Industrial Internet Security Framework v 1.0 | Page 25
Security Framework
4: Distinguishing Aspects of Securing the IIoT
constraints apply to both OT and IT safety and security systems, and equipment that involves
human or environmental safety must be certified at some cost in time and money. New attacks
and threat models must be evaluated, and security programs should include all stakeholders.
These stakeholders may have complex roles in securing IIoT systems, with different systems’
boundaries implying different business models—and risk models. When single owner/operators
controlled an isolated system, there was one boundary with clear security concerns. In IIoT
systems, increased connectivity requires exposing more interfaces and that implies risk.
Most OT systems depend on infrastructure with lifetimes measured in decades, while IT systems
can be upgraded frequently at little or no cost. In the upcoming years, these systems need to be
integrated into an evolving landscape of endpoint, communication, monitoring and management
systems that provide the required security. Safety-critical systems now are connected to the
cloud for management and analysis of collected data.
IIC:PUB:G4:V1.0:PB:20160926
- 25 -