Menu
Industrial IoT is inching toward a consensus on security

Industrial IoT is inching toward a consensus on security

The Industrial Internet Consortium has released an IoT security framework

IoT is complex, fast-growing and often intertwined with systems that govern things like water and power. That makes IoT security a critical requirement, but it’s one that’s not necessarily well understood.

The Industrial Internet Consortium, a group that includes some of the biggest players in the internet of things, took action on Monday to clear the air. It rolled out the IISF (Industrial Internet Security Framework), a set of best practices to help developers and users assess risks and defend against them.

Like other IIC projects, the security framework is also an attempt to build a consensus among companies building and using IoT. In this case, the group has laid out a systematic way to implement security in IoT and a common language for talking about it.

The framework document, available free of charge, goes into technical detail about recommended implementations, though it stops short of recommending specific products. The long-term goal is to make sure security is an integral part of every IoT system and implementation.

IIC is well positioned to get industry to agree on ways of doing things. It was formed more than two years ago by Cisco Systems, General Electric, AT&T, Intel and IBM. The authors of the security framework came from some of those companies, plus Fujitsu, Infineon, Schneider Electric and other vendors and universities.

The group has said it’s not a standards body but wants to identify the requirements for standards. It also compiles best practices in various areas and builds testbeds to show how technologies can be implemented. Security is the latest and possibly the most talked-about area IIC has weighed in on.

“The level of security found in the consumer Internet just won't do for the industrial internet,” IIC Executive Director Richard Soley said in a press release.

Immature security is the biggest thing delaying adoption of industrial IoT, said Jesus Molina, co-chair of IIC’s security working group, in an interview. Components commonly used in enterprise IT security, like identity and root of trust, don't really exist yet in IoT, he said.

There are several components to making anything in IoT trustworthy, the framework says: safety, reliability, resilience, security and privacy. These issues come up because industrial IoT connects so many components, including things like sensors and actuators at the edge of an enterprise, that didn’t exist or weren’t connected to the internet up until now.

Those edge connections can open up dangerous vulnerabilities, because they’re often designed to carry some of the most sensitive information in an organization. For example, predictive maintenance, a common goal of IoT implementations, works by collecting data about how well equipment is working. Knowing this helps companies replace worn-out gear before it breaks, but in the wrong hands, that data could help attackers or competitors.

The framework prescribes best practices in four areas: endpoints, communications, monitoring and configuration. They’re addressed to component builders, system builders and users. IIC plans to use the best practices in testbed projects.

IIC will work with governments to help solve the problem of IoT security, but it doesn’t plan to rely on laws to make vendors and enterprises use the framework. Instead, the group will form a number of alliances to help build consensus. On Wednesday, IIC will meet with backers of the Industry 4.0 initiative, and it’s also working with the World Economic Forum.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments