IISF Technical Report

An Industry IoT Foundational Publication

Cyber-security is a threat that does not discriminate. As a result, enterprises large and small are at risk of being attacked from unexpected sources both inside and outside the system, whether intended or accidental. It represents a major threat to world safety and security.

The Security & Trust Working Group has published an update to the Industry Internet of Things Security Framework (IISF). Initially published in 2016 as the Industrial Internet of Things Security Framework, the foundational publication is a response to the rising trend of cyberattacks on ICS/OT infrastructure.

The framework provides architectures and best practices to construct trustworthy systems. It addresses considerations such as security, safety, reliability, privacy, and resiliency and represents industry collaboration and consensus to protect ICS/SCADA systems.

A true collaborative project in every sense of the word, The Industrial Internet Security Framework (IISF) is the most in-depth cross-industry-focused security framework comprising expert vision, experience and security best practices. It reflects thousands of hours of knowledge and experiences from security experts, collected, researched and evaluated for the benefit of all IIoT system deployments. Contributors dedicated their value time and expertise in authoring, editing and other ways. In particular, we would like to thank the following contributing member organizations:


  • Keao Caindec (Farallon Technology Group)
  • Marcellus Buchheit (Wibu-Systems)
  • Bassam Zarkout (IGnPower)
  • Sven Schrecker (Amazon Web Services)
  • Frederick Hirsch (Upham Security)
  • Isaac Dungana (Red Alert Labs)
  • Robert Martin (MITRE)
  • Mitch Tseng (Tseng Info)

Authors of Previous Versions:

  • Jesus Molina (Fujitsu)
  • Hamed Soroush (Real-Time Innovations)
  • JP LeBlanc (Lynx Software Technologies)
  • Andrew Ginter (Waterfall Security Solutions)
  • Harsha Banavara (Schneider Electric)
  • Shrinath Eswarahally (Infineon Technologies)
  • Kaveri Raman (AT&T)
  • Andrew King (University of Pennsylvania)
  • Qinqing (Christine) Zhang (Johns Hopkins University)
  • Peter MacKay (GE Wurldtech)
  • Brian Witten (Symantec)
Download PDF Original eBook FAQ Demo