Industrial Internet Consortium releases collaborative report made up of the collective cyber-security wisdom of over 25 organisations.
The Industrial Internet Consortium has published a report detailing a security framework for the Industrial Internet of Things (IIoT). The organisation has more than 250 members, and was formed in 2014 to accelerate the development, adoption, and wide-spread use of interconnected machines and devices.
In the report, which can be downloaded on the IIC website, the consortium emphasizes the importance of five IIoT characteristics – safety, reliability, resilience, security and privacy. Together these will act as the pillars of “trustworthiness” in IIoT systems. The report also defines risk, assessments, threats, metrics and performance indicators to help business managers protect their organisations.
The IIC’s offering, catchily titled ‘The Industrial Internet Reference Architecture Technical Report‘, simplifies the Industrial IoT into three parts to highlight the five safety characteristics mentioned above.
These are component builders, system builders, and operational users. Component builders create hardware and software, while system builders combine the two to develop solutions. Operational users apply the systems and are the ones left to manage security risks. To ensure end-to-end security, the report says, industrial users must assess the level of trustworthiness of the complete system.
This notion of standardised, end-to-end security was echoed by Greg Gorbach, vice president of ARC Advisory Group.
“Every Industrial Internet of Things project must incorporate security throughout, but doing it properly in an industrial setting means dealing with many levels and dimensions of complexity,” he said. “The IISF security framework provides a comprehensive approach to ensure that all the bases are covered so risk is minimised.”
Industrial Internet Consortium: systems “lack adequate security”
The Industrial Internet Consortium aims to put forward ideas on security from business, functional and implementation perspectives. The hope is that the combined knowledge and expertise of its members will help plug the gaps in IIoT security. The body has also been quick to point out that measures designed for the consumer IoT will not necessarily be transferable for business cases.
Dr. Richard Soley, executive director of the IIC, said “Today, many industrial systems simply do not have adequate security in place. The level of security found in the consumer Internet just won’t do for the Industrial Internet. In order to add security to an industrial system, you must make sure it won’t interfere with safety and reliability requirements.”
“The IISF explores solutions to industrial problems that have plagued the industry for years. The IIC is also putting the IISF vision into practice in our testbed program.”