Industrial Internet Security Framework v 1.0 | Page 113

Security Framework 11: Security Configuration and Management Gateways may simplify the update process. If a gateway sits in front of a number of endpoints from the same vendor, then secured download and validation of software updates from the vendor update repository is possible. The gateway should include enough security functionality to authenticate the update repository server and the source of the software updates, securely download the update via encrypted channel or by downloading an encrypted update and then verifying the integrity of the downloaded update. Then, the gateway may be able to act as the update server for the endpoint behind the gateway, providing the validated update directly to the endpoint, thereby minimizing the attack surface of the update process. Manufacturers may try to perform automatic software and firmware updates on their customer’s devices, but this is risky. If an update fails, the device may be left inoperable or operating in an unknown and unpredictable manner. Worse, an adversary may commandeer the device as a platform for attacks on other devices. The integrity of the update must always be assured, regardless of the method of retrieval for the update. Digital signatures enable validation of the update file, and provide stronger security than hashes (see section 8.8.2). 11.6 COMMUN ICATIONS CONFIGURATION AND MANAGEMENT As with endpoint security enforcement, there must be security management and control of the network communications. The policy may be applied at the communicating endpoints, or at intermediary communications devices between them. Mitigating controls that enforce the network security policy on intermediary devices may include firewalls and packet filters, routers, intrusion detection system (IDS), intrusion prevention systems (IPS), network access control, and other security controls and devices. Of specific interest in managing the security of IIoT communications is network access control (see section 9.2.7). NAC is a management control that prevents endpoints from getting onto the network. It relies on information from network security controls that monitor traffic. By integrating security management systems and security monitoring systems, NAC functionality enables detection of unauthorized endpoints on the IIoT network segments and forcibly disconnects them. Gateways, firewalls, routers and active network monitoring and control devices enable forcible disconnection of unauthorized endpoints. 11.7 IDENTITY MANAGEMENT Identity management includes the processes and policies involved in managing the lifecycle and value, type and optional metadata of attributes in identity known in a particular identity domain, which is the environment where an entity can use a set of attributes for identification. Identity management is one of the primary functions in endpoint security (see section 8.5) and is fundamental to authentication and authorization (see section 8.6). IIC:PUB:G4:V1.0:PB:20160926 - 113 -