Industrial Internet Consortium
The Industrial Internet Consortium Publishes IoT Security Maturity Model White Paper
Guidance for setting and meeting your IoT security objectives
NEEDHAM, MA – APRIL 9, 2018 – The Industrial Internet Consortium® (IIC™), the world’s leading organization transforming business and society by accelerating the Industrial Internet of Things (IIoT), announced the publication of the IIC IoT Security Maturity Model: Description and Intended Use white paper. Building on concepts identified in the IIC Industrial Internet Security Framework, the Security Maturity Model (SMM) defines levels of security maturity for a company to achieve based on its security goals and objectives as well as its appetite for risk. This enables decision makers to invest in only those security mechanisms that meet their specific requirements.
“The Internet of Things has brought a lot of innovation to industries, but it also introduces new security threats. The security landscape is complex and always changing,” said Ron Zahavi, IIC Security Applicability group co-chair, the white paper Co-Author and Chief Strategist for Azure IoT Standards at Microsoft. “It can be challenging for organizations to understand where to focus their security budgets, especially with limited resources. The Security Maturity Model provides organizations with an informed understanding of security practices and mechanisms applicable to their industry and scope of their IoT solution.”
“Over one-third of operational technology professionals in the enterprise identified security concerns as the largest impediment to production deployments of IoT projects, (Source: 451 Research, Voice of the Enterprise: Internet of Things OT 2018),” said Christian Renaud, Research Director, Internet of Things, 451 Research. “This is consistent with the feedback we have received from information technology professionals over the last two years, and highlights the criticality of a common, extensible model for IoT security to move the industry forward.”
Organizations apply the SMM by following a process. First, business stakeholders define security goals and objectives, which are tied to risks. Technical teams within the organization, or third-party assessment vendors, then map these objectives into tangible security techniques and capabilities and identify an appropriate security maturity level. Following this, organizations develop a security maturity target, which includes industry and system-specific considerations, and capture the current security maturity state of the system.
“By periodically comparing target and current states, organizations can identify where they should make improvements,” said Sandy Carielli, white paper Co-Author and Director of Security Technologies at Entrust Datacard. “Organizations achieve a mature system security state by making continued security assessments and improvements over time. They can repeat the cycle to maintain the appropriate security target as their threat landscape changes.”
“Today’s technologies can provide the IoT systems with all necessary features to ensure their security and reliability. One of the main IoT security issues is the gap between the typical use of these technologies and business goals. The physical presence of IoT systems in the real world, requirements to their safety, and particular aspects of their use may pose specific constraints on security mechanisms. Security maturity model addresses this gap and ties up the mission goals for the IoT systems with their probable security demands,” said Ekaterina Rudina, white paper Co-author and Senior System Analyst at Kaspersky Lab.
The IIC IoT Security Model: Description and Intended Use white paper is an introduction to the SMM. The IIC Security Maturity Model: Practitioners Guide willbe released in the coming months and will contain the technical guidance for assessment and enhancement of security maturity level for appropriate practices.
The full IIC IoT Security Maturity Model: Description and Intended Use white paper and a list of IIC members who contributed can be found on the IIC website.
About the Industrial Internet Consortium
The Industrial Internet Consortium is the world’s leading membership program transforming business and society by accelerating the Industrial Internet of Things (IIoT). The IIC delivers a trustworthy IIoT in which the world’s systems and devices are securely connected and controlled to deliver transformational outcomes. The Industrial Internet Consortium is a program of the Object Management Group (OMG). For more information, visit www.iiconsortium.org.
Note to editors: Industrial Internet Consortium is a registered trademark of OMG. For a listing of all OMG trademarks, visit https://www.omg.org/legal/tm_list.htm. All other trademarks are the property of their respective owners.