BOSTON — The Industry IoT Consortium (IIC) published updates to its comprehensive and unique Industry Internet of Things Security Framework (IISF), initially published as Industrial Internet Security Framework. This foundational document creates broad industry consensus on securing IIoT systems at a time when cyber-attacks on industrial control systems are on the rise. Ransomware attacks have caused billions of dollars in damage and have impacted major industrial companies, such as Colonial Pipeline, Mondelez, Maersk, and FedEx.
“IIoT systems interact with actuators in the physical world where internet security concerns can lead to loss of life or damage to systems,” said Chuck Byers, CTO of the IIC. “This potential risk increases the importance of security, safety, reliability, privacy, and resiliency beyond the levels expected in many traditional IT environments, and this document includes important best practices and architecture insights to help construct trustworthy IIoT systems.”
“The IIoT includes many participants from the energy, health care, manufacturing, transportation, and public sectors, each of which must consider security,” said Keao Caindec, CEO of Farallon Technology Group and co-chair of the IIC Security and Trust Working Group. “This update to the IISF represents a collaboration and consensus among the IIC members who share an interest in protecting SCADA/ICS systems that are critical to industrial digital transformation.”
“As we have seen with recent attacks, such as SolarWinds and MoveIT, federal and industrial systems are vulnerable to supply chain attacks,” said Bob Martin, senior principal engineer of MITRE Corp. and co-chair of the IIC Security and Trust Working Group. “The IISF provides a broad perspective of the many ways in which organizations can build more trustworthy systems.”
Revisions to the IISF will help organizations modernize IIoT security systems and approaches. It includes the following updates:
- Additional trustworthiness content based on the IIC Industrial IoT Trustworthiness Framework Foundations.
- Further explanation of the IIC IoT Security Maturity Model (SMM) to help organizations improve confidence in their security systems and processes.
- More detailed guidance on endpoint protection, including information on hardware-based security, key and certificate management, and secure boot.
- Additional guidance on securing wireless communications.
- Significant expansion of the considerations and guidance for security and configuration management of IT and OT security systems.
- Future considerations for securing IIoT systems.
“The IISF outlines how organizations can improve the trustworthiness of OT systems by securing IIoT endpoints, communications, and systems,” said Marcellus Buchheit, CEO of Wibu-Systems USA, and contributor to the IISF. “This guidance is related to the IIC IoT Security Maturity Model, which provides a detailed model and guidance for IoT stakeholders to establish security maturity targets, perform assessments, and create road maps to address maturity gaps in IoT systems.”
“Innovation and improving sustainability require the bold adoption of new technologies and approaches that often increase operational risk,” said Bassam Zarkout, CEO of IGnPower and contributor to the IISF. “Organizations should consider leveraging the IISF and the IIC’s many resources to accelerate their digital transformation strategy.”