Automating Legal Compliance Documentation - Power Integrated

Project Center in Trichy - Power Integrated

Auditing of compliance with laws and regulations takes up much of security administrator’s time. With the increasing number of IoT devices in a company network verification may go unchecked. This paper describes stage one of a research project to automate the generation of compliance documentation for Irish Laws in a large industry. Initial findings from the implementation and configuration of the tool indicate that the process is still significantly labor intensive. 

RegTech consists of many aspects including automation of background checks, risk assessment and regulatory mapping. In this paper the automation of regulatory compliance documentation with particular reference to the risk IoT devices carry is discussed. Power Integrated Automation of tasks including security and regulatory compliance are increasingly considered integral steps of the software development lifecycle. DevOps enhances the development process through open communication and automation of tasks. There are a small number of commercial tools available but the focus of this paper is on the adaptation of an open source tool to suit the automation of compliance documentation for European laws and regulation.  

Whilst in the past companies focused on documenting the security controls of standard network controls and end user devices such as desk top pc’s and laptops, now consideration must be given to IoT devices. Many companies hold devices such as tablets, ip phones and cameras, smart plugs, smart heating and so on. Each of these devices not only can be considered part of the IoT range but should be considered an entry point into the data center. Project Center in Trichy A recent talk by Philip Close [1] provided an insight into how many of the vulnerabilities he found during pen testing came from edge or IoT devices. In some cases private or confidential data may be held on IoT devices. In other cases they simply provide an access point into the network. Either way IoT devices should now be considered a core part of the network when evaluating risk and documenting compliance with the relevant laws and regulations. Interestingly new standards on Drones and related technologies including: P1937.1 [15] and P1939.1 fail to indicate the importance of security of payloads and operational features from the outset. Often forgotten is the Industrial Internet of Things (IIoT). In a white paper by F5 [2] the security risks and disruptive nature of IIoT is expounded. Consideration should be given to the documentation of compliance with regulations when considering machine to machine communications. It may be a case of a medical fridge notifying the data center that a blood produce was removed, or a tablet blister packing device notifying a manager through intermediary devices that a batch of tablets of a specific type have failed the automated quality checks. Information of this nature may be restricted with regard to visibility thus the documentation of processes and automation of security checks can prove beneficial. This wall of risks and of legal restrictions stands between the IoT devices and the data stores. Refer to Fig. 1. Some data stores may be secured using blockchain to aid data security and provenance. Regardless, the documentation of these controls are still required in many cases for legal purposes. 

The advent of GDPR has caused many companies to examine how they show compliance with legal and regulatory restrictions. The prolific use of IoT devices for a range of purposes has resulted in poorly documented devices which do not always conform to the aforementioned legal requirements. Significant hours are spent by security staff in generating compliance confirmation documentation on a regular basis for different auditing groups. Much of this work is repetitive. In the opinion of the author’s whilst the current commercial tools are good they are not adaptable for European or Irish laws. To have a more dynamic tool an open source solution was found to be most appropriate. The configuration of the tool initially was easy, however, it was discovered that there is a significant portion of work required to manually configure the basic information into each of the files which is then read by the tool to enable auto generation of the website or pdf demonstrating compliance with specific laws. From the very few examples of the tool that can be found online most simply refer to the work in theoretical terms rather than discussing the practical implementation. It is the author’s opinion that that time it takes to carry out the initial implementation is a significant fact here. Further, we suggest that many groups fail to complete the process for this reason.  https://powerintegrated.in/

We have yet to find any papers which refer to the use of tools to document regulatory compliance of IoT or IIoT devices. There are a significant number of dependencies required in order to install and run the tool. This also detracts from the installation process and may increase the attack footprint of the machine with the software installed. The installation of the product on a Linux operating system showed no errors but installation on a Windows operating system did show errors on the dependencies. It is has been found that little research into automatic validation of compliance with legal and regulatory requirements has been carried out to date. This is an area that needs investigation considering the increasing number of devices that fall into the category of IoT. This research is still in the early stages but it is already clear that a better solution is required in order for companies to take regulatory compliance seriously. 

https://www.facebook.com/Power-Integrated-Solutions-416076345230977/?ref=page_internal

width="600" height="450" frameborder="0" style="border:0;" allowfullscreen="">

Distributed IoT Systems Providing Salient Features for Safety of Firefighters - EDOT Technologies

Project Center in Tirunelveli - EDOT Technologies

Firefighters are typically exposed to dangerous environments where a sense of vision, auditory, and direction is blocked by smoke, dusts, or flame. Some environments are even “infra-less”; power and communication infra is destroyed. Any commands and signals from outside are unavailable, so recognizing directions and making decisions are usually difficult. To protect and save lives of firefighters, we propose a system, ATHENA that provides salient features including tracking and navigation, emergency monitoring and notification, and information sharing among co-workers. ATHENA is a result of an on-going project supported by Korea Government. This paper provides an overview and demonstration of ATHENA.

A survey of the survey of the Korean Ministry of Public Safety and Security reports that more than two for every ten thousand firefighters died on duty every year [1]. Firefighters typically perform their jobs in disastrous environments where obstacles such as smoke, dusts, flame, and/or explosion/boom often block sense of their vision, auditory, smell, and direction; statistical data reports that more than 90% of vision and about 99.9% of auditory tend to be lost in fire environments [2] [3]. Also, firefighters’ apparatus including fire suits, oxygen tanks, helmets, and boots are typically heavy and often make dull the sense of touch, smell, and auditory. In addition, substances such as smoke, dusts are usually deleterious to firefighters’ health, which sometimes causes injuries or casualties [4] [5] [6]. Furthermore, some environments are even hazardous “infra-less”; infra including power and communication was destroyed, thus use of lighting, ventilation, and communication media (such as GPS, LTE, Wi-Fi) is impossible, and any signals or commands from outside are not reachable. That is, firefighters are “isolated” in a fire scene. There have been reported that many firefighters died in these infra-less environments [7]-[11]. The reasons were that firefighters could not recognize correct location and directions to an exit [7] [8], could not properly detect emergency situation (e.g., lack of air-pressure, abnormal heartrate, backdrafts) [9] [10], and/or could not communicate with co-workers and even lost some of them [8] [11]; especially in the incident reported in [11], missing of a veteran firefighter was recognized after more than seven hours later. There must be a solution to protect and save lives of firefighters in these hazardous infra-less environments. To address this problem, a project has been funded by the Korea Government, the Ministry of Science, ICT and Future Planning [12] and the Ministry of Public Safety and Security [13]. The purpose of this project is to develop a system, called ATHENA that have capabilities to support and protect firefighters in infra-less environments. Project Center in Tirunelveli In this paper, we introduce ATHENA; what features it provides; what underlying architectures and system configurations it has; and how it really works. The structure of the remaining of the paper is as follows. In Section 2, ATHENA project is introduced with ATHENA’s salient features. In Section 3, underlying architectures and system configurations of ATHENA are explained, and its demonstration results are given in Section 4. We will conclude the paper with a summary of contributions and future works in Section 5. 

Challenges in Infra-less Fire Environments Before introducing ATHENA, We first describe the challenges that firefighters typically encounter in infra-less fire environments. • Loss of senses (including sense of vision, auditory, smell, touch, and direction). Although this challenge may also exist in infra-available environments, it becomes much more severe in infra-less environments. As power infra was destroyed, lighting and ventilation are not available; imagine damp and dark basement enveloped in smoke and dusts. In this situation, it is difficult to identify obstacles and find correct direction to a survivor or an exit. • Loss of connection from outside. Communication infra was broken, so any guides/commands from outside cannot be reached to firefighters inside a fire scene. Without having supports from command center, it is difficult to monitor current situation and co-worker’s status and to make decisions (e.g., keep going, or return). In addition, it is also difficult to identify or estimate current location and direction without GPS, LTE, or Wi-Fi. • Loss of communication with co-workers. Firefighters usually perform their job in a group of 4-5 members. Under the destroyed communication infra, the only method available to communicate with co-workers is human voice or two-way radio. Human voice is too small to communicate due to roars/booms in fire scenes. Also, using a two-way radio device is usually difficult since a firefighter’s hands are often occupied with safety devices. 

To address these challenges, a development project has been funded by the Korea Government, the Ministry of Science, ICT and Future Planning [12], and the Ministry of Public Safety and Security [13]; it has been started in 2015 and is still on-going. The purpose is to develop a system that help protect and save lives of firefighters in infra-less fire environments. Disaster and Safety IoT Research Section in Electronics and Telecommunications Research Institute (ETRI) [14] has been leading the project, with the Korea Fire Institute (KFI) [15], Sancheong (a company that produces air respirators and SCBAs) [16], and other related academic/industry partners. We also have been collaborated with National Fire Service Academy [17] and a local fire service headquarter [18] in order to collect real/substantive user scenarios and validate the project results. The system, called ATHENA has been developing and its prototype is currently available. Its salient features are introduced in the following section.  

Salient Features of ATHENA AHTENA is embedded in each firefighter’s equipment, and provides the following services to address the challenges explained. • PDR (Pedestrian Dead Reckoning) [19] and map matching. ATHENA detects current location and direction of a firefighter, which addresses the loss of senses challenge. ATHENA’s PDR engine continuously tracks and saves location and direction of the firefighter during working. The current location of the firefighter is mapped to a point of a map of the building (this map is downloaded before the firefighter going into the building), and the map is shown on head-up display or a firefighter’s hand-held device. • Safety monitoring and notification. It is difficult to promptly identify and respond to emergency situations due to loss of senses and loss of connection from outside.

https://edottechnologies.in/

The safety monitoring and notification feature provides simultaneous monitoring of emergency criteria and gives notification when certain criteria reached. Two types of emergencies are monitored: environmental and personal emergency. For the environmental emergency, environmental data such as gas (e.g., CO) concentration, temperature, and thermal image, around the firefighter is monitored. For the personal emergency, the firefighter’s bio-data (e.g., heartrates, posture), and remaining air in his air tank is monitored. When any type of emergency happens (e.g., abnormal heartrate), ATHENA notifies the firefighter with an alarm sound and a display icon. • Co-workers monitoring. EDOT Technologies A group of ATHENA construct a local Sub-GHz (currently 915 MHz) wireless network, which addresses the loss of communication with co-workers challenge. The range of a Sub-GHz network is wider than Wi-Fi and we believe that it is sufficient to cover all firefighters working in a same group. One ATHENA broadcasts critical data (e.g., emergency status, current location) to other ATHENAs through the network. Based on the received data, the firefighter can monitor other members and respond promptly when any member faces a problem. • Data sharing and augmented intelligence. ATHENA has a special feature that can combine information received from other ATHENAs and provide an augmented information. For example, an ATHENA, e.g., A01 detects an obstacle or explosive spot and broadcasts the information to others; then other ATHENA, e.g., A02, receives that information and marks that obstacle/spot in the map that A02 has. • Navigation service. Firefighters must return safely after finishing their duty. ATHENA provides navigation service to guide a firefighter to an exit, which addresses the loss of senses challenge. The navigation route is calculated based on locations that the firefighter has passed and information about detected obstacles and explosive spots. The disasters such as [7] [8] might not have been happened if this navigation service was available. 

https://twitter.com/edottechno1