Industrial Internet Security Framework v 1.0 | Page 13

Security Framework

2: Motivation

implementation and design issues for each vertical target segment in the IIoT will be covered in
a collection of documents (“V” series) capturing security-relevant topics as part of the use cases,
testbeds, solutions and best practices for each of the addressed vertical markets as illustrated by
❹. More specific to security as a system characteristic across all vertical markets, security use
cases, security solutions, and security best practices are covered as part of system-thematic
specific documents as shown in ❺. Other key system characteristics such as safety and privacy
will be addressed in topic-specific frameworks and will be covered in documents across all layers
of the document stack in a similar fashion to security. Finally, all security related terms used in
this document and their respective definitions are provided in a common ‘Industrial Internet of
Things, Volume G8: Vocabulary’ document shown in ❻.

2 MOTIVATION
Industrial Internet of Things (IIoT) systems connect and integrate different types of control
systems and sensors with enterprise systems, business processes, analytics and people. These
systems differ from traditional industrial control systems by being connected extensively to other
systems and people, increasing the diversity and scale of the systems.
Historically, security in trustworthy industrial systems relied on physical separation and network
isolation of vulnerable components, and on the obscurity of the design and access rules for
critical control systems. Security was, and still is, enforced through physical locks, alarm systems
and in some cases armed guards. The potential for human error or misuse was primarily through
direct access and concerns focused on disrupting the safety and reliability of the system, with
those risks mitigated by good design, analysis and reviews, thorough testing and training.
Designers and operators rarely considered that these systems might one day be exposed to a
global network, remotely accessible by many, from legitimate users to rogue nation-states.
Over the past few decades, increasingly affordable computing power, ubiquitous connectivity
and evolving data analytics techniques have opened the door to convergence of control systems,
business systems and the internet. This convergence started small, initially being used for remote
monitoring and management of systems, but quickly expanded to include mining and analyzing
operations data for performance metrics to predict failures, optimize across fleets and perform
remote software upgrades. This convergence has increased productivity, efficiency and
performance of the existing operational processes and enabled the creation of new ways of
leveraging operations data, thus delivering business value now and into the future.
But with these gains come risks. Systems that were originally designed to be isolated are now
exposed to attacks of ever-increasing sophistication and the design assumptions of existing
operational technology (OT) systems no longer apply. A successful attack on an IIoT system has
the potential to be as serious as the worst industrial accidents to date (e.g. Chernobyl and
Bhopal), resulting in damage to the environment, injury or loss of human life. There is also risk of
secondary damage such as disclosure of sensitive data, interruption of operations and
destruction of systems during such an attack. The results of attacks on IIoT systems may be
widespread and comparable to large natural disasters, but stemming from malicious intent. This
will result in damage to brand and reputation, material economic loss and potential damage to
IIC:PUB:G4:V1.0:PB:20160926

- 13 -