Industrial Internet Security Framework v 1.0 | Page 40

Security Framework 6: Permeation of Trust in the IIoT System Lifecycle There are cases where the boundary between the roles is less distinct. Members of one role may take on characteristics of an adjacent role. For example, some manufacturers may wish to maintain control over and manage the devices they produce. Device management, security management and predictive maintenance are example use cases where the manufacturer may wish to play the role of the system builder, specifically the third party operational management provider or the service publisher, in addition to the manufacturer role. Similarly, some equipment owners and operators may wish to purchase directly from the manufacturer and integrate the equipment directly into their environment. In that case, the owner/operator is acting as the in-house system integrator, potentially even developing their own solutions in-house. 6.3 TRUST AT COMPONENT BUILDER ROLES Manufacturers and vendors develop technical components to sell as standard. They can be adapted for specific usage, but this is the responsibility of the system builder. The deliverer of the component is responsible for delivering th e capabilities that fulfill the anticipated and implicit requirements over the lifecycle of the component. The receiver of the component is responsible for assuring its trustworthiness at the next level of the trust hierarchy. Trust must permeate down through all the components and their subcomponents, as shown in Figure 6-3. Component builders must ensure that trust requirements are applied to each of the subcomponents and their integration. Hardware component builders must provide trust requirements and assure their compliance down the chain through the decomposition of all the subcomponents. For example, the original equipment manufacturer (OEM) delivering a controller is responsible for ensuring the trust of all the components ranging from the microprocessor, memory, peripherals, power supply and enclosure. Some of these components might be delivered as integrated hardware and software subcomponents. For an example, a device may be delivered with a board that integrates the application processor, memory module, graphics process and integrate unified extensible firmware interface (UEFI) firmware. 1 Once again, the component builder responsible for the aggregated components is responsible for assuring compliance with the trust requirements. 1 See [UEFI] IIC:PUB:G4:V1.0:PB:20160926 - 40 -