diff --git a/Cybersecurity_Minutes/20240216_Cybersecurity_MOM.md b/Cybersecurity_Minutes/20240216_Cybersecurity_MOM.md new file mode 100644 index 0000000..8d465a6 --- /dev/null +++ b/Cybersecurity_Minutes/20240216_Cybersecurity_MOM.md @@ -0,0 +1,44 @@ +# SEAPATH - Cybersecurity Meeting + +* Date: 16th February 2024 +* Attendees: + - Eloi Bail (Savoir-faire Linux) + - Florent Calvi (RTE) + - Justin Dides (Schneider) + - Jan Hille (Welotec) + - Adam Korczynski (Adalogics) + - Amir Montazery (Ostif) + +# Agenda + +- Cybersecurity auditing + +## Discussion + +- Cybersecurity auditing + - Presentation by Adam + - SEAPATH should cover IEC62443-4 only + - 62443-4-1: Secure product dev lifecycle requirements + 1. Dev process: + - Note: Some work is done by LFEnergy (ex: usage of openssf) + - document that in the wiki + 2. product security context + - thread model + 3. Secure design principles + - design checking + 4. Security implementation review + 5. Securty verification and validation testing + 6. Security disclosure + 7. Security update Management + + - SEPATH should cover 1) 2) 3) 4) 6) 7) and 5) be done by third-party (Ada Logics) + - 62443-4-2: Secure product dev lifecycle requirements + - Technical security requirements + + - Adam will send requirements for most of the part and SEAPATH team will send documentations + - Eloi: check with LFEnergy team where we could store that + - How to communicate securely + - Eloi will check if we should publicly share the documents + +# Next Meeting + - 01 March 2024 (might be moved) diff --git a/Cybersecurity_Minutes/presentations/20240216_IEC62443_SEAPATH_Roadmap.pdf b/Cybersecurity_Minutes/presentations/20240216_IEC62443_SEAPATH_Roadmap.pdf new file mode 100644 index 0000000..e4008ae Binary files /dev/null and b/Cybersecurity_Minutes/presentations/20240216_IEC62443_SEAPATH_Roadmap.pdf differ