Industrial IoT is inching toward a consensus on security

The Industrial Internet Consortium has released an IoT security framework

IoT is complex, fast-growing and often intertwined with systems that govern things like water and power. That makes IoT security a critical requirement, but it’s one that’s not necessarily well understood.

The Industrial Internet Consortium, a group that includes some of the biggest players in the internet of things, took action on Monday to clear the air. It rolled out the IISF (Industrial Internet Security Framework), a set of best practices to help developers and users assess risks and defend against them.

Like other IIC projects, the security framework is also an attempt to build a consensus among companies building and using IoT. In this case, the group has laid out a systematic way to implement security in IoT and a common language for talking about it.

The framework document, available free of charge, goes into technical detail about recommended implementations, though it stops short of recommending specific products. The long-term goal is to make sure security is an integral part of every IoT system and implementation.

IIC is well positioned to get industry to agree on ways of doing things. It was formed more than two years ago by Cisco Systems, General Electric, AT&T, Intel and IBM. The authors of the security framework came from some of those companies, plus Fujitsu, Infineon, Schneider Electric and other vendors and universities.

The group has said it’s not a standards body but wants to identify the requirements for standards. It also compiles best practices in various areas and builds testbeds to show how technologies can be implemented. Security is the latest and possibly the most talked-about area IIC has weighed in on.

“The level of security found in the consumer Internet just won't do for the industrial internet,” IIC Executive Director Richard Soley said in a press release.

Immature security is the biggest thing delaying adoption of industrial IoT, said Jesus Molina, co-chair of IIC’s security working group, in an interview. Components commonly used in enterprise IT security, like identity and root of trust, don't really exist yet in IoT, he said.

There are several components to making anything in IoT trustworthy, the framework says: safety, reliability, resilience, security and privacy. These issues come up because industrial IoT connects so many components, including things like sensors and actuators at the edge of an enterprise, that didn’t exist or weren’t connected to the internet up until now.

Those edge connections can open up dangerous vulnerabilities, because they’re often designed to carry some of the most sensitive information in an organization. For example, predictive maintenance, a common goal of IoT implementations, works by collecting data about how well equipment is working. Knowing this helps companies replace worn-out gear before it breaks, but in the wrong hands, that data could help attackers or competitors.

The framework prescribes best practices in four areas: endpoints, communications, monitoring and configuration. They’re addressed to component builders, system builders and users. IIC plans to use the best practices in testbed projects.

IIC will work with governments to help solve the problem of IoT security, but it doesn’t plan to rely on laws to make vendors and enterprises use the framework. Instead, the group will form a number of alliances to help build consensus. On Wednesday, IIC will meet with backers of the Industry 4.0 initiative, and it’s also working with the World Economic Forum.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stephen Lawson

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?