Industrial Internet Security Framework v 1.0 | Page 9

Security Framework 1: Overview This document is the first version of the ‘Industrial Internet of Things, Volume G4: Security Framework’ (IISF). It initiates a process to create broad industry consensus on how to secure Industrial Internet of Things (IIoT) systems. The IIoT is being shaped by many participants from the energy, healthcare, manufacturing, transportation and public sectors, each of which needs to consider security. To avoid security hazards, especially as systems from different sectors interoperate and exploitation attempts are made in the gaps between them, it is important and urgent to build early consensus among the participants on IIoT security. This work builds on ‘Industrial Internet of Things, Volume G1: Reference Architecture’ (IIRA, [IICIIRA2016]) that lays out the most important architecture components, how they fit together and how they influence each other. Each of these components must be made secure, as must the key system characteristics that bind them together into a trustworthy system. This document extends naturally from a chapter in the IIRA describing security concerns. It moves into security-specific territory to ensure security is a fundamental part of the architecture, not bolted onto it. This document has several parts that do not mirror the IIRA document structure exactly. Part I examines key system characteristics, how they should be assured together to create a trustworthy system, and what makes IIoT systems different from traditional IT systems. Part II reviews security assessment for organizations, architectures and technologies. It outlines how to evaluate attacks as part of a risk analysis and highlights the many factors that should be considered, ranging from the endpoints and communications to management systems and the supply chains of the elements comprising the system. Different roles are identified that should be considered in conjunction with the key characteristics, including, owner/operator, system integrator/builder and equipment vendor. Each role offers different risk management perspectives that affect the decisions regarding security and privacy. Part III covers the functional and implementation viewpoint of the IIRA (and subsumes its usage viewpoint). It describes good practices for achieving confidentiality, integrity and availability, and considerations for trusting data when it is communicated and stored, as well as establishing trust in the code and overall execution environment. It also includes patterns for protecting against and limiting risks, including firewalls, separation of networks, separation of privilege, unidirectional gateways, identity management, cryptography, public key infrastructure and trusted execution environment. The annexes cover topics that apply to more specific segments of the security domain. One covers numerous guidelines, standards and regulations relating to protection of industrial internet systems and discusses the role of standards and compliance in industrial internet Security. Another provides an example of a cybersecurity capability maturity model for evaluating the maturity of the security posture and associated processes within an organization. The last annex lists some security techniques and processes, their mapping to important security objectives, and their high-level requirements. IIC:PUB:G4:V1.0:PB:20160926 -9-