Evaluating Security of IIoT Testbeds
The architecture for this testbed contains
four trust boundaries. Due to space
restrictions the architecture diagram for this
testbed could not fit in this article. The
architecture diagram provided by the
testbed contained, besides the system
functional
components,
security
implementation components, such as Next
Generation Firewalls (NGFW) and DMZs
(perimeter network or demilitarized zone, in
computer security terminology). In this
testbed, operators and users will access the
testbed remotely to perform configuration
and analysis using a client-side encrypted
VPN network.
savings. The Azure platform supports
needed security and crypto operations.
The edge tier is the Industrial Automation
and Control System. This tier has three trust
boundaries: The IIoT gateway, the
Supervisory and Control Network, and the
sensors and actuators. The IIoT gateway is
the device intended to perform tasks of
collecting relevant information about the
state of the process and the production
components, as well as data processing
based on predictive algorithms. The
Supervisory and Control Network includes
process control equipment that receives
inputs from sensors, then processes the
incoming data using control algorithms and
subsequently sends the output actuators for
continuous, sequential, batch and discrete
control. These devices run vendor-specific
operating systems and are programmed and
The enterprise tier is hosted in the
Microsoft® Azure® Cloud, in which data
processing and machine learning is
performed for preventive maintenance,
improvements in production and cost
Figure 5: STRIDE Model
- 56 -
March 2018