Industrial Internet Security Framework v 1.0 | Page 67

Security Framework
8 : Protecting Endpoints
Environmental Protection ’ ( PE ) 1 provide information on methods for physical protection , access control and monitoring .
Some endpoints , such as smart meters and environmental sensors , must reside outside physical perimeter security . Physical enclosures may provide tamper evidence that exposes modification events as well as indicating the severity of tampering . Such enclosures can deter unauthorized casual tampering and protect system components from adverse weather conditions and other hazards that may cause unexpected failures . The enclosures should provide stable operating conditions by delivering controlled power source , stable temperature , protection from dust and other environment substances that could adversely affect the endpoints determinism . Physical access to endpoints that provide ports for peripherals , such as USB , should be controlled to prevent unauthorized attachment of peripherals .
Depending on the threat model , the endpoint should implement tamper-resistant hardware components or other secure storage to prevent key extraction . The level of protection from hardware attacks by a device can be accredited using certifications 2 . Endpoints may have physical tamper protection features built-in that are capable of detecting and reporting any change to the physical hardware including its sub-components . Essential endpoint parts may be tagged with unique identification numbers preventing their use outside the configured context . Hardware protection mechanisms should be able to detect the substitution of any component with less capable or malicious replacements .
In highly controlled and regulated environment , the physical security status of the endpoint should be monitored and controlled automatically as part of the endpoint monitoring and configuration management functions . This kind of physical security should be able to detect and report any unauthorized access or modifications to the physical configuration or integration of the hardware . These endpoints could expose an interface allowing higher-level system physical security services to monitor or receive notifications pertaining to the security status of the endpoint easily .
8.4 ESTABLISH ROOTS OF TRUST
The roots of trust ( RoT ), or trust roots , consisting of hardware , software , people and organizational processes , establish confidence in the system . An endpoint without a correctly implemented RoT will lack the ability to establish confidence that it will behave as intended .
The root of trust on a device determines the level of confidence in the authenticity of the credentials belonging to that particular device . The root of trust should be able to generate , manage and store at least one identity .
The strength of the RoT determines the level of trust attainable by the device . The level of security provided by the RoT depends on how it is implemented . The RoT should be simple and well protected against compromise to ensure its integrity . Ideally the RoT should be implemented
1
See [ NIST-800-53 ]
2
See [ FIPS-140-2 ] IIC : PUB : G4 : V1.0 : PB : 20160926 - 67 -