IISF - a comprehensive approach to protect the industrial internet- separates security evaluation into endpoint, communications, monitoring and configuration building blocks with subdivisions for each one
To accelerate adoption of the Industrial Internet of Things (IIoT), the Industrial Internet Consortium (IIC), the global, public-private organization formed Industrial Internet Security Framework (IISF) - a common security framework that addresses security issues in IIoT systems.
The Industrial Internet Security Framework (IISF) emphasizes the importance of five IIoT characteristics that help define “trustworthiness” in IIoT systems, namely – safety, reliability, resilience, security and privacy. Ending the long pending security issues, the IISF also defines risk, assessments, threats, metrics and performance indicators to help business managers protect their organizations.
IIoT security cannot be considered in isolation. It comprises a complex set of industrial processes and applications as well as significant safety and reliability requirements. For example, although it is desirable to implement predictive maintenance capabilities in high-value electric power generation equipment, doing so may open the door to new threats. Adding security in this scenario can be challenging but without it, there could be serious consequences as a successful attack could cause injury, loss of life, or long-term damage to the environment.
The IISF delivers security from business, functional and implementation perspectives. It helps business managers within industrial organizations make informed decisions based on well-designed risk assessments.
From a functional perspective, the IISF separates security evaluation into endpoint, communications, monitoring and configuration building blocks with subdivisions for each one. Each perspective offers implementation best practices.
The IISF breaks the industrial space down into three roles –
- The component builders
- The system builders
- The operational users
The component builders create hardware and software; the system builders combine hardware and software solutions to create systems; and the operational users are the owner/operators of the systems who manage the risk to their industrial processes posed by the systems. To ensure end-to-end security, industrial users must assess the level of trustworthiness of the complete system and is available free of charge.