Industrial Internet Security Framework published by Industrial Internet Consortium
The Industrial Internet Consortium (IIC) has published the Industrial Internet Security Framework (IISF), a common security framework that addresses security issues in Industrial Internet of Things (IIoT) systems from business, functional, and implementation perspectives. The framework emphasizes the importance of five IIoT characteristics – safety, reliability, resilience, security, and privacy – that help define “trustworthiness” in IIoT systems. It also defines risk, assessments, threats, metrics, and performance indicators to help business managers protect their organizations. The IISF is available free of charge and the IISF editors and other security experts will be presenting at the Industrial Internet Security Forum on October 6, 2016 in Sunnyvale, CA.
From a functional perspective, the IISF separates security evaluation into endpoint, communications, monitoring, and configuration building blocks with each containing various subsets. Each perspective offers implementation best practices.
The IISF breaks the industrial space down into three roles – component builders, system builders, and operational users. Component builders create hardware and software; system builders combine hardware and software solutions to create systems; and operational users are the owners/operators of the systems who manage risk in their industrial processes. To ensure end-to-end security, industrial users must assess the level of trustworthiness of the complete system, for which the IISF provides guidelines.
“Today, many industrial systems simply do not have adequate security in place,” said Dr. Richard Soley, Executive Director, IIC. “The level of security found in the consumer Internet just won't do for the Industrial Internet. In order to add security to an industrial system, you must make sure it won’t interfere with safety and reliability requirements. The IISF explores solutions to industrial problems that have plagued the industry for years. The IIC is also putting the IISF vision into practice in our testbed program.”
For more information about the IISF, visit www.iiconsortium.org/IISF.htm, or register for the Industrial Internet Security Forum at www.iiconsortium.org/security-forum-2016/index.htm.