Security Framework
12: Looking Ahead— The Future of the IIoT
Enabling edge devices to make decisions more autonomously can lead to more efficient processes, and provides the ability to react more quickly to events at the edge. This is analogous to the human reflex operation. There, the stimuli do not travel all the way to the brain for a response to be sent, rather, they are intercepted in the spinal column so that a response, to very specific stimulus, is returned very quickly. In industrial terms, this leads to a more scalable solution since all the raw data does not need to travel to central management, but rather faster reflexive actions are enabled through intelligence at the edge. Of course, as we empower the edge more, we need to protect those edge devices better.
Security management will likely face a similar shift from centralized to decentralized as the number of devices skyrockets as predicted. Similarly, as the sheer volume of data required for managing devices increases, it becomes clear there’ s a point where centralized management ceases to be effective and efficient. Instead, embedding security into each piece of equipment individually, and empowering the equipment with the security context required to make safe decisions, might become a far more scalable approach.
Meanwhile, the security aspects of such an autonomous world, if not handled correctly, could be devastating. Imagine a multitude of autonomous smart devices, all making decisions on their own. We must ensure that security can be implemented to maintain the integrity of the devices against attack. Therefore, a malicious entity cannot compromise the devices and cause them to make the wrong decisions at critical times. The key elements in this security scenario are ensuring integrity of the endpoints, enabling communications security, and providing the ability to update the endpoints more securely. To ensure compatibility across all of the various types of devices, it is desirable to have a common infrastructure that enables communications and management( and monitoring) across them all.
There are many related advances in technology that may enable improving the security of IIoT systems. Some of these technologies have been available for some time with varying degrees of deployment.
A software-defined network can separate networks and prevent packets from crossing between them, thus increasing security. They also allow IP addresses to be dynamically changed, making it harder for attackers to learn about the network and benefit from previous explorations.
Software-defined platforms and virtual machines allow separating computer systems and reducing the risks of an attack on a system affecting multiple functionalities on that system.
Protecting the confidentiality of private keys in endpoint devices and simplifying the provisioning can improve IIoT. Technologies such as physical unclonable function( PUF) [ MIT-PUF ] allow endpoint devices to behave as if they have private keys without storing a key, reducing the risk associated with attacks on hardware to retrieve a stored key. The adoption of this technology has been slow, possibly due to concerns with stability over time.
Privacy could be enhanced while still allowing analytics through techniques that allow calculations to be performed on encrypted text, such as homomorphic encryption. This may impose constraints on the data design used in the system.
IIC: PUB: G4: V1.0: PB: 20160926- 122-