As cloud computing, AI intelligence, and remote maintenance technologies flourish, the concept of the Industrial Internet of Things (IIoT) is progressively implemented across various critical infrastructures. This not only breaks the limitations of traditional industrial control environments but also brings unprecedented convenience while introducing numerous cybersecurity risks. In this context, building a secure and reliable industrial control system within the IIoT environment has become an urgent issue to address.

In this presentation, we will explore the key strategies for asset owners, service providers, system integrators, and product manufacturers in tackling cybersecurity risks associated with IIoT. Additionally, we will introduce how the ISASecure certification program develops global cybersecurity certification suitable for IIoT devices and gateways, based on risk assessment results combined with the ISA/IEC 62443 standards. We will also delve into the various stages of product development, control measures, and certification standards to help attendees thoroughly understand the philosophies and objectives behind these standards.

Besides presenting the latest global cybersecurity trends, we will share the newest developments and information from the ISASecure certification program to support Taiwan's industry in aligning with global cybersecurity standards. These efforts aim to comprehensively enhance our cybersecurity protection capabilities in the AIoT domain, focusing not only on software security but also on hardware security measures. Through such measures, we can effectively reduce cybersecurity risks in the IIoT environment, ensuring that technological innovation and cybersecurity protection progress hand in hand, laying a solid foundation for the future development of the industry.

In today's global cybersecurity landscape, the Software Bill of Materials (SBOM) has become a focal point for enterprises. This presentation will delve into the practical applications, technical challenges, and industry insights of SBOMs, covering aspects such as process management, cross-departmental collaboration, and supply chain integration. Through case study sharing, we will unveil the significance of SBOMs in software management, component tracking, and vulnerability assessment, underscoring the balance between automation and manual review. We will explore the role of SBOMs as part of a comprehensive security strategy, offering strategies to avoid common pitfalls and adopt best practices. Additionally, we will introduce the latest specifications of the SPDX international standard to enhance software security and management efficiency.

In the context of the digital era, the ISA/IEC 62443 standards play a pivotal role in safeguarding the cybersecurity of critical infrastructures such as rail transport, electricity, oil industry, semiconductors, and healthcare. With the introduction of new European regulations, such as the Radio Equipment Directive and the Cybersecurity Resilience Act, the importance of enhancing product cybersecurity measures is increasingly emphasized. This presentation will focus on establishing secure product development processes using the ISA/IEC 62443-4-1 standard and address common misconceptions when implementing product security functions as per ISA/IEC 62443-4-2. Through the analysis of real-world case studies, we will explore common misunderstandings and best practices in security design, including continuous threat modeling, security testing, and lifecycle integration. This session aims to empower product manufacturers to more effectively implement these standards, thereby improving product security performance.