Earlier this week, the Industrial Internet Consortium (IIC) released their Industrial Internet Security Framework (IISF), version 1.0. This is a sorely needed development. In our series on this topic, The IoT Security Imperative, we gave the somewhat pessimistic (realistic) assessment that “if past experience is any guide, it unfortunately may take some disastrous breaches occurring before the proper level of investment is made in IoT security. — We’ve already seen hackers taking control of everything from airplanes to baby monitors (and everything else in a ‘smart home’) to steel mills, traffic lights/traffic control systems, nuclear power plants — unfortunately, we could go on all day with this list of IoT-enabled systems that have already been hacked. So far, we haven’t seen a ‘911’ scale IoT hack that really gets the nation’s or world’s attention. We hope we won’t — but the risk is clear and present.”
Many of the scariest scenarios involve industrial systems. Hence the urgent need for a framework that guides the way for security in our industrial IoT systems. This evolving need is summed up well in the following excerpt from the ‘motivation’ section of the IISF report:
“Historically, security in trustworthy industrial systems relied on physical separation and network isolation of vulnerable components, and on the obscurity of the design and access rules for critical control systems. Security was, and still is, enforced through physical locks, alarm systems and in some cases armed guards. — Designers and operators rarely considered that these systems might one day be exposed to a global network, remotely accessible by many, from legitimate users to rogue nation-states — Systems that were originally designed to be isolated are now exposed to attacks of ever-increasing sophistication, and the design assumptions of existing operational technology (OT) systems no longer apply. A successful attack on an IIoT system has the potential to be as serious as the worst industrial accidents to date (e.g. Chernobyl and Bhopal), resulting in damage to the environment, injury or loss of human life.”
“Historically, security in trustworthy industrial systems relied on physical separation and network isolation of vulnerable components, and on the obscurity of the design and access rules for critical control systems. Security was, and still is, enforced through physical locks, alarm systems and in some cases armed guards. — Designers and operators rarely considered that these systems might one day be exposed to a global network, remotely accessible by many, from legitimate users to rogue nation-states — Systems that were originally designed to be isolated are now exposed to attacks of ever-increasing sophistication, and the design assumptions of existing operational technology (OT) systems no longer apply. A successful attack on an IIoT system has the potential to be as serious as the worst industrial accidents to date (e.g. Chernobyl and Bhopal), resulting in damage to the environment, injury or loss of human life.”The report is available for download at no cost. As with IIC’s past work, the report is comprehensive (over 125 pages, not counting the Annexes). They cover security, safety, reliability, resilience, and privacy. The report talks about security programs for managing risk. It covers a lifecycle view, including establishing trust at component builders, system builders, and operational users. It then describes a functional framework, including endpoint protection, communications and connectivity protection, monitoring, security configuration and management, data protection, and the overarching security model and policy. There is a chapter dedicated to each of these areas within the functional framework.
I have only read a few pages of the report so far, and skimmed some of the rest. What I read was well-written, well-organized, and demonstrated a solid grasp of the issues and how to approach them. For example, there is a subsection on Convergence of Information Technology and Operational Technology, which discusses how the Industrial Internet brings together the formally siloed worlds of IT and OT, the differences in approaches to security and reliability in those two worlds, and the challenges of brownfield OT deployments and adoption of cloud systems. The report appears to be full of other meaningful discussions and recommendations.
The publication of the Industrial Internet Security Framework does not magically create secure Industrial IoT systems. That can only be done by the ongoing commitment and hard work of engineers, implementers, administrators, and users, backed by the proper levels of investments and priority given to security. However, the IISF does provide a highly valuable resource and foundation for people who are serious about building safe and secure industrial IoT systems. We can only hope that enough attention is paid to this area to prevent too many security breaches resulting in major catastrophes in the ever-growing network of connected industrial IoT systems.
To view other articles from this issue of the brief, click here.