Blog Posts Business Management

Is Security More Important Than Trustworthiness for Industrial IoT?

Blog: XMPro Blog

Security is mentioned in almost every meeting that I have with CIOs, Enterprise Architects, Operational Technology (OT) specialists and the Operations Engineers. It is a high priority topic, and everyone is looking for the holy grail answer to “How do you secure this XYZ IoT project?”.

It is an important consideration in an Industrial IoT project where a compromise in security can lead to catastrophic failure with the potential impact of a Chernobyl or Bhopal. By putting security in the spotlight, we often overlook the bigger issue of the TRUSTWORTHINESS of an industrial IoT solution.

The Industrial Internet Consortium’s (IIC) Vocabulary Technical Report describes trustworthiness as the degree of confidence one has that the system performs as expected with characteristics including safety, security, privacy, reliability and resilience in the face of environmental disruptions, human errors, system faults and attacks. The IIC’s Industrial Internet of Things, Volume G4: Security Framework (IISF) describes this trustworthiness with this simple model.

Trustworthiness of an IIoT System
Trustworthiness of an IIoT System

Trustworthiness addresses all the potential risk areas rather than just attacks or intrusions. It questions how we deal with environmental disruptions, human errors and system faults or “bugs” over and above security.  Each aspect is described extensively in the IISF, but here are the key definitions:

  • Security is the condition of the system being protected from unintended or unauthorized access, change or destruction.
  • Safety is the condition of the system operating without causing unacceptable risk of physical injury or damage to the health of people, either directly or indirectly, as a result of damage to property or to the environment.
  • Reliability is the ability of a system or component to perform its required functions under stated conditions for a specified period of time.
  • Resilience is the emergent property of a system that behaves in a manner to avoid, absorb and manage dynamic adversarial conditions while completing the assigned missions, and reconstitute the operational capabilities after causalities.
  • Privacy is the right of an individual or group to control or influence what information related to them may be collected, processed, and stored and by whom, and to whom that information may be disclosed.

Planning and architecting an industrial IoT solution requires that each of these key system characteristics be assured to deliver a trustworthy business solution. This assurance requires the collection and analysis of evidence that supports the design, construction, deployment and test of the system, and its activities in operation. The evidence must support the claim that the right mixture of innate system capabilities and compensating security controls to mitigate risks has been put in place and provide the overall trustworthiness of the IoT system.

The IIC’s Industrial Internet Security Framework (IISF) provides practical guidance to address the assurance requirements of each of the system characteristics from both a business as well as functional and implementation viewpoints.  It covers trustworthiness from connectivity at the device level through to the business processes that support the IoT solution.

It is interesting to ask the question “Is security more important that trustworthiness?” in response to “how do you secure your IoT solution?” question and address key system characteristics that were not considered in the hype around IoT security. My answer to the “How do you secure this XYZ IoT project?” question is always the same . . . “let’s design it to be trustworthy, then it will be secure”.

You can get a summary of the IIC frameworks and technical documents here and you can contact us to discuss how to create a trustworthy industrial IoT solution.

The post Is Security More Important Than Trustworthiness for Industrial IoT? appeared first on XMPro.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="http://www.businessprocessincubator.com/content/is-security-more-important-than-trustworthiness-for-industrial-iot/?feed=html" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples

BPMN.org

XPDL.org

×