TATTILE LEADING CYBER SECURITY IMPLEMENTATION IN THE ITS INDUSTRY
Tattile, as a top international player in the field of Intelligent Transportation Solutions (ITS), sets itself high goals with the acquisition of the most important voluntary certification focused on cybersecurity: the IEC-62443 together with ISO-27001, a current and fundamental topic for the protection of IT infrastructure and sensitive data.
In recent years, the number of security bugs detected has continuously grown. Reviewing the alarming cybersecurity statistics, we refer to the fact that the global annual cost of cybercrime is estimated to exceed $20 trillion by 2026 (source: Cybersecurity Ventures). 71% of all cyberattacks are financially motivated, followed by intellectual property theft and espionage (source: Verizon).
ANPR / ALPR cameras: like many other network equipment are not exempt from cyberattacks for several reasons: being placed in public areas, they could be approached by ill-intentioned people. Working inside the interconnection of networks, cameras can be part of larger systems and interconnected with other devices and systems.
Software and Firmware: Cameras may be vulnerable to unknown threats if they don’t receive regular updates from the manufacturer or users due to software and firmware vulnerabilities.
Tattile, as a relevant market player, wants to lead the implementation of secure software in the ITS industry. With this aim, we, Tattile, developed the Stark software platform from scratch, having in mind to achieve the double certification, IEC-62443, focused on software security, and ISO-27001, focused on infrastructure IT security.
- Highlights IEC-62443 certification: product-oriented solution
IEC-62443 certification has been established by several global Testing, Inspection, and Certification (TIC) companies. The schemes are based on the referenced standards and define test methods, surveillance audit policies, public documentation policies, and other specific aspects of their program. Cybersecurity certification programs for IEC-62443 standards are offered globally by many distinguished Certification Bodies (CB), including Bureau Veritas.
Tattile chose the internationally acknowledged DevSecOps methodology for Stark platform development. This methodology ensures the best security standards from the design to the delivery phase and is recognized as a state-of-the-art tool.
The most tangible security benefits generated by DevSecOps methodology are:
- Risk Reduction: DevSecOps allows timely identification of safety risks thanks to dedicated tools that continuously analyze all the code bases.
- Product Reliability and Integrity: ensures products are secure by design, ensuring robustness and functional integrity.
The adoption of standard security-oriented methodologies, of which DevSecOps is the maximum expression, guarantees by design compliance with the stringent criteria established by the IEC-62443 certification.
As new types of cyberattacks are emerging on a daily basis, it is crucial to take timely action to ensure the system remains secure and compliant with IEC-62443. This can be achieved by promptly applying security patches and related software updates to the system. In this spirit, Stark by Tattile provides at least 12 annual updates.
- Tattile has also acquired an infrastructure certification: ISO/IEC-27001:2013 (known as ISO-27001), the International Information Security Standard certification that describes best practices for an ISMS (Information Security Management System).
Our company implements best practices for information security and provides external expert verification (Bureau Veritas) that data security is managed in accordance with international standards.
Information Security has a double impact for customers:
- Ensure that the processing of information (including data provided by customers) is compliant with international standards for the management of sensitive data (for example, GDPR or Privacy Act).
- Guarantee an adequate IT infrastructure to prevent “code injection,” the introduction of malicious code with negative repercussions on the customer.
At this scope, Tattile has implemented a sophisticated IT infrastructure, including:
– NIDS (Network Intrusion Detection System)
– Periodic penetration tests
– SOC (Security Operating Center) 24/7
– Restricted and tracked access to Server Rooms
– Implementation of Local Security Policy on all Tattile’s devices
Tattile, as a leading company in the ITS industry, feels responsible for ensuring the security and reliability of its products (software & hardware), contributing in a concrete way to making the management of sensitive data and infrastructures more secure, with tangible benefits for clients.