Industry association says new standard is a comprehensive approach to protect the industrial internet
The Industrial Internet Consortium, the public-private organization formed to accelerate adoption of the industrial internet of things, has published its Industrial Internet Security Framework, a common security framework that addresses security issues in IIoT systems.
The organizations says IISF emphasizes the importance of five IIoT characteristics – safety, reliability, resilience, security and privacy – that help define “trustworthiness” in IIoT systems. The IISF also defines risk, assessments, threats, metrics and performance indicators to help business managers protect their organizations.
IIoT security cannot be considered in isolation, says IIC. It comprises a complex set of industrial processes and applications as well as significant safety and reliability requirements.
For example, although it is desirable to implement predictive maintenance capabilities in high-value electric power generation equipment, doing so may open the door to new threats.
Adding security in this scenario can be challenging but without it, there could be serious consequences as a successful attack could cause injury, loss of life, or long-term damage to the environment.
Dr Richard Soley, Executive Director, IIC, says: “Today, many industrial systems simply do not have adequate security in place.
“The level of security found in the consumer Internet just won’t do for the Industrial Internet. In order to add security to an industrial system, you must make sure it won’t interfere with safety and reliability requirements.
“The IISF explores solutions to industrial problems that have plagued the industry for years. The IIC is also putting the IISF vision into practice in our testbed program.”
The organization says IISF delivers security from business, functional and implementation perspectives. It also helps business managers within industrial organizations make informed decisions based on well-designed risk assessments.
Markus Braendle, head of cyber security, ABB, says: “Ensuring a safe and secure digitally connected environment is at the heart of ABB’s Internet of Things, Services and People strategy, and we are pleased to work with the Industrial Internet Consortium on strategies and best practices that put cyber security into a business context and is based on an in-depth understanding of risk management.”
From a functional perspective, the IISF separates security evaluation into endpoint, communications, monitoring and configuration building blocks with subdivisions for each one. Each perspective offers implementation best practices.
The IISF breaks the industrial space down into three roles – the component builders, the system builders, and the operational users. The component builders create hardware and software; the system builders combine hardware and software solutions to create systems; and the operational users are the owner/operators of the systems who manage the risk to their industrial processes posed by the systems. To ensure end-to-end security, industrial users must assess the level of trustworthiness of the complete system.
Greg Gorbach, vice president, ARC Advisory Group, says: “Every Industrial Internet of Things project must incorporate security throughout, but doing it properly in an industrial setting means dealing with many levels and dimensions of complexity.
“The IISF security framework provides a comprehensive approach to ensure that all the bases are covered so risk is minimized.”
The IIC says IISF is the most in-depth industrial-focused security framework comprising expert vision, experience and security best practices from the IIC members. The IISF is available free of charge, through IIC’s website.