Industrial Internet Security Framework v 1.0 | Page 141
Security Framework
•
•
•
Annex C: Security Capabilities and Techniques Tables
integrity of communications,
integrity of management and monitoring operations and
holistic, architectural integrity of the entire system.
For example, techniques for ensuring the integrity of the software run on (or as) endpoints
include secure software development and risk-based security testing.
Note that correct implementation of a technique or process may depend on correct
implementation of another technique or process. For example, integrity of communications
depends in part on proper implementation and usage of cryptographic techniques such as MACs
and digital signatures, which in turn depend on proper generation, distribution, and management
of keys.
Table C-3 summarizes techniques and processes that aim at realizing availability requirements.
Notable examples include techniques for architectural availability of the system, mitigating or
preventing denial of service attacks. Successful deployment of these techniques, which include
load balancing and fault tolerance measures among others, depends on architectural threat
modeling.
Objective: Availability
Example Technique/Process
Example Requirements
Trusted manufacturing and
deployment
Endpoint availability
Physical protective enclosure
Availability of communications
Physical availability of
communications media;
Network load management;
Anti-jamming techniques
Availability of management and
monitoring operations and solutions
Evaluation methodology;
Resource allocation;
Endpoint, communications and
Planning for frequent iterative architectural availability for
security evaluation
management and monitoring
components
Architectural availability
Redundancy;
Avoiding single points of
failure;
Fault tolerance;
Load balancing;
Honeypots
Trusted manufacturing and
deployment
Architectural threat modeling
Table C-3: Techniques and Processes for Enabling System Availability
Table C-4 summarizes techniques and processes that aim to realize confidentiality requirements
for endpoints, communications and connectivity, and management and monitoring operations.
Confidentiality requirements should also be evaluated architecturally for the whole IIoT system
as indicated in the table. For example, access control techniques should be used to enforce the
principle of least privilege, thereby reducing the impact of a possible breach by insiders. This
requires policies derived from architectural threat modeling.
IIC:PUB:G4:V1.0:PB:20160926
- 141 -