Key Safety Challenges for the IIoT – Executive Summary
safety-critical systems , with participation of many organizations in the management of systems , with access rights assigned across organizations and changing over time . The blurring of traditional IT boundaries between internal and external systems increases risks .
The increase of the networked integration of systems and the increasing ability of adversaries to conduct attacks over the internet requires a new view of security in safety-critical systems designed to meet stringent safety requirements . IIoT stakeholders must be prepared to implement comprehensive security solutions at each level , from the system of systems down to the individual sensor or actuator . The Industrial Internet Consortium ’ s ( IIC ) Industrial Internet Security Framework 5 provides plenty on this topic .
CHALLENGE 2 : IT / OT CONVERGENCE
IIoT is driving tighter integration between Information Technology ( IT ) and Operational Technology ( OT ). IT assets include the enterprise network / information bus , database services , analytics engines and web services . OT assets include the technology of real-time networks ( e . g ., industrial Ethernet ), programmable logic controllers ( PLCs ) sensors and actuators .
Integration between IT and OT implies not only physical convergence but also convergence of expectations and mentalities . Organizations must be prepared to address the security challenges due to IT / OT convergence that affect safety .
1 . Organizations undergoing IT / OT convergence should attempt , wherever possible , to enforce the noninterference of IT and OT elements that share computing and communications platforms .
2 . Manufacturers of safety-critical system components should investigate ( and be prepared to implement ) the types of IT-like capabilities users will come to expect , such as firmware updates via the network of their OT systems , while still ensuring safety .
3 . Vendors of equipment and software with an IT legacy who want to participate in the IIoT community should familiarize themselves with how safety-critical software and hardware is developed , from requirements through validation and verification .
4 . An organization should define areas of responsibility and ways of interaction between OT and IT specialists . For example , a computer security incident response team in an IIoT system should include OT and IT specialists .
CHALLENGE 3 : PERVASIVE AUTONOMY
Autonomy is the ability of the system to make its own decisions with regards to external inputs and its changing environment and to be able to continue to operate even if disconnected from the
5
Industrial Internet of Things Volume G4 : Security Framework , IIC : PUB : G4 : V1.0 : PB : 20160926 https :// www . iiconsortium . org / pdf / IIC _ PUB _ G4 _ V1.00 _ PB-3 . pdf
- 134 - IIC Journal of Innovation