SEATTLE&mdash:The Industrial Internet Consortium (IIC) has released the initial version of its Security Framework for industrial Internet of Things (IIoT) development. The Framework, an adjunct to the IIoT Reference Architecture the Consortium released last year, seeks to initiate a process that will result in broad industry consensus on how to secure IIoT systems. The goal is to ensure that security is a fundamental part of an IIoT system's architecture, not simply bolted on, and covers the system end-to-end including endpoint devices and the links between system elements.
The IIC is an open membership organization, formed in 2014 to accelerate the development, adoption, and wide-spread use of interconnected machines and devices along with intelligent analytics. From its founding by AT&T, Cisco, General Electric, IBM, and Intel, the Consortium has grown to more than 160 members from 24 countries and is now under management by the Object Management Group standards organization.
“The Security Framework looks at IIoT security from three different perspectives,” Hamed Soroush, the IIC's security working group chair, told EE Times in an interview. “Chip makers, equipment developers, and end users all have an important role in security for the IIoT, but often work without knowing one another's perspectives. The Framework will help them talk to each other.” It also provides guidance to management on risk management when considering security, he added.
Part of the motivation for creating the Framework is the difference between industrial IoT and consumer IoT security needs, Soroush noted, which calls for a discussion focused on industrial IoT system needs. Security in the industrial IoT should be more robust than for consumer IoT, for instance, to reduce the risks to critical infrastructure such as power generation. Also, unlike consumer systems, IIoT security needs to support decades long periods of deployment (which affects patch management), to preserve the integrity of high-availability systems, and to avoid conflicts with operational safety requirements.
To read the rest of this article, visit EE Times sister site EBN.