Connectivity Framework
2 : Connectivity Framework
protection , information flow protection , network configuration and management , network monitoring & analysis , and cryptographic protection , as shown in Figure 2-3 .
Figure 2-3 : Connectivity protection building blocks described in the Industrial Internet Security Framework 1 .
The security policies govern connectivity-endpoint data-exchange as part of a broader protection strategy . For example , they specify how to filter and route traffic , how to protect exchanged data and metadata ( authenticate or encrypt-then-authenticate ) and what access control rules should be used .
Cryptographic protection of connectivity endpoints relies on :
• explicit endpoint data exchange policies ,
• strong mutual authentication between endpoints ,
• authorization mechanisms that enforce access control rules derived from the policy , and
• mechanisms for ensuring confidentiality , integrity , and freshness of the exchanged data .
Adequate cryptographic protection should be considered for each of the layers shown in Table 2-1 .
2.3.6 LONGEVITY
Connectivity components , especially those in the network layer and below , are built into the hardware and hence are not easily replaceable . Where possible and feasible , the connectivity
1
See [ IIC-IISF2016 ] IIC : PUB : G5 : V1.0 : PB : 20170228 - 19 -