Security Framework
8 : Protecting Endpoints
attacks on data access may impede timely and accurate execution of the endpoint functionality resulting in costly outcomes .
• Breach of the Monitoring & Analysis system , 12 : An attacker could gain visibility on the functions of the monitored system . For example , an attacker could modify monitoring data to make it appear as if a particular event did not occur . Modification of the security logs and monitoring data may result in undetected vulnerabilities or compromised states . As a result , attackers would benefit from a coverage gap , compromising endpoint hardware and software or destroying evidence of their activities after an attack .
• Vulnerabilities in Configuration & Management , 13 : Vulnerability of the Configuration & Management system may result from improper access control to the configuration management system , insertion of unauthorized changes in the system or corruption of update payloads . Updates to the endpoints should be planned and managed so as to limit the number of different operational configurations and reduce fragmentation of the fleet .
• Uncontrolled changes to Security Policy and Model , 14 : Modification of the security policy and derived security models represent a serious threat to the system and its endpoints . Equally , weakness in the security policy is an area for exploitation by potential attackers .
• Vulnerabilities in the Development Environment , 15 : The introduction of weaknesses during the software development lifecycle can leave the IIoT systems susceptible to attack . These weaknesses may be introduced during architecting , designing , or writing of the code . Use of vulnerable or malicious libraries or untrusted development frameworks may lead to their inclusion in the resulting code running in the IIoT system .
After consideration of all the above-mentioned potential threats to the endpoint , a sound and thorough assurance process is required to ensure that the resulting system is trustworthy . Gaining assurance about the software integrity of the endpoint includes gathering evidence across all of the development and operational lifecycle . This effort should determine whether potential weaknesses , like those in ‘ Common Weakness Enumeration ’ ( CWE ) 1 have been avoided , removed or remediated , and then tagging that baseline and using it to verify that correct software is loaded at boot . The ISO / IEC 19770 2 specification on Software Tagging may be useful for tagging software at the source . This provides assurance that those packages come from authenticated and authorized sources .
8.2 ARCHITECTURAL CONSIDERATIONS FOR PROTECTING ENDPOINTS
Implementing security on endpoints depends upon their computational and communication capabilities . On the edge , endpoints may be resource-constrained devices with less computing power and with static configurations . In the cloud , endpoints may be servers with extraordinary computational capability and dynamic configurations .
1
See [ CWE ]
2
See [ ISO-19770 ] IIC : PUB : G4 : V1.0 : PB : 20160926 - 63 -