The Industrial Internet Consortium (IIC) published on Monday the Industrial Internet Security Framework (IISF), a common security framework that addresses security issues in IIoT systems. The IISF emphasizes the importance of five IIoT characteristics – safety, reliability, resilience, security and privacy – that help define “trustworthiness” in IIoT systems. The IISF also defines risk, assessments, threats, metrics and performance indicators to help business managers protect their organizations.
IIoT security cannot be considered in isolation. It comprises a complex set of industrial processes and applications as well as significant safety and reliability requirements. For example, although it is desirable to implement predictive maintenance capabilities in high-value electric power generation equipment, doing so may open the door to new threats.
Adding security in this scenario can be challenging but without it, there could be serious consequences as a successful attack could cause injury, loss of life, or long-term damage to the environment.
The IISF breaks the industrial space down into three roles – the component builders, the system builders, and the operational users. The component builders create hardware and software; the system builders combine hardware and software solutions to create systems; and the operational users are the owner/operators of the systems who manage the risk to their industrial processes posed by the systems. To ensure end-to-end security, industrial users must assess the level of trustworthiness of the complete system.
The global, public-private organization formed to accelerate adoption of the Industrial Internet of Things (IIoT) features an open membership organization with over 240 members from 30 countries, formed to accelerate the development, adoption, and use of interconnected machines and devices, analytics, and people at work. Founded by AT&T, Cisco, General Electric, IBM, and Intel in March 2014, the Industrial Internet Consortium catalyzes and coordinates the priorities and enabling technologies of the Industrial Internet. The Industrial Internet Consortium is managed by the Object Management Group (OMG).
The IISF delivers security from business, functional and implementation perspectives. It helps business managers within industrial organizations make informed decisions based on well-designed risk assessments.
“Ensuring a safe and secure digitally connected environment is at the heart of ABB’s Internet of Things, Services and People strategy, and we are pleased to work with the Industrial Internet Consortium on strategies and best practices that put cyber security into a business context and is based on an in-depth understanding of risk management,” said Markus Braendle, head of Cyber Security, ABB.
From a functional perspective, the IISF separates security evaluation into endpoint, communications, monitoring and configuration building blocks with subdivisions for each one. Each perspective offers implementation best practices.
“Today, many industrial systems simply do not have adequate security in place,” said Dr. Richard Soley, Executive Director, IIC. “The level of security found in the consumer Internet just won’t do for the Industrial Internet. In order to add security to an industrial system, you must make sure it won’t interfere with safety and reliability requirements. The IISF explores solutions to industrial problems that have plagued the industry for years. The IIC is also putting the IISF vision into practice in our testbed program.”
“Every Industrial Internet of Things project must incorporate security throughout, but doing it properly in an industrial setting means dealing with many levels and dimensions of complexity,” said Greg Gorbach, vice president, ARC Advisory Group. “The IISF security framework provides a comprehensive approach to ensure that all the bases are covered so risk is minimized.”
The IISF delivers in-depth industrial-focused security framework comprising expert vision, experience and security best practices from the IIC members. The IISF is available free of charge.
The IIC highlighted earlier this month that the industrial Internet holds a $33 trillion opportunity that is currently happening to deliver benefits, including reduced maintenance costs, reduced waste, improved service, energy savings and workforce productivity gains.