The Business Viewpoint of Securing the Industrial Internet
13/09/2016 Daniela Previtali
The tone of the many well-meaning discussions about the Industrial Internet of Things (IIoT) varies widely from one viewpoint of unbridled optimism about the seemingly endless possibilities to another filled with apocalyptic doom and gloom about the safety of the planet and everyone on it. Two extreme views perhaps, but there is no denying the fact that security is an issue that needs to be carefully addressed before any of those endless possibilities can become a reality in the industrial internet.
At the core of the IIoT are the industrial control systems (ICS) that are used to sense, monitor and regulate the operations of our critical infrastructure like dams, power plants, transportation systems, the electric grid and the like. In the past 10 to 15 years, there have been multiple examples of accidents that have resulted in the loss of life coming from human or computer errors in working with industrial control systems.
In the IIoT, increasing computing power, interconnectivity, and data analytics techniques have led to a convergence of ISCs and the Internet leading to tremendous gains in industrial performance. With these gains, however, come an unprecedented level of risks as systems originally designed to be isolated are now exposed to sophisticated attacks.
A successful attack on an IIoT system can be serious: interruption or stoppage of operations, destruction of systems, leaking sensitive business and personal data resulting in loss of intellectual property, loss of customers, material economic loss, and damage to brand and reputation. Conceivably, attacks could also damage critical infrastructure handling electricity, water, oil, and gas, and cause irreparable damage to the environment, injury or worse, loss of human life.
Though there is a growing awareness and concern for IIoT security, the ability to address these concerns with step-by-step roadmap has not been well coordinated until now.
The Industrial Internet Consortium® (IIC), an open membership organization with over 240 members to date, was formed to accelerate the development, adoption and wide-spread use of interconnected machines and devices, intelligent analytics, and people at work. The organization is focused on the need to protect our industrial systems from errors and attacks, whether malicious or unintentional. Working collaboratively to protect against industrial security risks, the organization has developed a common security framework and a rigorous approach to assess cybersecurity in IIoT systems. The framework and detailed approach will be published in the coming weeks in the IIC’s Industrial Internet Security Framework Technical Report (IISF).
The white paper presents a background on the emergence of the IIoT and covers many of the basic definitions and core elements of trustworthiness in IIoT systems. The white paper further explains the key system characteristics and how to evaluate an IIoT system, including convergence of Operations Technology and Information Technology, Data Management, and Greenfield vs. Brownfield deployments.
From a business standpoint, the white paper provides business leaders with metrics and key performance indicators, risk assessments and threat identification. It also describes the notion of Permeation of Trust across the IIoT system lifecycle.
The white paper delivers a brief overview of the IISF document that reflects thousands of hours contributed by security experts for the benefit of all IIoT system deployments.