Security Framework
8: Protecting Endpoints
attacks on data access may impede timely and accurate execution of the endpoint functionality resulting in costly outcomes.
• Breach of the Monitoring & Analysis system, 12: An attacker could gain visibility on the functions of the monitored system. For example, an attacker could modify monitoring data to make it appear as if a particular event did not occur. Modification of the security logs and monitoring data may result in undetected vulnerabilities or compromised states. As a result, attackers would benefit from a coverage gap, compromising endpoint hardware and software or destroying evidence of their activities after an attack.
• Vulnerabilities in Configuration & Management, 13: Vulnerability of the Configuration & Management system may result from improper access control to the configuration management system, insertion of unauthorized changes in the system or corruption of update payloads. Updates to the endpoints should be planned and managed so as to limit the number of different operational configurations and reduce fragmentation of the fleet.
• Uncontrolled changes to Security Policy and Model, 14: Modification of the security policy and derived security models represent a serious threat to the system and its endpoints. Equally, weakness in the security policy is an area for exploitation by potential attackers.
• Vulnerabilities in the Development Environment, 15: The introduction of weaknesses during the software development lifecycle can leave the IIoT systems susceptible to attack. These weaknesses may be introduced during architecting, designing, or writing of the code. Use of vulnerable or malicious libraries or untrusted development frameworks may lead to their inclusion in the resulting code running in the IIoT system.
After consideration of all the above-mentioned potential threats to the endpoint, a sound and thorough assurance process is required to ensure that the resulting system is trustworthy. Gaining assurance about the software integrity of the endpoint includes gathering evidence across all of the development and operational lifecycle. This effort should determine whether potential weaknesses, like those in‘ Common Weakness Enumeration’( CWE) 1 have been avoided, removed or remediated, and then tagging that baseline and using it to verify that correct software is loaded at boot. The ISO / IEC 19770 2 specification on Software Tagging may be useful for tagging software at the source. This provides assurance that those packages come from authenticated and authorized sources.
8.2 ARCHITECTURAL CONSIDERATIONS FOR PROTECTING ENDPOINTS
Implementing security on endpoints depends upon their computational and communication capabilities. On the edge, endpoints may be resource-constrained devices with less computing power and with static configurations. In the cloud, endpoints may be servers with extraordinary computational capability and dynamic configurations.
1
See [ CWE ]
2
See [ ISO-19770 ] IIC: PUB: G4: V1.0: PB: 20160926- 63-