Industrial Internet Security Framework v 1.0

Security Framework 9.1 9: Protecting Communications and Connectivity CRYPTOGRAPHIC PROTECTION OF COMMUNICATIONS & CONNECTIVITY Most IIoT applications should use standardized protocols whose functionality, including security and cryptography, have been evaluated and tested. IIC’s ‘Industrial Internet Reference Architecture’ 1 identifies and discusses requirements for IIoT core connectivity protocols. 9.1.1 SECURITY CONTROLS IN COMMUNICATION AND CONNECTIVITY PROTOCOLS From an architectural standpoint, information exchange among different actors within a system happens over two abstract layers: a communication access and transport layer (corresponding to Layers 1 to 4 of the OSI model) that provides for exchange of bits and bytes, and a connectivity framework layer (corresponding to Layers 5 through 7) that uses the communication transport to provide syntactic interoperability among actors by exchanging structured data. The figure below shows these abstract layers. Figure 9-2: Communication and Connectivity Layers Pr otecting communication links at each layer requires corresponding security controls and mechanisms applicable to that layer. Two important design questions are choosing which layer(s) to protect, and how to customize that protection for a given application. Security controls in all layers may induce unacceptable performance costs, but securing communication only at the lower levels (e.g., IP level, with internet protocol security (IPsec) or 1 See [IIC-IIRA2016] IIC:PUB:G4:V1.0:PB:20160926 - 83 -

Industrial Internet Security Framework v 1.0 | Page 83