Industrial Internet Security Framework v 1.0 | Page 108
Security Framework
11: Security Configuration and Management
Figure 11-3: Hierarchical Communications Channels
11.3 SECURE OPERATIONAL MANAGEMENT
Operational management configures and controls the IIoT system and its components to
implement the organization’s business process. Trustworthiness of the system depends on trust
in all the system elements, as well as assurance that all of the system elements are working
together correctly. Security must be managed across the entire system, and must not disrupt the
operational processes or diminish the safety or reliability of the system.
There may be safety considerations in operational management. In assessing risk in the
operational system, the criticality of each endpoint must be assessed. The security management
system must have higher criticality than the most critical endpoint it manages, and so requires
compliance with all safety policies required by that level of endpoint. Different standards define
different mechanisms for determining the criticality of systems.1
There may be safety implications that traverse operational management systems. Multiple
operational management systems each manage a set of devices at a specific safety level, so that
devices that do not wish to inherit safety regulations of OT devices are naturally segregated.
Security management does not suffer from this same inheritance dependency; therefore, it is
desirable to isolate the security functionality from the safety functionality.
11.4 SECURITY MANAGEMENT
The security model for a system is based on a number of sources ranging from regulatory policy
to industry standards, organizational directives and personal experience. The security policy must
1
See [NERC-CIP-002]
IIC:PUB:G4:V1.0:PB:20160926
- 108 -