IIC releases official framework for industrial IoT security
Securing the industrial IoT
The Industrial Internet Consortium (IIC), an organization formed to accelerate the industrial internet of things (IIoT), today published the Industrial Internet Security Framework (IISF), a common IoT security framework that addresses security issues in industrial systems. The IISF emphasizes the importance of five IIoT characteristics: safety, reliability, resilience, security and privacy – that help define “trustworthiness” in IIoT systems. The IISF also defined risk, assessments, threats, metrics and performance indicators to help business managers protect their organizations.
IIoT security is a complex set of industrial processes and applications, and requires significant safety and reliability requirements, according to the IIC. For example, implementing predictive maintenance capabilities in high-value electric power generation equipment may open the door to new threats. Adding security in this scenario can be challenging, but without it, there could be serious consequences as a successful attack could cause injury, loss of life or long-term damage to the environment.
“Today, many industrial systems simply do not have adequate security in place,” said Dr. Richard Soley, executive director at IIC. “The level of security found in the consumer internet just won’t do for the industrial internet. In order to add security to an industrial system, you must make sure it won’t interfere with safety and reliability requirements. The IISF explores solutions to industrial problems that have plagued the industry for years. The IIC is also putting the IISF vision into practice in our testbed program.”
IoT security is a top priority
The security framework was built to deliver security from business, functional and implementation perspectives. It helps business managers within industrial organizations make informed decisions based on well-designed risk assessments.
“Ensuring a safe and secure digitally connected environment is at the heart of ABB’s Internet of Things, Services and People strategy, and we are pleased to work with the Industrial Internet Consortium on strategies and best practices that put cyber security into a business context and is based on an in-depth understanding of risk management,” said Markus Braendle, head of Cyber Security, ABB.
From a functional perspective, the IISF separates security evaluation into endpoint, communications, monitoring and configuration building blocks with subdivisions for each one. Each perspective offers implementation best practices.
The IISF breaks the industrial space down into three roles
- Component builders
- create hardware and software
- System builders
- combine hardware and software solutions
- Operational users.
- manage the risk to their industrial processes posed by the systems
To ensure end-to-end security, industrial users must assess the level of trustworthiness of the complete system, according to the IIC.
“Every industrial internet of things project must incorporate security throughout, but doing it properly in an industrial setting means dealing with many levels and dimensions of complexity,” said Greg Gorbach, vice president at ARC Advisory Group. “The IISF security framework provides a comprehensive approach to ensure that all the bases are covered so risk is minimized.”
All 173 pages of the IISF can be found here for free.