Executive Briefings

Industrial Internet of Things Gets Much Needed Security Framework

The publication of the Industrial Internet Security Framework by the IIC is a vital early step towards creating security in the Industrial IoT. Strong security becomes increasingly crucial as more and more critical infrastructure becomes connected and remotely controllable.

This is a sorely needed development. Many of the scariest scenarios involve industrial systems. Hence the urgent need for a framework that guides the way for security in our industrial IoT systems. This evolving need is summed up well in the following excerpt from the "motivation" section of the IISF report:

“Historically, security in trustworthy industrial systems relied on physical separation and network isolation of vulnerable components, and on the obscurity of the design and access rules for critical control systems. Security was, and still is, enforced through physical locks, alarm systems and in some cases armed guards. Designers and operators rarely considered that these systems might one day be exposed to a global network, remotely accessible by many, from legitimate users to rogue nation-states Systems that were originally designed to be isolated are now exposed to attacks of ever-increasing sophistication, and the design assumptions of existing operational technology systems no longer apply. A successful attack on an IIoT system has the potential to be as serious as the worst industrial accidents to date (e.g. Chernobyl and Bhopal), resulting in damage to the environment, injury or loss of human life.”

Read Full Article

This is a sorely needed development. Many of the scariest scenarios involve industrial systems. Hence the urgent need for a framework that guides the way for security in our industrial IoT systems. This evolving need is summed up well in the following excerpt from the "motivation" section of the IISF report:

“Historically, security in trustworthy industrial systems relied on physical separation and network isolation of vulnerable components, and on the obscurity of the design and access rules for critical control systems. Security was, and still is, enforced through physical locks, alarm systems and in some cases armed guards. Designers and operators rarely considered that these systems might one day be exposed to a global network, remotely accessible by many, from legitimate users to rogue nation-states Systems that were originally designed to be isolated are now exposed to attacks of ever-increasing sophistication, and the design assumptions of existing operational technology systems no longer apply. A successful attack on an IIoT system has the potential to be as serious as the worst industrial accidents to date (e.g. Chernobyl and Bhopal), resulting in damage to the environment, injury or loss of human life.”

Read Full Article