Industrial Internet Security Framework v 1.0 | Page 41

Security Framework

6: Permeation of Trust in the IIoT System Lifecycle

Figure 6-3: Trust Relationship between Component Builders

These components may be delivered in the form of a service integrating and exposing both
hardware and software components. The trust in service components is assured by the
fulfillments of the requirements of the SLAs by these components and their subcomponents. For
infrastructure as a service (IaaS) such subcomponents may include hardware and low-level
software components such as firmware and hypervisors. Platform as a service (PaaS) usually
includes as subcomponents operating systems, system components such as databases and
application frameworks. Finally, software as a service (SaaS) may have other software
subcomponents running on a third-party platform. In all three of these service offerings, the main
component builder is responsible for the permeation of trust through all the subcomponents of
the service.
Vendors and manufacturers seek to implement incremental value-adds to products already in
the market, and so maintain the return on investment on the research and development required
to implement trust. However, if the manufacturer and vendor do not implement appropriate
trust mechanisms, it is difficult for the system builders and equipment owner/operators to
implement those mechanisms later on. The trust must be designed in from the beginning.

IIC:PUB:G4:V1.0:PB:20160926

- 41 -