YOU ARE AT:Big Data AnalyticsIIC releases official framework for industrial IoT security

IIC releases official framework for industrial IoT security

Securing the industrial IoT 

The Industrial Internet Consortium, an organization formed to accelerate the industrial “internet of things,” today published the Industrial Internet Security Framework, a common IoT security framework that addresses security issues in industrial systems. The IISF emphasizes the importance of five IIoT characteristics: safety, reliability, resilience, security and privacy – that help define “trustworthiness” in IIoT systems. The IISF also defined risk, assessments, threats, metrics and performance indicators to help business managers protect their organizations.

source: IIC
Source: IIC

IIoT security is a complex set of industrial processes and applications, and requires significant safety and reliability requirements, according to the IIC. For example, implementing predictive maintenance capabilities in high-value electric power generation equipment may open the door to new threats. Adding security in this scenario can be challenging, but without it there could be serious consequences as a successful attack could cause injury, loss of life or long-term damage to the environment.

“Today, many industrial systems simply do not have adequate security in place,” said Dr. Richard Soley, executive director at IIC. “The level of security found in the consumer internet just won’t do for the industrial internet. In order to add security to an industrial system, you must make sure it won’t interfere with safety and reliability requirements. The IISF explores solutions to industrial problems that have plagued the industry for years. The IIC is also putting the IISF vision into practice in our testbed program.”

IoT security is a top priority

source: IIC
Source: IIC

The security framework was built to deliver security from business, functional and implementation perspectives. It helps business managers within industrial organizations make informed decisions based on well-designed risk assessments.

“Ensuring a safe and secure digitally connected environment is at the heart of ABB’s internet of things, services and people strategy, and we are pleased to work with the Industrial Internet Consortium on strategies and best practices that put cybersecurity into a business context and is based on an in-depth understanding of risk management,” said Markus Braendle, head of cybersecurity at ABB.

From a functional perspective, the IISF separates security evaluation into endpoint, communications, monitoring and configuration building blocks with subdivisions for each one. Each perspective offers implementation best practices.

The IISF breaks the industrial space down into three roles

  • Component builders
    • create hardware and software
  • System builders
    • combine hardware and software solutions
  • Operational users.
    • manage the risk to their industrial processes posed by the systems

To ensure end-to-end security, industrial users must assess the level of trustworthiness of the complete system, according to the IIC.

source: IIC
Source: IIC

“Every industrial internet of things project must incorporate security throughout, but doing it properly in an industrial setting means dealing with many levels and dimensions of complexity,” said Greg Gorbach, VP at ARC Advisory Group. “The IISF security framework provides a comprehensive approach to ensure that all the bases are covered so risk is minimized.”

All 173 pages of the IISF can be found here for free.

ABOUT AUTHOR