Industrial Internet Security Framework v 1.0 | Page 108

Security Framework 11: Security Configuration and Management Figure 11-3: Hierarchical Communications Channels 11.3 SECURE OPERATIONAL MANAGEMENT Operational management configures and controls the IIoT system and its components to implement the organization’s business process. Trustworthiness of the system depends on trust in all the system elements, as well as assurance that all of the system elements are working together correctly. Security must be managed across the entire system, and must not disrupt the operational processes or diminish the safety or reliability of the system. There may be safety considerations in operational management. In assessing risk in the operational system, the criticality of each endpoint must be assessed. The security management system must have higher criticality than the most critical endpoint it manages, and so requires compliance with all safety policies required by that level of endpoint. Different standards define different mechanisms for determining the criticality of systems.1 There may be safety implications that traverse operational management systems. Multiple operational management systems each manage a set of devices at a specific safety level, so that devices that do not wish to inherit safety regulations of OT devices are naturally segregated. Security management does not suffer from this same inheritance dependency; therefore, it is desirable to isolate the security functionality from the safety functionality. 11.4 SECURITY MANAGEMENT The security model for a system is based on a number of sources ranging from regulatory policy to industry standards, organizational directives and personal experience. The security policy must 1 See [NERC-CIP-002] IIC:PUB:G4:V1.0:PB:20160926 - 108 -