The Industrial Internet Consortium (IIC), which was founded by AT&T, Cisco, GE, IBM, and Intel, released a common framework for security that it hopes will help industrial Internet of Things (IoT) deployments better address security problems.
Security is critical to industrial IoT because attacks could have dire consequences, such as impacting human lives or the environment, said Hamed Soroush, senior research security engineer with Real-Time Innovations and the co-chair of the IIC security working group.
Many industrial IoT deployments are in highly regulated industries making it difficult for companies to just apply a fix or patch to a potential vulnerability in the system. “You have to have a plan, and it has to be coordinated,” Soroush said. “That makes it challenging.”
Plus many industrial IoT systems have legacy devices, some of which are 20 years old. “They were designed for reliability and not security,” Soroush said. “And they are now being connected to the internet.”
The IIC doesn’t create standards but instead is a consensus-building group that will provide recommendations for organizations building industrial IoT systems. The group’s security framework assesses various types of threats and helps companies protect themselves by providing best practices and strategies to thwart these attacks.
The framework breaks the industrial space down into three areas – the component builders, the system builders, and the operational users. The component builders create hardware and software; the system builders combine hardware and software to create industrial IoT systems; and the operational users own the systems.
The next step for the IIC is to put this security framework into practice with a testbed environment. “We will incorporate security more formally into the test beds and make sure that security aligns,” Soroush said.