Evaluating Security of IIoT Testbeds
Model 11 – will help create better profiles for different security levels .
The security evaluation process aligns with the IISF and , as the IISF and its related documents and methodologies evolve , the security evaluation process is expected to evolve as well . We described the challenges faced by testbeds in effective threat modeling . Adequately addressing some of these challenges will require considerable effort within the security community . We hope tools such as STRIDE will evolve to address these challenges .
This description of the security evaluation process and its challenges is intended to help testbed participants understand the process and for all to contribute to the further evolution of the security evaluation process and a stronger and easier basis for communicating about and making judgements on the security of IIoT systems , enhancing the trustworthiness of these systems . We hope the next version of IISF will consider these challenges and outline ways to address them .
ACKNOWLEDGEMENTS
We would like to thank the Testbed Working Group , and its chair , Joseph Fontaine , for the help in creating the security evaluation process . We also would like to thank the respective security leads of the testbeds showcased in this article , Aravind Parandhaman ( NEC ) and Borja Lanseros ( Titanium Industrial Security ), and the respective testbed technical teams for their expertise and collaboration during the evaluation process .
‣ Return to beginning of this article
‣ Return to Table of Contents
11
Office of Electricity Delivery & Energy Reliability : Cybersecurity Capability Maturity Model ( C2M2 ), retrieved 2018-02-01 http :// energy . gov / sites / prod / files / 2014 / 03 / f13 / C2M2-v1-1 _ cor . pdf from http :// energy . gov / oe / services / cybersecurity / cybersecurity-capability-maturity-model-c2m2-program / cybersecurity , ( 2014 ).
- 62 - March 2018