Zoom Logo

EdgeX: Security + Systems Management WGs Face-to-Face Meeting - Day 1 - Shared screen with speaker view
Jim White
29:53
Having a little hard time hearing Gabrielle. Can she say what organization she is from again?
Michael Hathaway
29:59
Same here
Brett - LF
30:06
Sixgill
Jim White
30:12
thx
Jim White
01:55:14
I am so glad, based on the last hour’s discussion, that we waited to implement any security in EdgeX. These discussions about where do you start and what options do you want to take/not take are exactly why at Dell fretted making any premature and unilateral decision without a larger community input. Thanks guys!Question: to Dean’s point, OpenSSL has issues. Good first step, but with known issues. Some organizations (especially in Europe) may discard OpenSSL. By adopting OpenSSL as a first step, and supposedly doing some work with EdgeX to incorporate it, will we be able to (and how) provide a path to European and other organizations wishing an alternate security solution to still adopt EdgeX and pull out SSL componentry and input something else to satisfy their needs? If so, great first step. If not, problem.
Alex Newman (Canonical)
02:06:25
+1 — if we hardcode OpenSSL, we’re going to spend time stripping it out. We should build a reference SSL provider around OpenSSL.
ibrowde
03:10:53
seems to me the discussion is between IT security guys and IT/OT security guys where the former understand cyber security but haven't yet grappled with the realites of cyber-physical or kinetic cyber security. Am I missing somehting?
ibrowde
03:15:48
Encryption cannot happen in the OS for the system to be secure. That is a fundamnetal challenge.
ibrowde
03:25:49
level of security for banking today is not sufficient for cyber-physical environments. Actually, it is good enough for banking either :-)
ibrowde
03:33:27
I suggest we consider the IISF guidelines for the design being discussed - see page 64.
Jim White
03:50:13
Michael - the EdgeX architecture was built exactly as you speak. Device services do not communicate data out and nothing from the north directly communicates with a device service without going through other services or "agents" as you call them.
Michael Hathaway
03:56:31
Jim, Agreed, and understood. I think EdgeX ultimately serves as a tool for customers to enforce their security policies on the edge.
Jim White
04:02:37
Yep - or not at their risk based on use case and deployment model.