Security Framework
3: Key System Characteristics Enabling Trustworthiness
On the other hand, security and privacy are important characteristics for most IT systems, together with reliability. Safety is rarely an issue, and resilience is reserved for specialized systems where business continuity is a motivating factor, for example for financial transactions.
This document offers a framework to balance the security-relevant considerations of the two different cultures, OT and IT. As each culture endeavors to create trustworthy systems that deal with their functional needs, environment, possible disruptions, system faults, human errors and attacks, the considerations need to be made explicit so that members of each can understand and appreciate the needs and motivations of the other.
3 KEY SYSTEM CHARACTERISTICS ENABLING TRUSTWORTHINESS
An Industrial Internet of Things( IIoT) system exhibits end-to-end characteristics that emerge as a result of the properties of its various components and the nature of their interactions. The five characteristics that most affect the trust decisions of an IIoT deployment are security, safety, reliability, resilience and privacy. These are referred to as key system characteristics. Others, for example, scalability, usability, maintainability, portability or composability may be important in general too but are not considered“ key” in respect to trustworthiness. Each key system characteristic must be assured in its own way, but there are some common techniques.
3.1 ASSURANCE OF KEY SYSTEM CHARACTERISTICS
Assurance requires the collection and analysis of evidence that supports the design, construction, deployment and test of the system, and its activities in operation. The evidence must support the claim that the right mixture of innate system capabilities and compensating security controls to mitigate risks has been put in place.
Assurance includes risk analysis to identify hazards and prevent incidents or accidents. Risk, the effect of uncertainty on objectives, takes into consideration the likelihood of an event occurring along with the impact of that event if it were to occur. Rigorous product and system design, including design reviews and testing, intends to prevent faulty operations and improve system resilience to potential events identified in the risk analysis.
When making claims about what has been done to address specific attacks and weaknesses, public knowledge sources 1 should be used when possible so that discussion of these aspects can be grounded in common terminology and the same reference source( s).
Assurance cases structure the reasoning behind claimed security behavior, features or absence of vulnerability. They provide evidence about removal of weaknesses by means of protection mechanisms and security features, and provide arguments supporting claims that key system
1
Example of public sources include [ CWE ], [ CAPEC ], [ OWASP ], [ WASC ], [ ATT-CK ] and [ CVE ]
IIC: PUB: G4: V1.0: PB: 20160926- 15-