Industrial Internet Security Framework v 1.0 | Page 10

Security Framework 1: Overview Part I: Introduction An Industrial Internet of Things (IIoT) system connects and integrates industrial control systems with enterprise systems, business processes and analytics. An IIoT system enables significant advances in optimizing decision-making, operations and collaborations among a large number of increasingly autonomous control systems. These systems differ from traditional industrial control systems by being connected extensively to other systems and people, increasing their diversity and scale. They also differ from traditional information technology (IT) systems in that they use sensors and actuators in an industrial environment. These are typically systems that interact with the physical world where uncontrolled change can lead to hazardous conditions. This potential risk increases the importance of safety, reliability, privacy and resiliency beyond the levels expected in many traditional IT environments. Such IIoT systems may also have data flows that include multiple intermediary organizations, requiring security approaches beyond simple approaches such as link encryption. Having long lifetimes, IIoT systems include legacy installations and are regulated because human health and safety is at risk. The cultures of operational and information technology worlds differ, leading to a need to integrate these cultures for IIoT systems. All of these differences have implications on how these systems need to be secured. Part I examines key system characteristics, clarifying how they should each be assured and assured together to create a trustworthy system appropriate for IIoT systems, taking into account what makes these systems different. IIC:PUB:G4:V1.0:PB:20160926 - 10 -