Industrial Internet Security Framework v 1.0 | Page 83
Security Framework
9.1
9: Protecting Communications and Connectivity
CRYPTOGRAPHIC PROTECTION OF COMMUNICATIONS & CONNECTIVITY
Most IIoT applications should use standardized protocols whose functionality, including security
and cryptography, have been evaluated and tested. IIC’s ‘Industrial Internet Reference
Architecture’ 1 identifies and discusses requirements for IIoT core connectivity protocols.
9.1.1 SECURITY CONTROLS IN COMMUNICATION AND CONNECTIVITY PROTOCOLS
From an architectural standpoint, information exchange among different actors within a system
happens over two abstract layers: a communication access and transport layer (corresponding to
Layers 1 to 4 of the OSI model) that provides for exchange of bits and bytes, and a connectivity
framework layer (corresponding to Layers 5 through 7) that uses the communication transport
to provide syntactic interoperability among actors by exchanging structured data. The figure
below shows these abstract layers.
Figure 9-2: Communication and Connectivity Layers
Pr otecting communication links at each layer requires corresponding security controls and
mechanisms applicable to that layer. Two important design questions are choosing which layer(s)
to protect, and how to customize that protection for a given application.
Security controls in all layers may induce unacceptable performance costs, but securing
communication only at the lower levels (e.g., IP level, with internet protocol security (IPsec) or
1
See [IIC-IIRA2016]
IIC:PUB:G4:V1.0:PB:20160926
- 83 -