Industrial Internet Security Framework v 1.0 | Page 58

Security Framework

•

•

7: IISF Functional Viewpoint

system and ensuring that it is enforced system-wide via the Network Configuration &
Management function.
Monitoring & Analysis Security Policy is the function block responsible for defining and
communication the security policy for all monitoring and analysis activities in the IIoT
system and making sure that it is enforced system-wide via the Monitoring & Analysis
function.
Configuration & Management Security Policy is responsible for setting and
communicating the security policy for the processes and controls associated with
configuration change and management in the IIoT system. The Security Management
capability is responsible for ensuring that this policy gets communicated to all the
endpoints and communications capabilities of the system.

The Security Policy includes policies for the system and sub-policies for the endpoint protection,
communications and connectivity protection, security monitoring and analysis, security
configuration and management and data protection (see individual sections 7.3 to 7.7). The
system threat analysis enables the creation of the security objectives for the system, derived
from regulations and standards. From these objectives, the applicable security policies are
selected based on the industry vertical, customer base, geographic location and other
considerations. The security policy describes the overall business-risk considerations and defines
the guidelines for securing the day-to-day proper functioning of the system. This policy is then
transformed into a security model, and determines and drives requirements to the functionality
of the building blocks of the security framework. For example, each machine-level security policy
specifically covers the security policies associated with the endpoint and the devices it may be
connected to or in control of.

7.9

FROM FUNCTIONAL TO IMPLEMENTATION VIEWPOINT

The functional viewpoint presented the six key building blocks for IIoT security. These functions
serve as guidance for implementing security end-to-end across IIoT systems in the context of
trustworthiness. A set of security design principles should guide the capabilities and techniques
employed in the implementation viewpoint of a specific implementation.
As per Saltzer and Schroeder, 1 implementers should consider eight design principles prior to
implementation of security capabilities for their IIoT system:
•
•
•

1

Principle of economy of mechanism: keep the design as simple and small as possible.
Principle of fail-safe defaults: base access decisions on permission rather than exclusion.
Principle of complete mediation: every access to every object must be checked for
authority.

See [Saltzer1974]

IIC:PUB:G4:V1.0:PB:20160926

- 58 -