Connectivity Framework
2: Connectivity Framework
protection, information flow protection, network configuration and management, network monitoring & analysis, and cryptographic protection, as shown in Figure 2-3.
Figure 2-3: Connectivity protection building blocks described in the Industrial Internet Security Framework 1.
The security policies govern connectivity-endpoint data-exchange as part of a broader protection strategy. For example, they specify how to filter and route traffic, how to protect exchanged data and metadata( authenticate or encrypt-then-authenticate) and what access control rules should be used.
Cryptographic protection of connectivity endpoints relies on:
• explicit endpoint data exchange policies,
• strong mutual authentication between endpoints,
• authorization mechanisms that enforce access control rules derived from the policy, and
• mechanisms for ensuring confidentiality, integrity, and freshness of the exchanged data.
Adequate cryptographic protection should be considered for each of the layers shown in Table 2-1.
2.3.6 LONGEVITY
Connectivity components, especially those in the network layer and below, are built into the hardware and hence are not easily replaceable. Where possible and feasible, the connectivity
1
See [ IIC-IISF2016 ] IIC: PUB: G5: V1.0: PB: 20170228- 19-