IoT & Hardware
Reader small image

You're reading from  Practical Industrial Internet of Things Security

Product typeBook
Published inJul 2018
PublisherPackt
ISBN-139781788832687
Edition1st Edition
Concepts
Single Board Computers
Right arrow
Author (1)
Sravani Bhattacharjee
Sravani Bhattacharjee
author image
Sravani Bhattacharjee

Sravani Bhattacharjee was a technology leader at Cisco untill 2014, where she led the architectural planning and security evaluations of several enterprise cloud/datacenter solutions. She is currently the Principal of Irecamedia, where she collaborates with Industrial IoT innovators (incl. IBM, AT&T, Microsoft, and Intel) to strategize and create compelling whitepapers and a wide variety of editorial and technical marketing content that drives awareness and business decisions. She is a member of the IEEE IoT chapter, a writer, and a speaker. She is the Managing Editor of “The IoT Review”, a podcast and blogging platform on Industrial and Enterprise IoT (iot.irecamedia.com).
Read more about Sravani Bhattacharjee

Right arrow

Chapter 7. Secure Processes and Governance

"Security gets orders of magnitude more attention today than only a short time ago."                                                                                       – Stan Schneider, CEO, RTI

IIoT attributes intelligence and autonomy to machines. In a world where smart machines make autonomous decisions, trustworthiness is critical and must be ingrained in their DNA. This distributed autonomy calls for a decentralized approach to IIoT security, where safety and integrity controls are built into every node, endpoint, and in every technology that renders intelligence and connectivity.

In this book, IIoT security is decomposed into endpoint, access, connectivity, and edge-cloud layers. Earlier chapters have already analyzed the security controls at each layer, where readers can find actionable tools to evaluate and implement security in the respective layers. However, the question that still remains unanswered is: how do we orchestrate multi-layered...

Challenges of unified security governance

Chapter 2, Industrial IoT Dataflow and Security Architecture, elaborates on how IIoT security involves much more than just the protection of information assets. Securing IIoT translates to establishing end-to-end trustworthiness. In addition to information security, trustworthiness relies on resilience, safety, reliability, and privacy. IIoT security governance policies must be designed to ensure adequate trustworthiness, by converging IT security understanding and domain-specific OT expertise.

For the industrial internet or the Industrie 4.0 ecosystems, how-much-ever we may hope for overarching, industry-wide security governance; in reality, such a unified model is not viable for various reasons. Some of that reasoning is presented here.

Security, in general, comes at a cost. It involves training a workforce and investing extra resources and cycles to implement security. This, in turn, impacts time-to-market. In a fast-paced innovation landscape ...

Securing processes across the IIoT life cycle

In a fast-paced software-defined economy, innovation and time-to-market often take precedence over security and reliability. The latter are either added after the fact or left to users to integrate. This, however, would not suffice in the case of regulated, mission-critical industry segments. For industrial products, safety and reliability controls must be ingrained at every phase of development and must satisfy rigorous standards and regulatory compliance.

The same holds true for IIoT. For IIoT systems, trustworthiness is not something we can "bolt on" post-deployment. Every phase of the solution life cycle needs to comply with the minimum safety, resilience, and security requirements. This section analyzes various strategies to achieve this. Figure 7.1 shows the various phases and processes of a typical IIoT solution. While standards are yet to evolve to evaluate the security of these processes and policies, this section presents some practical...

Understanding security roles

A sustainable IIoT security implementation depends on the well-orchestrated efforts of various ecosystem partners and stakeholders. The preceding section of this chapter (Securing processes across the IIoT life cycle) discussed actionable steps to integrate security across IIoT life cycle processes. These processes are also linked to multiple roles; each role is associated with its respective security onus. Effective security governance depends on role-based accountability. This section dissects and evaluates security responsibilities based on four broad role categories. Figure 7.3 illustrates these broad roles as four pillars (Author's note: the diagram only presents the roles, not necessarily the relational connections between these roles):

Figure 7.3: IIoT security responsibilities based on broad roles

Solution provider

Solution provider in Figure 7.3 is a generalized category representing providers of IIoT endpoint technologies, crypto solutions, software applications...

Elements of an IIoT security program

The security posture of an IIoT deployment depends on how safely it can weather instabilities during the operation phase. In spite of multiple layers of security checkpoints in the pre-operation phases, vulnerabilities do exist at runtime. In enterprise IT deployments, a security program provides well-orchestrated governance, protecting organizational assets and infrastructure from external and internal threats during the operational phase. Data availability, privacy, and integrity are the primary goals of an enterprise IT security program.

As we have already discussed in this book, the stakes in an IIoT deployment are much higher than enterprise IT. IIoT involves critical infrastructures and human safety. In addition to data availability, privacy, and integrity, an IIoT security program must ensure resilience and reliability in the event of an attack, which can be from external or internal adversaries, or due to inadvertent misconfigurations or natural...

Security maturity model

The various connected assets in an organization do not require the same level of security measures. For example, security measures for critical infrastructure and those for a handheld mobile device need not be of the same degree. Every organization needs to balance what is ideally desirable with what's practical and actionable in terms of resources. To guide you in the process, the IIC has defined the IoT Security Maturity Model (IIC-SMM), a conceptual framework to organize various considerations to determine the maturity level of a given system. 

The security maturity model can be used to identify the comprehensiveness and alignment necessary for different maturity levels appropriate for a specific industry. The framework can also be applied in the context of a specific organization, or a production environment, or at a specific system level to define what the current state of security is and the security target state. The following is an excerpt from IIC's "IoT Security...

Implementing an IIoT security program

A vital aspect of IIoT security governance is implementing a security program that is practical and actionable. In a constantly evolving threat landscape, it is a challenge for industrial adopters of IIoT to decide where and how to invest their limited security resources. Defining a security program by considering models such as SMM and C2M2 (USE-C2M2) can help organizations to right-size security mechanisms and investments.

The IIoT security program decides the resilience and reliability of the production environment, which directly impacts business goals, reputation, and the financial fate of an organization. That's why an organization's business-level stakeholders should directly engage and approve the security program. Many organizations may already have an IT security program, which is typically governed by the enterprise IT team. An IIoT security program involves both IT and OT environments and should either align with or build on top of existing...

Summary

This chapter presented an actionable roadmap to implement the multi-layered IIoT security model. Readers are now able to utilize practical insights on securing IIoT life cycle processes, security roles and responsibilities, the various elements of an IIoT security governance program, and how an organization can implement a practical and adaptive security governance program. The necessity of right-sizing security by setting the IIoT security objectives in the context of safety and reliability, an introduction to the security maturity model, and an evaluation of security roles were also discussed in this chapter.

In Chapter 8, IIoT Security Using Emerging Technologies, a few promising technologies that are still in the early phases of development are presented to help readers gain a basic understanding of their relevance and applicability.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 15 of 22
Next Chapter
You have been reading a chapter from
Practical Industrial Internet of Things Security
Published in: Jul 2018Publisher: PacktISBN-13: 9781788832687
© 2018 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Sravani Bhattacharjee

Sravani Bhattacharjee was a technology leader at Cisco untill 2014, where she led the architectural planning and security evaluations of several enterprise cloud/datacenter solutions. She is currently the Principal of Irecamedia, where she collaborates with Industrial IoT innovators (incl. IBM, AT&T, Microsoft, and Intel) to strategize and create compelling whitepapers and a wide variety of editorial and technical marketing content that drives awareness and business decisions. She is a member of the IEEE IoT chapter, a writer, and a speaker. She is the Managing Editor of “The IoT Review”, a podcast and blogging platform on Industrial and Enterprise IoT (iot.irecamedia.com).
Read more about Sravani Bhattacharjee

Other recommended products

Related to this chapter

Architecting the Industrial Internet

Architecting the Industrial Internet

The Industrial Internet gathers data from Industrial IoT devices providing new sources of information enabling the solving old difficult problems in innovative ways.These solutions cross many disciplines. This book takes the reader through this multi-disciplinary journey that combines the operational and the enterprise view.

BookSep 2017360 pages
Industrial Cybersecurity

Industrial Cybersecurity

With ever-improving and ever-changing cyber threats, businesses need to be on their toes to ensure their safety. This comprehensive book takes you from understanding the basics of cyber security and industrial protocols to building robust industrial control systems. Through real-world scenarios, you will understand vulnerabilities and will be equipped with techniques to ward off all kinds of cyber threat.

BookOct 2017456 pages
Practical Internet of Things Security

Practical Internet of Things Security

This book will take you on a journey that begins with understanding the IoT and how it can be applied in various industries, goes on to describe the security challenges associated with the IoT, and then provides a set of guidelines to architecting and deploying a secure IoT in your enterprise. The book showcases how the IoT is implemented in early-adopting industries and describes how lessons can be learned and shared across diverse industries to support a secure IoT.

BookNov 2018382 pages
Azure IoT Development Cookbook

Azure IoT Development Cookbook

It is important to develop robust and reliable solutions for your organization to leverage IoT services. Microsoft’s end-to-end IoT platform is the most complete IoT offering. It empowers enterprises to build and realize value from their IoT solutions for innovative business outcomes with Microsoft Azure IoT. This book will teach you how to connect multiple devices to the Azure IoT hub, develop, manage the IoT hub service, and integrate the hub with the cloud.

BookAug 2017254 pages
Industrial Internet Application Development

Industrial Internet Application Development

Industrial Internet is the integration of complex physical machines and networked sensors and software. Increasing the number of sensors in industrial equipment is going to increase the data being captured, which needs to be analyzed. This book is a one-stop guide for software professionals to design, build, manage, and operate IIoT applications.

BookSep 2018412 pages
Hands-On Security in DevOps

Hands-On Security in DevOps

Hands-On Security in DevOps explores how the techniques of DevOps and Security should be applied together to make cloud services safer. By the end of this book, readers will be ready to build security controls at all layers, monitor and respond to attacks on cloud services, and add security organization-wide through risk management and training.

BookJul 2018356 pages
Hands-On Industrial Internet of Things

Hands-On Industrial Internet of Things

This book explains the key feature to develop a complex and stable network that helps to gather the data to optimize the asset performance and maximize the production in the Industries leveraging on the cloud infrastructure and services. By the end, you can design the Industrial IoT network and the architecture for processing its data in the cloud.

BookNov 2018556 pages
Hands-On Cybersecurity with Blockchain

Hands-On Cybersecurity with Blockchain

Despite the growing investment in cybersecurity, modern attackers manage to bypass advanced security systems. Blockchain and Hyperledger architecture provide a safer way of avoiding such attacks. This book will help you build blockchain-based apps for DDoS protection, PKI-based identity platform, Two-factor authentication and DNS Security platform.

BookJun 2018236 pages
Information Security Handbook

Information Security Handbook

Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book covers the concept of information security, and shows you why it’s important.

BookDec 2017330 pages
CISSP (ISC)² Certification Practice Exams and Tests

CISSP (ISC)² Certification Practice Exams and Tests

With over 1000 practice questions, explanations of all 8 domains, and 2 full exams, this book is a fantastic exam prep solution. Take the CISSP exam (version May 2021) confidently with the help of mock questions and detailed solutions and validate your skills with the CISSP (ISC)2 certification.

BookSep 2021396 pages
Internet of Things for Architects

Internet of Things for Architects

The Internet of Things (IoT) is the most significant factor in the technology industry in the last 10 years. It will usher in the third industrial revolution and significantly impact global economies. Industry giants are in the process of adopting IoT solutions to add value, reduce costs, and improve people’s lives. As such, the architectural side of IoT has become critical. This book will help you understand the plethora of technologies that can be used to build a successful IoT deployment. This professional guide will help you architect IoT solutions for a variety of industries and organizations.

BookJan 2018524 pages
Industrial Digital Transformation

Industrial Digital Transformation

Digital transformation requires the ability to identify opportunities across industries and apply the right technologies and tools to achieve the right business outcomes. You will be guided through how digital transformation can be implemented in your organization across different levels using emerging technologies.

BookNov 2020426 pages

Personalised recommendations for you

Based on your interests and search pattern

Architectural Patterns and Techniques for Developing IoT Solutions

Architectural Patterns and Techniques for Developing IoT Solutions

This book covers all the patterns and considerations that give you both the power and flexibility to build scalable, secure, and performant IoT solutions by combining various patterns in interesting ways. It also lists the benefits of combining IoT with technologies like blockchain, 3D-printing, 5G, Generative AI, quantum computing, and LLMs.

BookSep 2023304 pages
Arduino Data Communications

Arduino Data Communications

Arduino Data Communication focuses on IoT’s Internet aspect, guiding you in setting up your own infrastructure for storing and managing the data collected from sensors. This book goes beyond microcontroller basics, equipping you with the knowledge essential for building real-world projects.

BookNov 2023286 pages5
Arduino IoT Cloud for Developers

Arduino IoT Cloud for Developers

From fundamental principles to advanced techniques, this comprehensive book equips you with the knowledge and skills needed to design and deploy IoT applications seamlessly. Explore cloud integration, best practices, and real-world projects to harness the full potential of IoT application development with the Arduino IoT Cloud.

BookNov 2023402 pages
The Azure IoT Handbook

The Azure IoT Handbook

Building IoT Systems with Azure IoT is a comprehensive introduction for those who are new to the Internet of Things and looking to get up to speed in no time. This book will teach you how to create and develop IoT solutions with intelligent edge-to-cloud technologies in the Azure cloud.

BookDec 2023248 pages