Industrial Internet Security Framework v 1.0 | Page 131
Security Framework
Annex A: Industrial Security Standards
examples are those of European Union (GDPR) and North America (HIPAA and PIPEDA). 1 Since
regulations are mandatory, non-adherence could mean fines and even jail time. Best practice is
to have privacy by design, default and deployment approach. Some of the privacy requirements
might overlap with security requirements and should be considered concurrently.
More information on data privacy standards and regulations can be found at Baker & McKenzie’s
‘Global Privacy Matrix’ and Electronic Frontier Foundation (EFF)’s ‘International Privacy
Standards’.2
A.7
PROTOCOL RESOURCES
Detailed evaluation of the security properties, weaknesses and strengths of industrial network
protocols is not within the scope of the current draft of this document. However, pointing to
corresponding resources, including associated security considerations is likely of interest to
security engineers and architects:
Object Management Group manages the open specifications of the Data Distribution Service
(DDS), including ‘DDS Security Specification’. More information about the specification, its users
and comparison with other technologies can be found at the OMG website. 3
OPC Foundation maintains the open specifications of the OPC protocol. Information on OPC
Classic, OPC UA, and OPC .NET (formerly OPC Xi) can be found at the OPC website. 4
DNP User Group maintains the Distributed Network Protocol (DNP3). Technical information,
conformance testing, and listing of conformant products can be found at the DNP website. 5
Modbus Organization manages the development and use of Modbus protocols. Information
about the Modbus protocols, as well as technical resources for development and testing of
Modbus-based industrial systems can be found at the Modbus website.6
PROFIBUS and PROFINET International manages the PROFIBUS and PROFINET industrial
protocols. Protocol specifications, technical documents and software tools can be found at the
PROFIBUS website. 7
Other standards and protocols that might be of interest to IIoT architects are MQTT and AMQP,
both OASIS standards, and XMPP.8 Common protocol definitions and standards, such as HTTP 9
See [EU-GDPR], [HHS-HIPAA] and [CA-PIPEDA]
See [BaMcK-GPH] and [EFF-IPS]
3
See [OMG-DDS]
4
See [OPC-classic], [OPC-NET] and [OPC-UA]
5
See [DNP]
6
See [Modbus]
7
See [PI-pbus] and [PI-pnet]
8
See [MQTT], [AMQP], [OASIS] and [XMPP]
9
See [IETF-RFC7230]
1
2
IIC:PUB:G4:V1.0:PB:20160926
- 131 -