The Industry IoT Consortium (IIC) recently updated its Industry Internet of Things Security Framework (IISF) to drive broad industry consensus on securing Industrial Internet of Things (IIoT) systems in an endeavour to counter rising cyber-attacks on industrial control systems. By way of example, ransomware attacks alone have caused billions of dollars in damage and have impacted major industrial companies.
Commenting on the initiative, Chuck Byers, CTO of Industrial IoT Consortium said: “IIoT systems interact with actuators in the physical world where Internet security concerns can lead to loss of life or damage to systems.
“This potential risk increases the importance of security, safety, reliability, privacy, and resiliency beyond the levels expected in many traditional IT environments, and this document includes important best practices and architecture insights to help construct trustworthy IIoT systems.”
Bob Martin, Principal Engineer of MITRE Corp. and Co-Chair of the IIC Security and Trust Working Group added: “Industrial systems are vulnerable to supply chain attacks. The IISF provides a broad perspective of the many ways in which organisations can build more trustworthy systems.”
Revisions to the IISF is intended to help organisations modernise IIoT security systems and approaches with the following updates:
- Additional trustworthiness content based on the IIC Industrial IoT Trustworthiness Framework Foundations;
- Further explanation of the IIC IoT Security Maturity Model (SMM) to help organisations improve confidence in their security systems and processes;
- More detailed guidance on endpoint protection, including information on hardware-based security, key and certificate management, and secure boot;
- Additional guidance on securing wireless communications;
- Significant expansion of the considerations and guidance for security and configuration management of IT and OT security systems; and
- Future considerations for securing IIoT systems.