For CEOs and business managers, the IISF provides a discussion on the business drivers enabled by proper security and explores the related industrial concerns on safety, reliability, resilience, and privacy. It highlights the need for every organization across every industry to secure their IIoT systems and to deploy best-practice security solutions immediately.The Industrial Internet Consortium also published a white paper (also free to download), The Business Viewpoint of Security the Industrial Internet, which provides an executive overview of the Business Viewpoint and offers a window into the IISF’s considerations and best practices.
Recent events have illustrated the risk of being attacked from unexpected sources both inside and outside the system, whether intended or accidental. There is a commanding need to protect against error, mischance and malicious intent. The Industrial Internet Consortium believes that these industrial security risks represent a major threat to world safety and security.The IISF identifies, explains and positions security-related architectures, designs and technologies, as well as identifies procedures relevant to trustworthy IIoT systems. It describes their security characteristics, technologies and techniques that should be applied, methods for addressing security, and how to gain assurance that the appropriate mix of issues have been addressed to meet stakeholders' expectations. The publication of the IISF initiates a process to create broad industry consensus on how to secure IIoT systems.
Part II reviews security assessment for organizations, architectures and technologies. It outlines how to evaluate attacks as part of a risk analysis and highlights the many factors that should be considered, ranging from the endpoints and communications to management systems and the supply chains of the elements comprising the system.Part III covers the functional and implementation viewpoint. It describes best practices for achieving confidentiality, integrity and availability. It describes security building blocks for policy, data, endpoints, communications, monitoring and management.
A successful attack on an IIoT system has the potential to be as serious as the worst industrial accidents to date (e.g., Chernobyl and Bhopal), resulting in damage to the environment, injury or loss of human life. There is also risk of secondary damage such as interruption or stoppage of operations, destruction of systems, leaking sensitive business and personal data resulting in loss of intellectual property, harm to the business reputation, loss of customers, material economic loss, damage to brand and reputation, damage to critical infrastructure handling electricity, water, oil, and gas, irreparable damage to the environment. The advantages of avoiding these circumstances is obvious. Attacks on critical infrastructure and IIoT are growing and appropriate responses must be strategically planned.