The Industry IoT Consortium (IIC) has updated its Industry Internet of Things Security Framework (IISF), initially published as Industrial Internet Security Framework.
According to IIC, this foundational document creates broad industry consensus on securing Industry Internet of Things (IIoT) systems at a time when cyber-attacks on industrial control systems are on the rise. Ransomware attacks have caused billions of dollars in damage and have impacted major industrial companies.
“IIoT systems interact with actuators in the physical world where Internet security concerns can lead to loss of life or damage to systems,” said Chuck Byers, CTO of IIC. “This potential risk increases the importance of security, safety, reliability, privacy, and resiliency beyond the levels expected in many traditional IT environments, and this document includes important best practices and architecture insights to help construct trustworthy IIoT systems.”
“As we have seen with recent attacks such as SolarWinds and MoveIT, Federal and industrial systems are vulnerable to supply chain attacks,” said Bob Martin, senior principal engineer of the MITRE Corporation and co-chair of the IIC Security and Trust Working Group. “The IISF provides a broad perspective of the many ways in which organizations can build more trustworthy systems.”
Revisions to the IISF will help organizations modernize IIoT security systems and approaches, according to IIC. It includes the following updates:
- Additional trustworthiness content based on the IIC Industrial IoT Trustworthiness Framework Foundations
- Further explanation of the IIC IoT Security Maturity Model (SMM) to help organizations improve confidence in their security systems and processes
- More detailed guidance on endpoint protection, including information on hardware-based security, key and certificate management, and secure boot
- Additional guidance on securing wireless communications
- Significant expansion of the considerations and guidance for security and configuration management of IT and OT security systems
- Future considerations for securing IIoT systems
“Innovation and improving sustainability require the bold adoption of new technologies and approaches that often increase operational risk,” said Bassam Zarkout, CEO of IGnPower and contributor to the IISF. “Organizations should consider leveraging the IISF and the IIC’s many resources to accelerate their digital transformation strategy.”
Reposted from https://www.automationmag.com/iic-updates-industry-internet-of-things-security-framework/