Industrial Internet Consortium – Industrial Internet of Things, Volume G4: Security Framework
What is in the standard
The document is a framework, making no recommendations, but describing the spectrum of possibilities that should be considered when looking at cyber security for IIoT products and IIoT deployments. The framework discusses host-based, cryptographic, and network flow control protections, including a variety of unidirectional gateway technologies, in detail. The document is unique in the way it describes the need to balance the host-based and cryptographic protections central to IoT technologies with the network-flow-control control concepts described as essential to industrial control systems in documents such as the ISA SP-99 / IEC 62443 standards.
All software can be hacked, or in the terminology of the IIC framework, IIoT endpoints will most likely always suffer the risk of platform-based vulnerabilities. Endpoint-based and cryptographic protections may be sufficient for IoT, where the biggest risk is theft of personally-identifiable information. Additional, strong and often unidirectional network protections will always be essential to some kinds of industrial networks, networks where the consequences of mis-operation of large, costly and often dangerous physical infrastructure constitute entirely unacceptable risks.