Piotr Polak
Cybersecurity and standardization expert
I am cybersecurity expert experinced in driving IoT device security development and certification. I am also an active contributor to the standardization of security related specifications at CENELEC, CSA and ITU.
Expertise
More than 21 years of experience in system and embedded device security, development of products for global markets and standardization:
- Secure product development
- Product and process security certification
- Security related standardization
Having being involved in the ongoing work on the Radio Equipment Directive and Cyber Resilience Act related specifications at CENELEC and Connectivity Standards Alliance Product Security Certification Program, I can bring important insights that can help guide product development to improve security and achieve compliance.
My expertise includes:
- Operational (OT) and Information (IT) technology product security
- Integration between OT and IT
- Communication protocols: Zigbee, Matter, LiFi, WiFi, Bluetooth, Ethernet, NFC, ...
- Smart cards, secure elements and Trusted Platform Modules (TPM) based solutions
- Trusted Execution Environment (TEE) based solutions
- Security certification
Actively following EU driven cybersecurity regulations and monitoring cybersecurity regulations in other regions.
Standardization
Contributing member to the following standardization organizations.
CENELEC
Representing the national committee of The Netherlands: Normcommissie Cybersecurity Privacy, Normcommissie Industrieel meten, regelen en automatiseren (NEC 65).
JTC13 Cybersecurity and data protection
Tasked by EU Commission to develop security standards related to RED and CRA:
- WG8: Radio Equipment Directive (RED) security standards development
- WG9: Cyber Resilience Act (CRA) security standards development
TC65X Industrial-process measurement, control and automation
- WG3: Cyber security
TC205 Home and building electronic systems (HBES)
- WG20: IT security and data protection
Connectivity Standards Alliance
Member of the Security Advisory Group and Product Security Working Group Steering Committee. Directly involved in the following security related standardization efforts.
IoT Product Security Certification Program
Ongoing effort to establish consumer IoT security certification program covering requirements related to development process and device security. The program is currently aiming at covering requirements defined by ETSI EN 303645 and NIST IR 8425. The scope of the program may be extended in the future to cover requirements defined by other standards, support different assurance levels or include products targeting professional market.
Zigbee Direct
Zigbee Direct simplifies onboarding and control of Zigbee devices directly via Bluetooth Low Energy devices that are also capable of participating in Zigbee network.
Matter
Matter is IP based protocol providing IoT devices with reliable and secure communication.
International Telecommunication Union
Enterprise security
Enabling enterprise security (IEEE 802.1x network access control) for LiFi and Power Line Communication, see the specifications and Annex D in:
Fairhair Alliance
Secure device onboarding framework
The Fairhair Alliance brought together lighting, building automation and IT companies to develop a secure device onboarding framework based on IP for lighting and building control in commercial buildings.
- Security Architecture for the Internet of Things (IoT) in Commercial Buildings whitepaper
Patents
"Piotr Polak has filed for thirty patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office".