Piotr Polak
Cybersecurity and standardization expert
I am cybersecurity expert experienced in driving IoT device security development and certification. I am also an active contributor to the standardization of product security at CENELEC, CSA and ITU.
My professional career has spanned twenty-plus years in the field of product development ensuring the security of the product is properly addressed throughout the development cycle:
- Security risk analysis is performed taking into account the product intendent use and operational environment
- The identified risks addresed with an aim to ensure the highest possible level of security for the product (protection of sensitive digital information)
- Product is ready for security certification
Regulations
Cybersecurity regulations driven by EU, but also the governments in other regions of the world, define a set of requirements that have to be fulfilled by a manufacturer of internet connected products across majority of the markets. These requirements are related to the product security but also to the processes used to develop and maintain the product over their life time.
Having being involved in the ongoing work on the Radio Equipment Directive and Cyber Resilience Act related specifications at CENELEC and Connectivity Standards Alliance Product Security Certification Program, I can bring important insights that can help guide product development to improve security and achieve compliance with cybersecurity regulations.
Expertise
My expertise includes:
- Operational (OT) and Information (IT) technology product security
- Integration between OT and IT
- Communication protocols: Zigbee, Matter, LiFi, WiFi, Bluetooth, Ethernet, NFC, ...
- Smart cards, secure elements and Trusted Platform Modules (TPM) based solutions
- Trusted Execution Environment (TEE) based solutions
- Security certification
Patents
"Piotr Polak has filed for thirty patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office".
Standardization
I am a contributing member to the following standardization organizations.
Representing the national committee of The Netherlands: Normcommissie Cybersecurity Privacy, Normcommissie Industrieel meten, regelen en automatiseren (NEC 65).
JTC13 Cybersecurity and data protection
Tasked by EU Commission to develop security standards related to RED and CRA:
- WG8: Radio Equipment Directive (RED) security standards development
- WG9: Cyber Resilience Act (CRA) security standards development
TC65X Industrial-process measurement, control and automation
- WG3: Cyber security
TC205 Home and building electronic systems (HBES)
- WG20: IT security and data protection
Member of the Security Advisory Group and Product Security Working Group Steering Committee. Directly involved in the following security related standardization efforts.
IoT Product Security Certification Program
Ongoing effort to establish consumer IoT device security certification program with global reach covering requirements related to development process and device security addressing global regulations. The program is currently covering requirements defined by:
The scope of the program may be extended in the future to cover requirements defined by other standards or regulations, support different assurance levels or include products targeting professional market.
Zigbee Direct
Zigbee Direct simplifies onboarding and control of Zigbee devices directly via Bluetooth Low Energy devices that are also capable of participating in a Zigbee network.
- See Security section of the specification
Matter
Matter is IP based protocol providing IoT devices with reliable and secure communication.
Enterprise security
Enabling enterprise security (IEEE 802.1x network access control) for LiFi and Power Line Communication, see the specifications and Annex D in:
For an overview of LiFi security see "ELIoT: enhancing LiFi for next-generation Internet of things" whitepaper.
Secure device onboarding framework
The Fairhair Alliance brought together lighting, building automation and IT companies to develop a secure device onboarding framework based on IP for lighting and building control in commercial buildings.
- Security Architecture for the Internet of Things (IoT) in Commercial Buildings whitepaper