New IIC White Paper: The Business Viewpoint for Securing the Industrial Internet
Part of the Industrial Internet Consortium’s (IIC’s) mission is to bring together different viewpoints to share information and find common ground for progress. Frankly, we haven’t encountered a topic more polarizing than cybersecurity. But we believe that understanding the different business and technical drivers behind OT and IT are essential to creating a best practices security framework that will benefit industrial enterprises.
Toward that end, today the IIC published a new white paper, “Industrial Internet Security Framework: Executive Overview.” The white paper is a CliffsNotes version of the Security Framework document that will be published by the IIC’s Security Working Group this summer. It was written to bring the Security Framework doc – which, as you might imagine is quite dense and complex – to an approachable and understandable level. While the Framework doc itself targets CTO and CISOs, the white paper is recommended reading for CEOs and business managers.
Industrial networks, which were originally designed to be isolated, are now exposed to continuous attacks of ever-increasing sophistication. Additionally, with the proliferation of connected devices worldwide, there is a need to protect against not only malicious intent but also errors and mischance. The IIC believes that these factors combine to create a perfect storm that represents a major threat to world safety and security.
The Security Framework evolved naturally from, and builds upon, the IIC’s previously published Industrial Internet Reference Architecture (IIRA). This ensures that security is not just bolted onto the architecture, but rather is a fundamental part of it.
The Business Viewpoint for Securing the Industrial Internet white paper provides a foundation for understanding the IIC’s approach to best practices for cybersecurity for the IIoT. It defines basic security elements and key requirements while describing common models such as converged IT/OT environments, data in the cloud, and greenfield versus brownfield deployments. The Security Working group has done yeoman’s work to wrestle all of these variables into a cohesive whole. Until now, no organization has taken on this monumental, yet critical, challenge.
Addressing Security Concerns
Security concerns can be overwhelming, and are often cited as a major concern, a barrier, or even a reason holding organizations back from implementing an Internet of Things (IoT) strategy. According to a joint study published in June 2016 by Genpact Research, Industry Week and Penton Publishing, the key obstacles businesses face when leveraging IIoT technology include data security (37%) and privacy concerns (33%). Additionally, over half of the business executives surveyed (58%) feel that the IIoT increases their company's susceptibility to cyberattacks.[i]
The continuing explosion of connected devices provides opportunities for unprecedented growth and performance gains in industrial systems. Unfortunately, this growth also exposes extraordinary increases in risks to plant personnel, to the businesses that operate industrial processes, as well as to society and the environment at large. It’s challenging, especially considering the exponential increase in the amount of exposed data.
With its landmark Framework, the Security Working Group has developed a common approach to security and a rigorous methodology to assess security in Industrial Internet systems. It describes the consequences of merging different security fields, provides guidance on how to select and achieve security objectives, and describes how to leverage technologies to overcome cyber-sabotage and cyber-espionage.
Whether your business is considering, or already in the midst of deploying an IoT strategy, security concerns should be top of mind. As we’ve learned, the rush to deploy should not overshadow security requirements. Some questions to ask your IT/OT teams:
- What is the best way to keep our facilities, systems and people safe?
- How reliable is our equipment and technology solutions?
- How can you manage the risk of cyber-attacks on our business, or our customer’s businesses?
- How do clouds, private clouds and Fog change the equation?
The Industrial Internet Consortium takes all of these concepts a step further with actual testbeds to prove out and optimize the security of real-world IIoT systems. Here, members contribute to the evolution of the technology, with improved endpoint protection, communication security and data protection. For more information on the challenges of securing the Industrial Internet and the Industrial Internet Consortium, please visit http://iiconsortium.com.
- Download the Security Framework Overview Whitepaper: The Business Viewpoint of Securing the Industrial Internet
- Download the Industrial Internet Reference Architecture
- Read the IIC’s Security Case Studies
- Attend the upcoming IIC Security Forum
[i]Source: A survey of 173 senior executives from manufacturing and related industries spearheaded by Genpact Research Institute in collaboration with GE Digital, the Industrial Internet Consortium and IndustryWeek Custom Research. Click here for the report.