An overview of the IIC Security Framework
by Jesus Molina, Security Consultant, Fujitsu & Co-chair IIC Security Working Group
Let’s get this out of the way: Industrial systems are getting networked. Your house appliances will get networked as well soon.
In the Industrial Internet evolution, large amounts of data collected from connected devices is used to improve their performance in real time, by means of powerful algorithms. Asking the questions of “Why does my car, a manufacturing machine or an insulin pump require networking?” is no different than a similar question raised in earlier industrial revolutions: Replace horses with boiling water? Explosions to drive a rotor? Electricity to burn a filament? All those ideas appeared to be extremely unsafe and ill-conceived at the time.
But as a result, cars now provide plenty of “horse-power,” but are still dumb enough to kill more than a million people every year. And light bulbs have been lighting our houses for decades, but cannot switch off automatically when not needed. The Industrial Internet Revolution will provide cognition to previously inert elements, leading to unprecedented performance and safety gains. But it requires us to deal with new challenges, and one stands out from the pack: how to secure all of those networked elements and their communications, in what we call the Industrial Internet of Things (IIoT).
Trustworthy Industrial Systems
The creation of trustworthy ind ustrial systems has evolved over time. At the beginning, the only key characteristic for the new machines was to work reliably, without breaking or exploding. Resiliency was added shortly thereafter, to shield the machines from unexpected problems. To this characteristic, safety was later added, to prevent the machine from harming the environment or the people around them. In the Industrial Internet two more key characteristics need to be added: security, so the system cannot be modified by cyberattacks; and privacy, so data collected cannot be misused by unintended parties.
Evolution of IIoT System Trustworthiness
As an example, think back to a time when the only goal of manufactured cars was simply not to break. Resilience features, such a rubber wheels were added later. Then, slowly, safety features were added, including headlamps, windshield wipers, seat belts, ABS brakes and airbags. Now, to improve safety and usability, new cars are getting networked, but in the process, security must be a requirement. Manufacturers need to prevent them from being hijacked by hackers and, respecting privacy, prevent location information and other communications from being disclosed.
Cars are just one example of networked IIoT devices. Many devices across many vertical industries are being networked, all requiring protection in terms of security and privacy. Other examples include printing machines in manufacturing; X-ray devices and insulin pumps in healthcare; planes, ships and trains in transportation; and whole buildings, campuses and cities. In terms of protecting this industrial revolution, we must not fail. Security and safety are entangled. Security evaluations of IIoT systems need to be methodical, thorough and dynamic.
Utilizing the Industrial Internet Reference Architecture (IIRA), published in 2015, the IIC Security Working Group has developed a framework that span all domains: Security Policy, Data Protection, Endpoints, Monitoring and Configuration Management.
For each area, we further divided into other areas and focused on implementation strategies. All of these were developed with the understanding that many industrial systems rely on machinery with life-spans usually much longer than in IT, and that many of these legacy systems, that cannot be easily secured, need to be incorporated into the security policy.
Testbeds Provide Learning Opportunities
The Security Framework is not only academic; it is demonstrated in practice as well. The Security Working Group evaluated the security posture of all testbeds approved by the IIC, which currently number about twenty. As part of the process to approve a testbed into the IIC ecosystem, a key requirement is to declare the plans for how to implement security. As testbeds span different verticals, such as healthcare, manufacturing or agriculture, commonality for the security approaches to protect these verticals have emerged.
As most of these testbeds are in the early stages, the best question is yet to be answered: how will all these testbeds implement the proposed security solutions from the different functional parts of the system that have been described in the IIRA and now in the Security Framework. To complement solution-based testbeds, horizontal testbeds such as the Security Claims Testbed evaluate new security technologies focusing on industrial systems in different verticals.
The Security Framework will drive the evaluation methodology for security. Maturity models and frameworks (such as the C2M2) will be explored to properly asses the security posture of testbeds. This will allow IIC members to focus on the parts of the system that need to evolve in terms of security enhancements, while providing additional learning opportunities from the testbeds that have already matured.
Protecting the IIoT is complex, as it was adding other key characteristics to industrial systems in the past. At the IIC we are committed to providing the tools to accelerate the process, with the help of the hundreds of member companies that form the Consortium. Security is a priority, and the key to the success of the Industrial Internet Revolution.