):
manufacturers or with different criticality or with different requirements on
safety or security. So, yeah, you're talking about about new methods,
how to recertify the system and make the certification more affordable.
So cost effective. With this approach, we also research new ways,
(08:31):
maybe new new chips or new software, new tools So
that's whole environment or let's say ecosystem. CertMILS involves not
only industrial partners, but also certification authorities, which is actually
a good motivation for us to contribute to such a
(08:51):
project because we get early enough feedback from the authorities
whether our approach is correct or not. So to not
be on the right track here will be really costly.
So here with certMILS, we have three pilots and trying
(09:11):
to certified according to different standards with different authorities to
prove wheather our approach is correct.
Peter Balint (host) (09:20):
And you mentioned that the recertification process could be improved
as far as economics go. So if certMILS is in
place and a success, then recertification becomes cheaper. But it
seems to me also that this could present a huge
advantage in terms of the time required to recertify as well.
Jan Rollo (09:43):
Exactly in Czech Republic, we say "time is money", so
it's again goes. Yeah, but it's all the time to market.
It's really important. If you just need to add more
functionalities or let's say some security feature or update, which is...
which is necessary because some some
(10:06):
was found and it's done on, let's say, non-critical part,
you easily can recertified the whole system in a few
weeks and it won't take years as the state is
right now.
Peter Balint (host) (10:21):
Right? Yeah, that sounds great. Now, let's talk about use
cases for a little bit. CertMils is a project which
has some use cases attached to it. And these are
in the railway, subway and smart grid areas. These are
infrastructural things which most people can identify with. Tell us
(10:43):
then how certMILS can improve or make a difference in
these systems and I mean in a way which will
reflect the benefit to the EU citizens or users of
the infrastructure.
Jan Rollo (10:55):
European citizens should benefit in the future from having all
the critical infrastructure under control of European authorities, not hackers,
and I mean, this is the most important point. So
the railway or subway will stay safe and secure and
(11:17):
energy will be available to the citizens. I can bring
maybe one example from Czech Republic from last year where
we have been faced several attacks on hospitals and those
hospitals were not able to operate for several weeks. You
(11:39):
can imagine in the pandemic situation, how critical is this.
So as a very first thing, what what happened that
the regulation of a critical infrastructure changed in the Czech
Republic and now the authorities are starting to rethink their
security strategy for this critical infrastructure. So maybe in the
(12:01):
next project we will add some medical systems as well.
Peter Balint (host) (12:05):
That's a great example. And I'm glad that you brought
that up. Part of your work is ensuring the reusability
of artefacts, and I got that from the description of
the project, this idea of artefacts. But what what do
you mean when you refer to artefacts? And why is
this important to certMILS that these artefacts are reusable?
Jan Rollo (12:27):
The artefacts are part of the package which is brought
to the certification authority to convince the auditors about the
safety or security of the systems. In our case, as
we are a software company, we are talking about pieces
of software which have to be defined somehow, typically by requirements.
(12:50):
So you need to have a list of requirements for
for such such pieces of software and you need to
test it, whether it does what it should do in
some levels of safety or security. You even need a
review of, let's say, un.... or not involved persons, not
involved developers so some independent reviews and all these are artefacts,
(13:14):
so it's in addition to to a software development, which is,
let's say, one quarter of the work. The remaining work
are the artefacts. So you can imagine if you if
you have, for instance, Linux systems, we are talking about
millions of lines of code. And you need to count
(13:38):
like one day of work to verify for each line
of code. So it's a huge portion of work done here.
So certMILS is coming up with a so-called compositional approach
where you divide the whole system to, let's say, portions
(14:00):
which are, let's say, definable or which can be used separately,
for instance, hardware, independent code or operating system, independent code
or some communication stacks, etc. So you can relatively easily
define such a piece of code and you can certify
(14:24):
them separately and reuse them. So this is, let's say,
one reason why to make the reusability of artifacts available.
The second point is there are different standards on the safety
and security fields we are here talking about... even our
(14:46):
product is targeting like 10 different standards. So you need
to prepare your artefact that way that they fulfill all
of those standards if possible.
Peter Balint (host) (14:58):
It sounds like that by reusing artifacts, the end result
is that you're gaining economically and you're gaining time wise benefits.
Jan Rollo (15:08):
That's right. So embedded systems are or let's say cyber
physical systems, you can imagine they are coming or going
across all the vertical markets. We have been already talking
about automotive, railway systems, avionics, etc. or medical systems. And
all the time you need some control system, which might
(15:31):
be similar to a system from a different industry. But
each industry has own safety and security standards. In most
of the cases, so with certMILS we are trying to
develop an approach and artifacts that way, that we are
fulfilling the standards of several industries to make the certification cheaper.
(15:57):
We are also trying to define the packages that way
that the systems are portable to a different platforms. So
we are trying to define the packages in a way
that you have most reuse of the hardware, independent packages
(16:18):
to all of these markets.
Peter Balint (host) (16:20):
And so this sounds like that with reusing artefacts. This
just sort of aligns with the big goal of certMILS ,
which is making the certification process better, faster, cheaper, easier.
Jan Rollo (16:33):
Exactly. Wherever possible.
Peter Balint (host) (16:36):
Yeah. So let's let's look at the certMILS Consortium. Did
you have any kind of challenges that were exceptional or
perhaps setbacks or situations where you had to change course
a little bit? Anything significant that you could bring up?
At this point?
Jan Rollo (16:53):
I'm not sure whether we had really big challenges. We're
not talking about a pandemic situation right now. Maybe the
problem was with the hardware selection. And so I think
this problem has the whole Europe that we are depending on,
(17:14):
on the silicone manufacturers from from Asia or the United States.
And we can really not ensure delivery in time or
export regulation or such a stuff. So we try to
find some hardware, you know, which is, let's say more
European and more under the control of the of the
(17:36):
European regulation, which was not possible. But we have been
supported by, by NXP, so we have to demonstrate suite
with power architecture. And I think there was also some
demonstration of it with ARM and it was high demand
(17:57):
on x86 architecture. So those three architectures were supported in
the work package five, which actually means that the work
package five common criteria certification artefacts cover all those three architectures.
I cannot remember any other big challenges.
Peter Balint (host) (18:18):
Well, I guess that's a good thing. So certMILS will
end in June and that's right around the corner. So
I wonder what happens at the end of this effort.
Is there some continuation of the work in this area?
Is there another project that sort of continues where you
left off or how does that go?
Jan Rollo (18:37):
That's a good question. A good question, because I do
not personally I do not like discontinued projects or work
to be to be finished and put in some some
folder and that's it, so in this way, we already
prepared some other projects where we can reuse the work
(18:58):
done in certMILS. The good point is that we have
visible results from certMILS already. So in our case it
means artefacts and certificates from authorities. For instance, last week
our Prague office passed the common criteria site visit, which means
(19:20):
it's a part of the of the common criteria evaluation
by Chairman, BSI with with a positive feedback. So we
hope this... we will get the report until the end
of the project. If not, nothing happens because we need
it anyway. We will use it for our next projects
as well. So it's it's a must it's a boosting industry,
(19:48):
all the security aspects across all the industries in electronics
or the digitalisation area is really important. So the results
of this project will be used in the future.
Peter Balint (host) (20:04):
Well, that's great for the synergy in the long run.
It seems like there's quite a bit of activity in
the background or perhaps things that people don't see. Are
the results of your efforts visible on the surface yet?
They might be. So that's a... I already mentioned the
critical infrastructure, a new regulation. So we have already pre
(20:26):
certified systems. And if, for instance, the rail road operators
or the speedway operators will say, OK, on this speedway,
you can you can operate the driverless cars, but you
need to fulfil these and these standards, we are prepared
and then it's visible. Yeah, now. The problem by all
(20:50):
the hospitals or the pipelines in the United States, the
only regulation valid currently is it's a criminal act if
you hack it. And that's it. Yeah, but there's not
a the counterpart where you say to the operator, you need
to ensure the safety and security. You are just saying
(21:11):
by regulation to the hackers, it's a criminal act, what
you are doing, but you are not doing... because it's
increasing the cost. There was not a way how to
make the car or the pipeline affordable. It would cost
like 10 times more. Nobody wanted to pay the money,
but once it was hacked and you see the damages
(21:34):
in billions, then there will be pressure on doing it
let's say more secure, more safe and maybe certified; and
we have already certified system which can be reused.
So great things have come out of certMILS so far
and there's not much more time in the project, but
best wishes for a successful wrap up. And thanks for
(21:55):
coming on to talk with us today.
Jan Rollo (21:57):
Thank you for inviting me. It was a pleasure. Thanks
a lot.
Outro (22:03):
For more information about certainly go to certain that you.
This podcast has been brought to you by Technica. The
Mills project has received funding from the European Union's Horizon
2020 Research and Innovation Program under grant agreement number 731456.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Ridiculous History
History is beautiful, brutal and, often, ridiculous. Join Ben Bowlin and Noel Brown as they dive into some of the weirdest stories from across the span of human civilization in Ridiculous History, a podcast by iHeartRadio.