Security framework released for industrial Internet of Things

Security experts have warned for some time that the so-called Internet of Things opens many vulnerabilities when interconnecting industrial devices across a public distributed network.

Now C-level executives who aren’t sure what to do about it can consult a security framework published by the Industrial Internet Consortium, a group of over 240 vendors and associations including Schneider Electric, General Electric, Fujitsu, Intel, Kaspersky, Cisco Systems, Symantec, Microsoft and SAP. The framework emphasizes the importance of five industrial IoT characteristics – safety, reliability, resilience, security and privacy, as well as defines risk, assessments, threats, metrics and performance indicators to help business managers protect their organizations.

“Today, many industrial systems simply do not have adequate security in place,” Richard Soley, the consortium’s executive director. “The level of security found in the consumer Internet just won’t do for the Industrial Internet. In order to add security to an industrial system, you must make sure it won’t interfere with safety and reliability requirements. The (framework) explores solutions to industrial problems that have plagued the industry for years.”

Because Internet-connected industrial control systems (ICS) — everything from sensors on electrical grids and pipelines to medical devices — often link with enterprise systems, they are just as much a target for attackers as the servers, switches and routers on the corporate side. And if compromised the effect can be tremendous — possibly shutting down power stations, for example. Industrial Internet systems may also connect with intermediary organizations, so link encryption may not be a solution. Another complication is the devices have long lifetimes.

The security framework goes along with reference architecture, connectivity and other guides previously published by the consortium. This document separates security evaluation into endpoint, communications, monitoring and configuration building blocks, each with implementation best practices.

It also breaks the industrial space down into three roles: Component builders (who build hardware and software), system builders (better known to readers here a system integrators) and operational users.  To ensure end-to-end security, the consortium notes industrial users must assess the level of trustworthiness of a complete system.

As for the future, the concluding note in the framework points out that as the sheer volume of data required for managing devices increases, there’s a point where centralized security management ceases to be effective and efficient. Instead, embedding security into each piece of equipment individually, and empowering the equipment with the security context required to make safe decisions, might become a far more scalable approach.

“Though arguably not as transformational as the industrial revolution in the 1800’s, the Industrial Internet revolution will certainly bring about major improvements in the quality of our day-today lives,” the report concludes. “The world may see quicker adoption of IIoT in emerging countries thanks to more opportunity for new greenfield deployments. But, we must take care and apply the appropriate level of forethought and wisdom to ensure that the technological advances do not cost us dearly in the end. There may be a finite period—a window of opportunity—where we can design a cohesive security vision that realizes endpoint-to-endpoint secure communication and enables security management and monitoring.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now