Industrial Internet Security Framework v 1.0 | Page 16

Security Framework

3: Key System Characteristics Enabling Trustworthiness

characteristics have been met. Assurance cases demonstrate to stakeholders that their
expectations for each key system characteristic have been met.1
An abuse case is a test that provides inappropriate inputs to determine how the system responds.
Abuse cases are similar to use cases in that they make an interaction explicit; they differ in that
the result of the interaction is harmful. 2 Abuse tests that fail are evidence to support the claims.
With appropriate misuse and abuse testing included in the assurance case, the stakeholders can
gain confidence that attackers’ influence has been limited. These cases can be used both for
requirements analysis and testing.
A threat model is a systematic approach to the definition of potentially hazardous events and
malicious attacks to the system. It begins with identifying the most important ways in which
system behavior may be compromised. The types of security violations are then elaborated into
concrete threats, and they may be validated using abuse cases. This top-down approach reveals
other threats so that comprehensive security measures can be developed during system design,
implementation, configuration and maintenance.

3.2

SECURITY

Security is the condition of the system being protected from unintended or unauthorized access,
change or destruction.
The secure behavior of a system is a continuum, not a Boolean state. No IIoT system can behave
securely in every context so the specific contexts deemed relevant must be explicitly stated along
with the secure behavior that the stakeholders expect.
Assurance of security is often assessed in terms of risk. Elements of security risk include a threat
(someone or something that is attempting to do harm), the targeted asset (that has a value), a
potential vulnerability or weakness of the asset that the threat will exploit, and countermeasures
that attempt to reduce the likelihood and impact of any security incidents.
The elements that need be upheld to provide the security of information and system assets are
confidentiality, integrity and availability, often referred to by the acronym CIA.
Confidentiality is the property that information is not made available or disclosed to unauthorized
individuals, entities or processes. Breaches of confidentiality can occur by word of mouth,
printing, copying, emailing, or through software vulnerabilities that allow attackers to read or
exfiltrate data. Data exfiltration is the unauthorized transfer of data read through exploits at
another location under the control of the attacker. This data may be used for blackmailing or
other purposes. Confidentiality controls include access control and encryption technologies.
Integrity ensures that improper information modification or destruction is guarded against.
Integrity controls include hashes, checksums, anti-virus functionality, whitelisting and code
signing that ensure there have been no changes to the system, code and elements controlling
1
2

See [NIST-7608]
See [McDer1999]

IIC:PUB:G4:V1.0:PB:20160926

- 16 -