Defining cyber security has been a major challenge for the industry. Industrial cyber security is primarily about the coming together of the principles of safety from the OT environment and the ideals of security from the IT environment. A lack of clarity in this aspect has made it difficult for end users to understand and identify security as a critical issue that needs systematic investment.
The advent of IIoT and digitalization within manufacturing has been helpful in driving a need for clarity on this subject. In this regard, the IIC, a key organization on IIoT has come out with a common industrial security framework called the Industrial Internet Security Framework (IISF). The IISF was designed to enable the convergence of IT’s and OT’s trustworthiness and sets the architectural framework and direction for the Industrial Internet. The IISF emphasizes the importance of the five characteristics of IIOT.
Trustworthiness for the OT environment implies safety, reliability, and availability of services at all times during the day. This trustworthiness is more about securing the physical safety of the plant under lock and key. On the other hand, trustworthiness for the IT environment implies securing the plant’s assets, network, and the data generated by these connected devices. The bonus of trustworthiness is higher on the IT environment where the downside of security is very high. With the convergence of these two environments, the definition of trustworthiness has converged as well.
In addition, the IISF framework would help manufacturers keep track of risks, assessments, threats, metrics, and performance indicators that guard the security of their organizations. To date, safety has been the first priority in the OT world that includes the safety of human life, plant facilities, and the operating environment. Following safety, reliability and resilience are other related priorities for industrial end-users.
Given that current OT systems are not connected, security has not been in the radar of most end-users. In contrast in the IT world, security, privacy, and reliability are extremely important to IT systems. Safety is rarely an issue, and resilience is more of a priority for cases where business continuity is critical.
The IISF comprises the following components, each addressing the different needs and aspects of security for IIoT:
- Introduction of key system characteristics for IIoT and examination of the requirements that make these systems trustworthy.
- Identification, communication, and management of risks associated with security, along with the assessment approach for the security of organizations, architectures, and technologies.
- Definition of best practices for safeguarding endpoints, communication, connectivity, configuration management, and monitoring
To take a deeper dive and learn more on this topic, check out our Essential Guide to Cyber Security in the Era of IIoT.