Industrial Internet Security Framework v 1.0 | Page 141

Security Framework • • • Annex C: Security Capabilities and Techniques Tables integrity of communications, integrity of management and monitoring operations and holistic, architectural integrity of the entire system. For example, techniques for ensuring the integrity of the software run on (or as) endpoints include secure software development and risk-based security testing. Note that correct implementation of a technique or process may depend on correct implementation of another technique or process. For example, integrity of communications depends in part on proper implementation and usage of cryptographic techniques such as MACs and digital signatures, which in turn depend on proper generation, distribution, and management of keys. Table C-3 summarizes techniques and processes that aim at realizing availability requirements. Notable examples include techniques for architectural availability of the system, mitigating or preventing denial of service attacks. Successful deployment of these techniques, which include load balancing and fault tolerance measures among others, depends on architectural threat modeling. Objective: Availability Example Technique/Process Example Requirements Trusted manufacturing and deployment Endpoint availability Physical protective enclosure Availability of communications Physical availability of communications media; Network load management; Anti-jamming techniques Availability of management and monitoring operations and solutions Evaluation methodology; Resource allocation; Endpoint, communications and Planning for frequent iterative architectural availability for security evaluation management and monitoring components Architectural availability Redundancy; Avoiding single points of failure; Fault tolerance; Load balancing; Honeypots Trusted manufacturing and deployment Architectural threat modeling Table C-3: Techniques and Processes for Enabling System Availability Table C-4 summarizes techniques and processes that aim to realize confidentiality requirements for endpoints, communications and connectivity, and management and monitoring operations. Confidentiality requirements should also be evaluated architecturally for the whole IIoT system as indicated in the table. For example, access control techniques should be used to enforce the principle of least privilege, thereby reducing the impact of a possible breach by insiders. This requires policies derived from architectural threat modeling. IIC:PUB:G4:V1.0:PB:20160926 - 141 -