The Industrial Internet Consortium, the global, public-private organization formed to accelerate adoption of the Industrial Internet of Things, have published their Industrial Internet Security Framework, a common security vision that addresses security issues in IIoT systems.
The IISF emphasizes the importance of five IIoT characteristics – safety, reliability, resilience, security and privacy – that help define “trustworthiness” in IIoT systems. The IISF also defines risk, assessments, threats, metrics and performance indicators to help business managers protect their organizations.
IIoT security cannot be considered in isolation. It comprises a complex set of industrial processes and applications as well as significant safety and reliability requirements. For example, although it is desirable to implement predictive maintenance capabilities in high-value electric power generation equipment, doing so may open the door to new threats. Adding security in this scenario can be challenging but without it, there could be serious consequences as a successful attack could cause injury, loss of life, or long-term damage to the environment.
“Today, many industrial systems simply do not have adequate security in place,” said Dr. Richard Soley, Executive Director, IIC. “The level of security found in the consumer Internet just won’t do for the Industrial Internet. In order to add security to an industrial system, you must make sure it won’t interfere with safety and reliability requirements. The IISF explores solutions to industrial problems that have plagued the industry for years. The IIC is also putting the IISF vision into practice in our testbed program.”
The IISF delivers security from business, functional and implementation perspectives. It’s aim is to help business managers within industrial organizations make informed decisions based on well-designed risk assessments.
“Ensuring a safe and secure digitally connected environment is at the heart of ABB’s Internet of Things, Services and People strategy, and we are pleased to work with the Industrial Internet Consortium on strategies and best practices that put cyber security into a business context and is based on an in-depth understanding of risk management,” said Markus Braendle, head of Cyber Security, ABB.
From a functional perspective, the IISF separates security evaluation into endpoint, communications, monitoring and configuration building blocks with subdivisions for each one. Each perspective offers implementation best practices.
The IISF breaks the industrial space down into three roles – the component builders, the system builders, and the operational users. The component builders create hardware and software; the system builders combine hardware and software solutions to create systems; and the operational users are the owner/operators of the systems who manage the risk to their industrial processes posed by the systems. To ensure end-to-end security, industrial users must assess the level of trustworthiness of the complete system.
“Every Industrial Internet of Things project must incorporate security throughout, but doing it properly in an industrial setting means dealing with many levels and dimensions of complexity,” said Greg Gorbach, Vice President, ARC Advisory Group. “The IISF security framework provides a comprehensive approach to ensure that all the bases are covered so risk is minimized.”
The IISF is the most in-depth industrial-focused security framework comprising expert vision, experience and security best practices from the IIC members. The IISF is available free of charge here.