Industrial Internet Security Framework v 1.0 | Page 10
Security Framework
1: Overview
Part I: Introduction
An Industrial Internet of Things (IIoT) system connects and integrates industrial control systems
with enterprise systems, business processes and analytics. An IIoT system enables significant
advances in optimizing decision-making, operations and collaborations among a large number of
increasingly autonomous control systems.
These systems differ from traditional industrial control systems by being connected extensively
to other systems and people, increasing their diversity and scale. They also differ from traditional
information technology (IT) systems in that they use sensors and actuators in an industrial
environment. These are typically systems that interact with the physical world where
uncontrolled change can lead to hazardous conditions. This potential risk increases the
importance of safety, reliability, privacy and resiliency beyond the levels expected in many
traditional IT environments. Such IIoT systems may also have data flows that include multiple
intermediary organizations, requiring security approaches beyond simple approaches such as link
encryption. Having long lifetimes, IIoT systems include legacy installations and are regulated
because human health and safety is at risk. The cultures of operational and information
technology worlds differ, leading to a need to integrate these cultures for IIoT systems. All of
these differences have implications on how these systems need to be secured.
Part I examines key system characteristics, clarifying how they should each be assured and
assured together to create a trustworthy system appropriate for IIoT systems, taking into account
what makes these systems different.
IIC:PUB:G4:V1.0:PB:20160926
- 10 -