SlideShare a Scribd company logo

Industrial IoT Security Standards & Frameworks

Priyanka Aash
Priyanka Aash

The Industrial Internet is an internet of - things, machines, computers and people, enabling intelligent industrial operations using advanced data analytics for transformational business outcomes. Industrial domain is expected to be largest consumer of IoT devices and systems in terms of value

Technology
1 of 21
Industrial IoT Security Standards & Frameworks SACON, Pune Sujata Tilak, M.D., Ascent Intellimation; President, ISA Pune Section
The Industrial Internet The Industrial Internet is an internet of - things, machines, computers and people, enabling intelligent industrial operations using advanced data analytics for transformational business outcomes. Industrial domain is expected to be largest consumer of IoT devices and systems in terms of value
3 Industrial Ecosystem UbiquitousNetworkConnectivty Pervasive Sensing AdvanceComputing IIoT IIoT embodies convergence of −Operations Technology (OT) −Information Technology (IT) −Industrial Automation & Control Systems (IACS) −Networking and Communications Cyber Physical Nature
Why IIoT Security Standards  Industries will need to use diverse systems and equipment but everything will be integrated on smart factory floor  Legacy systems must be brought under implementation  Legacy approach was to create self sufficient and unconnected silos which now need to be integrated  Every weak link in the chain puts whole factory at RISK  Thus leaving security at the hands of individual IIoT implementers is suicidal
Why IIoT Security Standards STANDARDS AND FRAMEWORKS ARE THE ONLY WAY TO “SECURE” IIOT SYSTEMS “SECURITY”
• CIA triad – Confidentiality – Integrity – Availability • IIoT has two more requirements – Reliability / Resilience – Safety Cybersecurity Requirements
GOI - Draft Policy on Internet of Things 5.3.1 STANDARDS To facilitate global and national participation of industry and research bodies with relevant global Service Setting Organizations for promoting standards around IoT technologies developed in the country. To appoint relevant nodal organization for driving and formalizing globally acceptable standards relating to technology, process, interoperability and services Further a Discussion Group is formed for IoT Security Chaired by: Dr Ajay Kumar, Additional Secretary, Ministry of Electronics and IT Members from: 1. CERT-In 2. Various Companies 3. R & D and Educational institutes
ISA/IEC 62443-1 General Information and Definitions ISA/IEC 62443-2 Policy and Procedures ISA/IEC 62443-3 System Level Requirements ISA/IEC 62443-4 Component Level Requirements ISA / IEC 62443 Standards
Onsite / site specific Offsite develops control systems designs and deploys operates and maintains is the base for Control System as a combination of components Host devices Network components Applications Embedded devices 4-1 3-3 4-2 develops components Product Supplier System Integrator Asset Owner Service Provider Industrial Automation and Control System (IACS) + 2-4 3-2 2-1 2-4 Operational policies and procedures Automation solution Basic Process Control System (BPCS) Safety Instrumented System (SIS) Complementary Hardware and Software Maintenance policies and procedures 2-3 3-3 Application of Standard to IACS
IIoT Systems + Operational policies and procedures Automation solution Basic Process Control System (BPCS) Safety Instrumented System (SIS) Complementary Hardware and Software Maintenance policies and procedures Overlay IIoT Edge DevicesEdge DevicesEdge Devices Edge DevicesEdge DevicesGateways IIoT Server
IEC 62443-3-3 and IEC 62443-4-2 Control system capability security levels: SL-C are defined for following areas. In each area, 4 security levels are defined each level progressively advance 1. Identification and authentication control (IAC) 2. Use control (UC) 3. System integrity (SI) 4. Data confidentiality (DC) 5. Restricted data flow (RDF) 6. Timely response to events (TRE) 7. Resource availability (RA) 8. Application Requirements (ACR) 9. Embedded Device Requirements (EDR) 10. Host Device Requirements (HDR) 11. Network Device Requirements (NDR)
Industrial Internet Reference Architecture (IIRA) • Published by Industrial Internet Consortium, www.iiconsortium.org • Latest version, 1.8, published in Jan 2017 • First consolidated framework for IIoT • Objective is to build broad industry consensus to drive interoperability and simplify development of Industrial Internet systems • Safety, Security and Privacy is intrinsic part of the framework and is considered in every aspect
Industrial Internet Security Framework (IISF) • Published in Sept 2016 • Considers divergent views of IT and OT on – Safety – Security – Resilience • Goes beyond Security and looks at Trustworthiness of IIoT Systems • It encompasses - security, safety, reliability, resilience and privacy
Security Perspectives • Managing Risks • Business continuity • Trust • Reputation / IP • Investment Business Viewpoint • Confidentiality • Data integrity / security • Availability • Safety • Resilience • Performance Usage & Functional Viewpoint
Functional Viewpoint Blocks Source: IISF • Four core security functions • Data protection layer • Security model and policy layer
Endpoint Protection Source: IISF
Communication & Connectivity Protection Source: IISF
Data Protection Source: IISF
Implementation Viewpoint • Lists eight design principles for implementation of security capabilities in IIoT systems • For each item in Functional Viewpoint, describes – Security objectives – Architectural considerations – Security lifecycle – Threat vectors – Protection techniques / technologies – brownfield considerations
In a nutshell • IIoT is a huge paradigm shift for OT / Control Systems as well as IT • There are some peculiar security challenges • Security should be considered at design stage • However in large number of brown field installations, security has to be added later • Standards exist for control systems, but they do not consider combined IT + OT + CS impact • IISF is trying to fill this gap and doing a good job
Thank You! sujata.Tilak@aiplindia.com

Recommended

IOT PROTOCOLS.pptx
IOT PROTOCOLS.pptxIOT PROTOCOLS.pptx
IOT PROTOCOLS.pptx
DRREC
 
Sensors in IOT
Sensors in IOTSensors in IOT
Sensors in IOT
ATS SBGI MIRAJ
 
Raspberry Pi
Raspberry Pi Raspberry Pi
Raspberry Pi
Selvaraj Seerangan
 
IoT Cloud Overview
IoT Cloud OverviewIoT Cloud Overview
IoT Cloud Overview
Emertxe Information Technologies Pvt Ltd
 
RTOS for Embedded System Design
RTOS for Embedded System DesignRTOS for Embedded System Design
RTOS for Embedded System Design
anand hd
 
Fog Computing
Fog ComputingFog Computing
Fog Computing
Joud Khattab
 
Introduction to Embedded Architecture
Introduction to Embedded Architecture Introduction to Embedded Architecture
Introduction to Embedded Architecture
amrutachintawar239
 
Internet of Things: Concepts and Technologies
Internet of Things: Concepts and TechnologiesInternet of Things: Concepts and Technologies
Internet of Things: Concepts and Technologies
PayamBarnaghi
 

Recommended

IOT PROTOCOLS.pptx
IOT PROTOCOLS.pptxIOT PROTOCOLS.pptx
IOT PROTOCOLS.pptx
DRREC
 
Sensors in IOT
Sensors in IOTSensors in IOT
Sensors in IOT
ATS SBGI MIRAJ
 
Raspberry Pi
Raspberry Pi Raspberry Pi
Raspberry Pi
Selvaraj Seerangan
 
IoT Cloud Overview
IoT Cloud OverviewIoT Cloud Overview
IoT Cloud Overview
Emertxe Information Technologies Pvt Ltd
 
RTOS for Embedded System Design
RTOS for Embedded System DesignRTOS for Embedded System Design
RTOS for Embedded System Design
anand hd
 
Fog Computing
Fog ComputingFog Computing
Fog Computing
Joud Khattab
 
Introduction to Embedded Architecture
Introduction to Embedded Architecture Introduction to Embedded Architecture
Introduction to Embedded Architecture
amrutachintawar239
 
Internet of Things: Concepts and Technologies
Internet of Things: Concepts and TechnologiesInternet of Things: Concepts and Technologies
Internet of Things: Concepts and Technologies
PayamBarnaghi
 
Physical design of io t
Physical design of io tPhysical design of io t
Physical design of io t
ShilpaKrishna6
 
A Reference Architecture for IoT
A Reference Architecture for IoT A Reference Architecture for IoT
A Reference Architecture for IoT
WSO2
 
IoT and connected devices: an overview
IoT and connected devices: an overviewIoT and connected devices: an overview
IoT and connected devices: an overview
Pascal Bodin
 
Linux basics
Linux basicsLinux basics
Linux basics
Santosh Khadsare
 
IOT and Characteristics of IOT
IOT and Characteristics of IOTIOT and Characteristics of IOT
IOT and Characteristics of IOT
AmberSinghal1
 
Embedded linux
Embedded linuxEmbedded linux
Embedded linux
Wingston
 
RT linux
RT linuxRT linux
RT linux
SARITHA REDDY
 
Introduction to Embedded Systems I : Chapter 1
Introduction to Embedded Systems I : Chapter 1Introduction to Embedded Systems I : Chapter 1
Introduction to Embedded Systems I : Chapter 1
Moe Moe Myint
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
CAS
 
M2M - Machine to Machine Technology
M2M - Machine to Machine TechnologyM2M - Machine to Machine Technology
M2M - Machine to Machine Technology
Samip jain
 
802 15-4 tutorial
802 15-4 tutorial802 15-4 tutorial
802 15-4 tutorial
SHUBHAM MORGAONKAR
 
Embedded System
Embedded SystemEmbedded System
Embedded System
sureskal
 
Arm Processors Architectures
Arm Processors ArchitecturesArm Processors Architectures
Arm Processors Architectures
Mohammed Hilal
 
Embedded Firmware Design and Development, and EDLC
Embedded Firmware Design and Development, and EDLCEmbedded Firmware Design and Development, and EDLC
Embedded Firmware Design and Development, and EDLC
JuliaAndrews11
 
Networking infrastructure
Networking infrastructureNetworking infrastructure
Networking infrastructure
Kerry Cole
 
IoT and m2m
IoT and m2mIoT and m2m
IoT and m2m
pavan penugonda
 
Embedded system and development
Embedded system and developmentEmbedded system and development
Embedded system and development
Rajani Bhandari
 
SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...
SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...
SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...
Sagar Rai
 
SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT I Introduction to Embedded Systems
SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT I Introduction to Embedded SystemsSYBSC IT SEM IV EMBEDDED SYSTEMS UNIT I Introduction to Embedded Systems
SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT I Introduction to Embedded Systems
Arti Parab Academics
 
Low Power Wireless Technologies and Standards for the Internet of Things
Low Power Wireless Technologies and Standards for the Internet of ThingsLow Power Wireless Technologies and Standards for the Internet of Things
Low Power Wireless Technologies and Standards for the Internet of Things
Duncan Purves
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR Proposal
Syam Madanapalli
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
Industrial Internet Consortium
 

More Related Content

What's hot

A Reference Architecture for IoT
A Reference Architecture for IoT A Reference Architecture for IoT
A Reference Architecture for IoT
WSO2
 

What's hot (20)

Physical design of io t
Physical design of io tPhysical design of io t
Physical design of io t
 
A Reference Architecture for IoT
A Reference Architecture for IoT A Reference Architecture for IoT
A Reference Architecture for IoT
 
IoT and connected devices: an overview
IoT and connected devices: an overviewIoT and connected devices: an overview
IoT and connected devices: an overview
 
Linux basics
Linux basicsLinux basics
Linux basics
 
IOT and Characteristics of IOT
IOT and Characteristics of IOTIOT and Characteristics of IOT
IOT and Characteristics of IOT
 
Embedded linux
Embedded linuxEmbedded linux
Embedded linux
 
RT linux
RT linuxRT linux
RT linux
 
Introduction to Embedded Systems I : Chapter 1
Introduction to Embedded Systems I : Chapter 1Introduction to Embedded Systems I : Chapter 1
Introduction to Embedded Systems I : Chapter 1
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
M2M - Machine to Machine Technology
M2M - Machine to Machine TechnologyM2M - Machine to Machine Technology
M2M - Machine to Machine Technology
 
802 15-4 tutorial
802 15-4 tutorial802 15-4 tutorial
802 15-4 tutorial
 
Embedded System
Embedded SystemEmbedded System
Embedded System
 
Arm Processors Architectures
Arm Processors ArchitecturesArm Processors Architectures
Arm Processors Architectures
 
Embedded Firmware Design and Development, and EDLC
Embedded Firmware Design and Development, and EDLCEmbedded Firmware Design and Development, and EDLC
Embedded Firmware Design and Development, and EDLC
 
Networking infrastructure
Networking infrastructureNetworking infrastructure
Networking infrastructure
 
IoT and m2m
IoT and m2mIoT and m2m
IoT and m2m
 
Embedded system and development
Embedded system and developmentEmbedded system and development
Embedded system and development
 
SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...
SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...
SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...
 
SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT I Introduction to Embedded Systems
SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT I Introduction to Embedded SystemsSYBSC IT SEM IV EMBEDDED SYSTEMS UNIT I Introduction to Embedded Systems
SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT I Introduction to Embedded Systems
 
Low Power Wireless Technologies and Standards for the Internet of Things
Low Power Wireless Technologies and Standards for the Internet of ThingsLow Power Wireless Technologies and Standards for the Internet of Things
Low Power Wireless Technologies and Standards for the Internet of Things
 

Similar to Industrial IoT Security Standards & Frameworks

IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
team-WIBU
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber Security
A. V. Rajabahadur
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing
GlobalSign
 
Metholodogies and Security Standards
Metholodogies and Security StandardsMetholodogies and Security Standards
Metholodogies and Security Standards
Conferencias FIST
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
IJECEIAES
 

Similar to Industrial IoT Security Standards & Frameworks (20)

IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR Proposal
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
Industry 4.0 Security
Industry 4.0 SecurityIndustry 4.0 Security
Industry 4.0 Security
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
 
Internet of Things Reference Architectures
Internet of Things Reference ArchitecturesInternet of Things Reference Architectures
Internet of Things Reference Architectures
 
Internet of Things Reference Architectures
Internet of Things Reference ArchitecturesInternet of Things Reference Architectures
Internet of Things Reference Architectures
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Securing the IoT Value Chain with AWS
Securing the IoT Value Chain with AWSSecuring the IoT Value Chain with AWS
Securing the IoT Value Chain with AWS
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
 
PSOIOT-1151.pdf
PSOIOT-1151.pdfPSOIOT-1151.pdf
PSOIOT-1151.pdf
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber Security
 
Certified Internet of Things Specialist ( CIoTS )
Certified Internet of Things Specialist ( CIoTS ) Certified Internet of Things Specialist ( CIoTS )
Certified Internet of Things Specialist ( CIoTS )
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing
 
Security Issues in IoT-Based Environments
Security Issues in IoT-Based EnvironmentsSecurity Issues in IoT-Based Environments
Security Issues in IoT-Based Environments
 
Security Issues in IoT-Based Environments
Security Issues in IoT-Based EnvironmentsSecurity Issues in IoT-Based Environments
Security Issues in IoT-Based Environments
 
Metholodogies and Security Standards
Metholodogies and Security StandardsMetholodogies and Security Standards
Metholodogies and Security Standards
 
Security aspect of IOT.pptx
Security aspect of IOT.pptxSecurity aspect of IOT.pptx
Security aspect of IOT.pptx
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
 
Internet of things
Internet of thingsInternet of things
Internet of things
 

More from Priyanka Aash

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Priyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 

Industrial IoT Security Standards & Frameworks

  • 1. Industrial IoT Security Standards & Frameworks SACON, Pune Sujata Tilak, M.D., Ascent Intellimation; President, ISA Pune Section
  • 2. The Industrial Internet The Industrial Internet is an internet of - things, machines, computers and people, enabling intelligent industrial operations using advanced data analytics for transformational business outcomes. Industrial domain is expected to be largest consumer of IoT devices and systems in terms of value
  • 3. 3 Industrial Ecosystem UbiquitousNetworkConnectivty Pervasive Sensing AdvanceComputing IIoT IIoT embodies convergence of −Operations Technology (OT) −Information Technology (IT) −Industrial Automation & Control Systems (IACS) −Networking and Communications Cyber Physical Nature
  • 4. Why IIoT Security Standards  Industries will need to use diverse systems and equipment but everything will be integrated on smart factory floor  Legacy systems must be brought under implementation  Legacy approach was to create self sufficient and unconnected silos which now need to be integrated  Every weak link in the chain puts whole factory at RISK  Thus leaving security at the hands of individual IIoT implementers is suicidal
  • 5. Why IIoT Security Standards STANDARDS AND FRAMEWORKS ARE THE ONLY WAY TO “SECURE” IIOT SYSTEMS “SECURITY”
  • 6. • CIA triad – Confidentiality – Integrity – Availability • IIoT has two more requirements – Reliability / Resilience – Safety Cybersecurity Requirements
  • 7. GOI - Draft Policy on Internet of Things 5.3.1 STANDARDS To facilitate global and national participation of industry and research bodies with relevant global Service Setting Organizations for promoting standards around IoT technologies developed in the country. To appoint relevant nodal organization for driving and formalizing globally acceptable standards relating to technology, process, interoperability and services Further a Discussion Group is formed for IoT Security Chaired by: Dr Ajay Kumar, Additional Secretary, Ministry of Electronics and IT Members from: 1. CERT-In 2. Various Companies 3. R & D and Educational institutes
  • 8. ISA/IEC 62443-1 General Information and Definitions ISA/IEC 62443-2 Policy and Procedures ISA/IEC 62443-3 System Level Requirements ISA/IEC 62443-4 Component Level Requirements ISA / IEC 62443 Standards
  • 9. Onsite / site specific Offsite develops control systems designs and deploys operates and maintains is the base for Control System as a combination of components Host devices Network components Applications Embedded devices 4-1 3-3 4-2 develops components Product Supplier System Integrator Asset Owner Service Provider Industrial Automation and Control System (IACS) + 2-4 3-2 2-1 2-4 Operational policies and procedures Automation solution Basic Process Control System (BPCS) Safety Instrumented System (SIS) Complementary Hardware and Software Maintenance policies and procedures 2-3 3-3 Application of Standard to IACS
  • 10. IIoT Systems + Operational policies and procedures Automation solution Basic Process Control System (BPCS) Safety Instrumented System (SIS) Complementary Hardware and Software Maintenance policies and procedures Overlay IIoT Edge DevicesEdge DevicesEdge Devices Edge DevicesEdge DevicesGateways IIoT Server
  • 11. IEC 62443-3-3 and IEC 62443-4-2 Control system capability security levels: SL-C are defined for following areas. In each area, 4 security levels are defined each level progressively advance 1. Identification and authentication control (IAC) 2. Use control (UC) 3. System integrity (SI) 4. Data confidentiality (DC) 5. Restricted data flow (RDF) 6. Timely response to events (TRE) 7. Resource availability (RA) 8. Application Requirements (ACR) 9. Embedded Device Requirements (EDR) 10. Host Device Requirements (HDR) 11. Network Device Requirements (NDR)
  • 12. Industrial Internet Reference Architecture (IIRA) • Published by Industrial Internet Consortium, www.iiconsortium.org • Latest version, 1.8, published in Jan 2017 • First consolidated framework for IIoT • Objective is to build broad industry consensus to drive interoperability and simplify development of Industrial Internet systems • Safety, Security and Privacy is intrinsic part of the framework and is considered in every aspect
  • 13. Industrial Internet Security Framework (IISF) • Published in Sept 2016 • Considers divergent views of IT and OT on – Safety – Security – Resilience • Goes beyond Security and looks at Trustworthiness of IIoT Systems • It encompasses - security, safety, reliability, resilience and privacy
  • 14. Security Perspectives • Managing Risks • Business continuity • Trust • Reputation / IP • Investment Business Viewpoint • Confidentiality • Data integrity / security • Availability • Safety • Resilience • Performance Usage & Functional Viewpoint
  • 15. Functional Viewpoint Blocks Source: IISF • Four core security functions • Data protection layer • Security model and policy layer
  • 17. Communication & Connectivity Protection Source: IISF
  • 19. Implementation Viewpoint • Lists eight design principles for implementation of security capabilities in IIoT systems • For each item in Functional Viewpoint, describes – Security objectives – Architectural considerations – Security lifecycle – Threat vectors – Protection techniques / technologies – brownfield considerations
  • 20. In a nutshell • IIoT is a huge paradigm shift for OT / Control Systems as well as IT • There are some peculiar security challenges • Security should be considered at design stage • However in large number of brown field installations, security has to be added later • Standards exist for control systems, but they do not consider combined IT + OT + CS impact • IISF is trying to fill this gap and doing a good job

Editor's Notes

  1. OT systems give highest importance to Safety where as Safety is generally not applicable to most IT systems. OT systems rely more on physical security and separation Control Systems are resilient and fault tolerant
  2. OT systems give highest importance to Safety where as Safety is generally not applicable to most IT systems. OT systems rely more on physical security and separation Control Systems are resilient and fault tolerant
  3. Endpoint Root of Trust provides a foundation to secure other functions at the endpoint
  4. Economy of mechanism, Failsafe defaults, Separation of privileges