Industry IoT Consortium updates IIoT Security Framework
The Industry IoT Consortium (IIC) has published updates to its Industry Internet of Things Security Framework (IISF), initially published as Industrial Internet Security Framework. This foundational document creates broad industry consensus on securing Industry Internet of Things (IIoT) systems at a time when cyber-attacks on industrial control systems are on the rise. Ransomware attacks have caused billions of dollars in damage and have impacted major industrial companies such as Colonial Pipeline, Mondelez, Maersk, and FedEx.
“IIoT systems interact with actuators in the physical world where Internet security concerns can lead to loss of life or damage to systems,” says Chuck Byers, CTO of Industry IoT Consortium. “This potential risk increases the importance of security, safety, reliability, privacy, and resiliency beyond the levels expected in many traditional IT environments, and this document includes important best practices and architecture insights to help construct trustworthy IIoT systems.”
“The IIoT includes many participants from the energy, healthcare, manufacturing, transportation, and public sectors, each of which must consider security,” says Keao Caindec, CEO of Farallon Technology Group and co-chair of IIC Security and Trust Working Group. “This update to the IISF represents a collaboration and consensus among the IIC members who share an interest in protecting SCADA/ICS systems that are critical to industrial digital transformation.”
“As we have seen with recent attacks such as SolarWinds and MoveIT, Federal and industrial systems are vulnerable to supply chain attacks,” says Bob Martin, senior principal engineer of the MITRE Corporation and co-chair of IIC Security and Trust Working Group. “The IISF provides a broad perspective of the many ways in which organisations can build more trustworthy systems.”
Revisions to the IISF will help organisations modernise IIoT security systems and approaches. It includes the following updates:
- Additional trustworthiness content based on the IIC Industrial IoT Trustworthiness Framework Foundations
- Further explanation of the IIC IoT Security Maturity Model (SMM) to help organisations improve confidence in their security systems and processes
- More detailed guidance on endpoint protection, including information on hardware-based security, key and certificate management, and secure boot
- Additional guidance on securing wireless communications
- Significant expansion of the considerations and guidance for security and configuration management of IT and OT security systems
- Future considerations for securing IIoT systems
“The IISF outlines how organisations can improve the trustworthiness of OT systems by securing IIoT endpoints, communications and systems,” says Marcellus Buchheit, CEO of Wibu-Systems USA, and contributor to the IISF. “This guidance is related to the IIC IoT Security Maturity Model, which provides a detailed model and guidance for IoT stakeholders to establish security maturity targets, perform assessments and create roadmaps to address maturity gaps in IoT systems.”
“Innovation and improving sustainability require the bold adoption of new technologies and approaches that often increase operational risk,” says Bassam Zarkout, CEO of IGnPower and contributor to IISF. “Organisations should consider leveraging the IISF and the IIC’s many resources to accelerate their digital transformation strategy.”
Comment on this article below or via Twitter @IoTGN