The IIC releases Industrial Internet Security Framework

Tuesday, 20 September, 2016

The Industrial Internet Consortium (IIC) has published the Industrial Internet Security Framework (IISF), a common security framework that addresses security issues in Industrial Internet of Things (IIoT) systems.

The IISF emphasises the importance of safety, reliability, resilience, security and privacy, all of which help to define ‘trustworthiness’ in IIoT systems. The IISF also defines risk, assessments, threats, metrics and performance indicators to help business managers protect their organisations.

In addition, it delivers security from business, functional and implementation perspectives. The framework helps business managers within industrial organisations make informed decisions based on well-designed risk assessments. From a functional perspective, it separates security evaluation into endpoint, communications, monitoring and configuration building blocks with subdivisions for each one. Each perspective offers implementation best practices.

IIoT security comprises a complex set of industrial processes and applications, as well as significant safety and reliability requirements. Adding security can be challenging, but without it there could be serious consequences. A successful attack could cause injury, loss of life or long-term damage to the environment.

“Today, many industrial systems simply do not have adequate security in place,” said Richard Soley, executive director at IIC. “The level of security found in the consumer internet just won’t do for the Industrial Internet. In order to add security to an industrial system, you must make sure it won’t interfere with safety and reliability requirements. The IISF explores solutions to industrial problems that have plagued the industry for years. The IIC is also putting the IISF vision into practice in our testbed program.”

The IISF breaks the industrial space down into three roles — the component builders, the system builders and the operational users. The component builders create hardware and software; the system builders combine hardware and software solutions to create systems; and the operational users are the owners/operators of the systems, who manage the risk to their industrial processes. To ensure end-to-end security, industrial users must assess the level of trustworthiness of the complete system.

“Every Industrial Internet of Things project must incorporate security throughout, but doing it properly in an industrial setting means dealing with many levels and dimensions of complexity,” said Greg Gorbach, vice president at ARC Advisory Group. “The IISF security framework provides a comprehensive approach to ensure that all the bases are covered so risk is minimised.”

The IISF is an in-depth, industrial-focused security framework comprising expert vision, experience and security best practices from the IIC members. It is available free of charge. For more information, click here.

Image credit: ©Lollo/Dollar Photo Club