Press Room

Guidance to ensure trustworthy systems

BOSTON, MA – JUNE 20, 2023 – The Industry IoT Consortium® (IIC™) published updates to its comprehensive and unique Industry Internet of Things Security Framework (IISF), initially published as Industrial Internet Security Framework. This foundational document creates broad industry consensus on securing Industry Internet of Things (IIoT) systems at a time when cyber-attacks on industrial control systems are on the rise. Ransomware attacks have caused billions of dollars in damage and have impacted major industrial companies such as Colonial Pipeline, Mondelez, Maersk, and FedEx.

“IIoT systems interact with actuators in the physical world where Internet security concerns can lead to loss of life or damage to systems,” said Chuck Byers, CTO of the Industry IoT Consortium. “This potential risk increases the importance of security, safety, reliability, privacy, and resiliency beyond the levels expected in many traditional IT environments, and this document includes important best practices and architecture insights to help construct trustworthy IIoT systems.”

“The IIoT includes many participants from the energy, healthcare, manufacturing, transportation, and public sectors, each of which must consider security,” said Keao Caindec, CEO of Farallon Technology Group and Co-Chair of the IIC Security and Trust Working Group. “This update to the IISF represents a collaboration and consensus among the IIC members who share an interest in protecting SCADA/ICS systems that are critical to industrial digital transformation.”

“As we have seen with recent attacks such as SolarWinds and MoveIT, Federal and industrial systems are vulnerable to supply chain attacks,” said Bob Martin, Senior Principal Engineer of the MITRE Corporation and Co-Chair of the IIC Security and Trust Working Group. “The IISF provides a broad perspective of the many ways in which organizations can build more trustworthy systems.”

Revisions to the IISF will help organizations modernize IIoT security systems and approaches. It includes the following updates:

• Additional trustworthiness content based on the IIC Industrial IoT Trustworthiness Framework Foundations
• Further explanation of the IIC IoT Security Maturity Model (SMM) to help organizations improve confidence in their security systems and processes
• More detailed guidance on endpoint protection, including information on hardware-based security, key and certificate management, and secure boot
• Additional guidance on securing wireless communications
• Significant expansion of the considerations and guidance for security and configuration management of IT and OT security systems
• Future considerations for securing IIoT systems

“The IISF outlines how organizations can improve the trustworthiness of OT systems by securing IIoT endpoints, communications and systems,” said Marcellus Buchheit, CEO of Wibu-Systems USA, and contributor to the IISF. “This guidance is related to the IIC IoT Security Maturity Model, which provides a detailed model and guidance for IoT stakeholders to establish security maturity targets, perform assessments and create roadmaps to address maturity gaps in IoT systems.”

“Innovation and improving sustainability require the bold adoption of new technologies and approaches that often increase operational risk,” said Bassam Zarkout, CEO of IGnPower and contributor to the IISF. “Organizations should consider leveraging the IISF and the IIC’s many resources to accelerate their digital transformation strategy.”

Download the Industry Internet of Things Security Framework foundational paper from the IIC website for more information and a complete list of authors.

About Industry IoT Consortium

The Industry IoT Consortium delivers transformative business value to industry, organizations, and society by accelerating the adoption of a trustworthy Internet of Things. The Industry IoT Consortium is a program of the Object Management Group® (OMG®). For more information, visit www.iiconsortium.org.

Note to editors: Industry IoT Consortium is a registered trademark, and IIC is a trademark of OMG. For a listing of all OMG trademarks, visit https://www.omg.org/legal/tm_list.htm. All other trademarks are the property of their respective owners.