A “remote” security validation platform
WESETH introduces a new model for the verification of cyber requirements of IoT systems. This may apply to automotive controllers, manufacturing systems, home automation devices and in general to all connected systems.
WESETH enables the verification of the security posture and the effectiveness of the security countermeasures from remote.
Being able to test from remote not only reduces the time of the execution of vulnerability assessments and penetration tests, but also allows the execution of those tests in a realistic environment, zeroing set logistic and set up time.
WESETH allows also the integration of security validation activities in the normal products verification process. The sooner vulnerabilities are found and fixed the better it is in term of costs and time to market.
WESETH also allows traceability of vulnerability assessment and penetration test activities, making them auditable. This is particularly important for Certification Authorities that need to testify the quality and the validity of penetration tests in order to release a compliance certificate.
WESETH is designed to support OEM, Tier 1 and Certification Authorities to execute tests in an agile, auditable mode, reducing costs and time to market.
Drivesec, the cybersecurity company developing Iotcy, is building an Ecosystem of Partner Companies that can deliver services based on the platform.
The regulatory framework
Regulatory landscape, on cybersecurity requirements, is rapidly changing in all IoT market.
New regulations are emerging, at different speed and with different timing, in the world’s regions.
European Union has approved its “Cybersecurity Law” in 2019, and appointed ENISA as the authority to design certification schemas for all IoT vertical markets. Same is appening in China and USA.
The most advanced IoT market, in term of cybersecurity regulation, is Automotive. UNECE (UN European Commission for Economics) has released recently the so-called UN regulation n.155 (Cybersecurity and Cybersecurity Management System). This regulation is integrated in the “EU General Safety Regulation” that is the set of homologation requirements for passenger cars and commercial vehicles. This regulation, the will be effective from June 2022, impose the vehicle OEMs to consider cybersecurity as a requirements to get type approval.
As a consequence of this, there will be a peak in the demand of VA and PT, and WESETH is there to support this growth with an innovative approach aimed to gain “remote” the access to IoT systems to be validate.
This approach reduces timing to market, costs and increase auditability of the quality of the services.
What is WESETH
WESETH is a platform to support the execution of vulnerability assessments and penetration tests on IoT systems from Remote. The most relevant characteristics list includes easiness of use, fast link between Suppliers and Customers and, even more important, traceability of operations.
It is composed of 4 elements:
- WESETH BOX: Customer of PT and VA will receive one or more Boxes to be connected to the remote components, test bench, manufacturing line, vehicle or other. The Box establishes a secure connection to the WESETH Server. The Box connects to the Server via a secure LTE connection. This in order to be completely independent from the Customer’s IT infrastructure
- WESETH SERVER: this is a facility managed by Drivesec. The Server manages all Boxes and the interaction with Cyber researchers or Customers
- WESETH PORTAL: the front end application for administrators, customers and ecosystem partners. This is the place where the demand meets the offer, meaning that who needs VA or PT can engage Suppliers in an easy and efficient way.
- WESETH CLIENT: once engaged, the cyber researchers will receive a Client sw that allows a secure connection to the Server, and from the server to the Box