Industrial Internet Security Framework v 1.0 | Page 103

Security Framework 10: Security Monitoring and Analysis patterns, and uses analytics to find signs of compromise to the network. A network intrusion detection system is an example of passive network monitoring device that can be deployed on a brownfield network to enhance monitoring without requiring changes to devices on the network. Passive network monitoring systems create a forensic log of all communications on networks, may calculate communications connectivity and data volume summaries and may use analytics on security events. If a legacy device has no ability to record when they receive commands to modify sensitive control registers, a passive network monitor can log aspects of those messages on behalf of the legacy system. Security monitoring and analytics of a new system may be more effective since it can be built into the system from the beginning. The techniques described here are limited to what can be observed “on the wire,” for example, not having access to internal state. 10.5.3 SUPPLY CHAIN INTEGRITY MONITORING The supply chain is the sequence of processes involved in the production of components, software and parts that together make up a system, spanning many organizations, including suppliers, vendors and multiple tiers of outsourcing. It is a complex, globally distributed system of interconnected networks that is logically long, with geographically diverse routes. It includes organizations, people, processes, products, and services and the infrastructure supporting the system development lifecycle, including research and development, design, manufacturing, acquisition, delivery, integration, operations and disposal of an organization’s products and services. Trustworthiness should be assessed across all of these in an IIoT system. Devices and systems have various phases in their lifecycle. They are: • • • • • • • • device (e.g., meter) module manufacturing/production (hardware/software), device module system integration, device initialization/configuration setting by owner (provisioning), deployment of devices by entity/third-party in field (activation), periodic field updates of price and service info, firmware upgrade and maintenance, remote deactivation/reactivation (temporary) and termination (end of life). In order to detect and prevent unauthorized changes to endpoints being produced in the supply chain, the hardware, software and hardware sub-components need to be monitored to ensure their integrity. Unexpected changes should not occur in the process as different actors in the supply chain contribute to the overall product. Integrity verification may rely on roots of trust, embedded identifiers and digital signatures, as well as monitoring and verification throughout the build process. Authentic parts, complete with integrity verification capabilities, help ensure there can be trust in the integrity of the chain of custody during the supply chain process. Incorporating these requirements enhances the integrity of an organization’s supply chain process and mitigates supply chain risks. IIC:PUB:G4:V1.0:PB:20160926 - 103 -