Industrial Internet Security Framework v 1.0 | Page 103
Security Framework
10: Security Monitoring and Analysis
patterns, and uses analytics to find signs of compromise to the network. A network intrusion
detection system is an example of passive network monitoring device that can be deployed on a
brownfield network to enhance monitoring without requiring changes to devices on the network.
Passive network monitoring systems create a forensic log of all communications on networks,
may calculate communications connectivity and data volume summaries and may use analytics
on security events. If a legacy device has no ability to record when they receive commands to
modify sensitive control registers, a passive network monitor can log aspects of those messages
on behalf of the legacy system.
Security monitoring and analytics of a new system may be more effective since it can be built into
the system from the beginning. The techniques described here are limited to what can be
observed “on the wire,” for example, not having access to internal state.
10.5.3 SUPPLY CHAIN INTEGRITY MONITORING
The supply chain is the sequence of processes involved in the production of components,
software and parts that together make up a system, spanning many organizations, including
suppliers, vendors and multiple tiers of outsourcing. It is a complex, globally distributed system
of interconnected networks that is logically long, with geographically diverse routes. It includes
organizations, people, processes, products, and services and the infrastructure supporting the
system development lifecycle, including research and development, design, manufacturing,
acquisition, delivery, integration, operations and disposal of an organization’s products and
services. Trustworthiness should be assessed across all of these in an IIoT system.
Devices and systems have various phases in their lifecycle. They are:
•
•
•
•
•
•
•
•
device (e.g., meter) module manufacturing/production (hardware/software),
device module system integration,
device initialization/configuration setting by owner (provisioning),
deployment of devices by entity/third-party in field (activation),
periodic field updates of price and service info,
firmware upgrade and maintenance,
remote deactivation/reactivation (temporary) and
termination (end of life).
In order to detect and prevent unauthorized changes to endpoints being produced in the supply
chain, the hardware, software and hardware sub-components need to be monitored to ensure
their integrity. Unexpected changes should not occur in the process as different actors in the
supply chain contribute to the overall product.
Integrity verification may rely on roots of trust, embedded identifiers and digital signatures, as
well as monitoring and verification throughout the build process. Authentic parts, complete with
integrity verification capabilities, help ensure there can be trust in the integrity of the chain of
custody during the supply chain process. Incorporating these requirements enhances the
integrity of an organization’s supply chain process and mitigates supply chain risks.
IIC:PUB:G4:V1.0:PB:20160926
- 103 -