cybersecurity: add 20240216_Cybersecurity_MOM.md

Signed-off-by: Eloi Bail <[email protected]>

Cybersecurity_Minutes/20240216_Cybersecurity_MOM.md

@@ -0,0 +1,44 @@
+# SEAPATH -  Cybersecurity Meeting
+
+* Date: 16th February 2024
+* Attendees: 
+    - Eloi Bail (Savoir-faire Linux)
+    - Florent Calvi (RTE)
+    - Justin Dides (Schneider)
+    - Jan Hille (Welotec)
+    - Adam Korczynski (Adalogics)
+    - Amir Montazery (Ostif)
+
+# Agenda
+
+- Cybersecurity auditing
+
+## Discussion
+
+- Cybersecurity auditing
+    - Presentation by Adam
+    - SEAPATH should cover IEC62443-4 only 
+        - 62443-4-1: Secure product dev lifecycle requirements
+            1. Dev process: 
+                - Note: Some work is done by LFEnergy (ex: usage of openssf)
+                - document that in the wiki
+            2. product security context
+                - thread model
+            3. Secure design principles
+                - design checking
+            4. Security implementation review
+            5. Securty verification and validation testing
+            6. Security disclosure
+            7. Security update Management
+
+        - SEPATH should cover 1) 2) 3) 4) 6) 7) and 5) be done by third-party (Ada Logics)
+        - 62443-4-2: Secure product dev lifecycle requirements
+            - Technical security requirements
+
+        - Adam will send requirements for most of the part and SEAPATH team will send documentations 
+        - Eloi: check with LFEnergy team where we could store that
+        - How to communicate securely
+        - Eloi will check if we should publicly share the documents
+
+# Next Meeting
+    - 01 March 2024 (might be moved)