Industrial Internet Security Framework v 1.0 | Page 9
Security Framework
1: Overview
This document is the first version of the ‘Industrial Internet of Things, Volume G4: Security
Framework’ (IISF). It initiates a process to create broad industry consensus on how to secure
Industrial Internet of Things (IIoT) systems.
The IIoT is being shaped by many participants from the energy, healthcare, manufacturing,
transportation and public sectors, each of which needs to consider security. To avoid security
hazards, especially as systems from different sectors interoperate and exploitation attempts are
made in the gaps between them, it is important and urgent to build early consensus among the
participants on IIoT security.
This work builds on ‘Industrial Internet of Things, Volume G1: Reference Architecture’ (IIRA, [IICIIRA2016]) that lays out the most important architecture components, how they fit together and
how they influence each other. Each of these components must be made secure, as must the key
system characteristics that bind them together into a trustworthy system.
This document extends naturally from a chapter in the IIRA describing security concerns. It moves
into security-specific territory to ensure security is a fundamental part of the architecture, not
bolted onto it.
This document has several parts that do not mirror the IIRA document structure exactly. Part I
examines key system characteristics, how they should be assured together to create a
trustworthy system, and what makes IIoT systems different from traditional IT systems.
Part II reviews security assessment for organizations, architectures and technologies. It outlines
how to evaluate attacks as part of a risk analysis and highlights the many factors that should be
considered, ranging from the endpoints and communications to management systems and the
supply chains of the elements comprising the system. Different roles are identified that should
be considered in conjunction with the key characteristics, including, owner/operator, system
integrator/builder and equipment vendor. Each role offers different risk management
perspectives that affect the decisions regarding security and privacy.
Part III covers the functional and implementation viewpoint of the IIRA (and subsumes its usage
viewpoint). It describes good practices for achieving confidentiality, integrity and availability, and
considerations for trusting data when it is communicated and stored, as well as establishing trust
in the code and overall execution environment. It also includes patterns for protecting against
and limiting risks, including firewalls, separation of networks, separation of privilege,
unidirectional gateways, identity management, cryptography, public key infrastructure and
trusted execution environment.
The annexes cover topics that apply to more specific segments of the security domain. One covers
numerous guidelines, standards and regulations relating to protection of industrial internet
systems and discusses the role of standards and compliance in industrial internet Security.
Another provides an example of a cybersecurity capability maturity model for evaluating the
maturity of the security posture and associated processes within an organization. The last annex
lists some security techniques and processes, their mapping to important security objectives, and
their high-level requirements.
IIC:PUB:G4:V1.0:PB:20160926
-9-