Industrial IoT is inching toward a consensus on security

The Industrial Internet Consortium has released an IoT security framework

IoT is complex, fast-growing and often intertwined with systems that govern things like water and power. That makes IoT security a critical requirement, but it’s one that’s not necessarily well understood.

The Industrial Internet Consortium, a group that includes some of the biggest players in the internet of things, took action on Monday to clear the air. It rolled out the IISF (Industrial Internet Security Framework), a set of best practices to help developers and users assess risks and defend against them.

Like other IIC projects, the security framework is also an attempt to build a consensus among companies building and using IoT. In this case, the group has laid out a systematic way to implement security in IoT and a common language for talking about it.

The framework document, available free of charge, goes into technical detail about recommended implementations, though it stops short of recommending specific products. The long-term goal is to make sure security is an integral part of every IoT system and implementation.

IIC is well positioned to get industry to agree on ways of doing things. It was formed more than two years ago by Cisco Systems, General Electric, AT&T, Intel and IBM. The authors of the security framework came from some of those companies, plus Fujitsu, Infineon, Schneider Electric and other vendors and universities.

The group has said it’s not a standards body but wants to identify the requirements for standards. It also compiles best practices in various areas and builds testbeds to show how technologies can be implemented. Security is the latest and possibly the most talked-about area IIC has weighed in on.

“The level of security found in the consumer Internet just won't do for the industrial internet,” IIC Executive Director Richard Soley said in a press release.

Immature security is the biggest thing delaying adoption of industrial IoT, said Jesus Molina, co-chair of IIC’s security working group, in an interview. Components commonly used in enterprise IT security, like identity and root of trust, don't really exist yet in IoT, he said.

There are several components to making anything in IoT trustworthy, the framework says: safety, reliability, resilience, security and privacy. These issues come up because industrial IoT connects so many components, including things like sensors and actuators at the edge of an enterprise, that didn’t exist or weren’t connected to the internet up until now.

Those edge connections can open up dangerous vulnerabilities, because they’re often designed to carry some of the most sensitive information in an organization. For example, predictive maintenance, a common goal of IoT implementations, works by collecting data about how well equipment is working. Knowing this helps companies replace worn-out gear before it breaks, but in the wrong hands, that data could help attackers or competitors.

The framework prescribes best practices in four areas: endpoints, communications, monitoring and configuration. They’re addressed to component builders, system builders and users. IIC plans to use the best practices in testbed projects.

IIC will work with governments to help solve the problem of IoT security, but it doesn’t plan to rely on laws to make vendors and enterprises use the framework. Instead, the group will form a number of alliances to help build consensus. On Wednesday, IIC will meet with backers of the Industry 4.0 initiative, and it’s also working with the World Economic Forum.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stephen Lawson

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?