Industrial Internet Security Framework v 1.0 | Page 24

Security Framework

4: Distinguishing Aspects of Securing the IIoT

Many systems today still rely on physical security (locked doors and guards), isolation of OT
networks and the obscurity of industrial protocols to compensate for a lack of cyber-security. But
it doesn’t work. For example, wired and wireless networking circumvents traditional physical
controls such as doors and walls, because the network extends past physical boundaries.
From the attacker perspective, legacy OT systems are now a desirable target. Many industrial
systems are routinely breached 1 due to out-of-date security protections. Eventually attackers will
devise blueprints for monetizing OT breaches and the rate of attacks will increase dramatically.
Attack payloads for complex OT end-points (such as nuclear centrifuges) have only been available
to nation-state players, but that may also change.
Finally, traditional OT systems were designed to operate industrial processes safely and reliably
without any communication to any external network. As IIoT systems incorporate OT
components and subsystems created without security in mind, they may have unpredictable
behaviors due to reuse or repurposing of their components. IIoT practitioners need to consider
feature and function interactions carefully to address these concerns. Implementing security for
existing brownfield OT environments should be as non-invasive as possible. Network perimeter
protections such as firewalls, data diodes and routers, and passive network intrusion detection
technologies that detect undesired activities, must be carefully deployed to enforce isolation
between the OT control environment and networks external to the control systems.

4.5

CLOUD SYSTEMS IN THE IIOT

One of the benefits of the IIoT is the possibility of analysis and control of the OT infrastructure
using external networked computing power. This practice of using remote servers to store,
manage and process data, rather than a local server or computer, is called cloud computing.
Organizations such as the Cloud Standards Council and the Cloud Security Alliance 2 offer ample
guidance on the architecture and security of cloud computing. We focus here on the
distinguishing aspects data-cloud systems need to account for in IIoT systems.
In a typical IIoT system, thousands of devices communicate with a cloud system, and possibly
store data on them. Using shared third-party service providers creates a number of trust
boundaries that can affect security and privacy. Information must be protected for security and
privacy. Information flowing into control systems must be adequately secured to protect the
safety and resilience of physical processes. For example, stolen credentials may allow attackers
to control physical infrastructure remotely and facilitate attacks on many of the vendor’s
customers simultaneously. Moreover, attacks on other cloud customers or the platform may
propagate, allowing attacks on the process owner.

4.6

IMPLICATIONS FOR SECURING THE IIOT

There is a need for an evolution in both business and implementation as it relates to security.
From the business perspective, we look more closely at how risk is managed. Regulatory
1
2

See [SANS-SSCS]
See [CCSS-AIOT] and [CSA-IOT]

IIC:PUB:G4:V1.0:PB:20160926

- 24 -