Industrial Internet Security Framework v 1.0 | Page 51

Security Framework 7: IISF Functional Viewpoint Figure 7-4: Functional Breakdown for Communications and Connectivity Protection Communication and connectivity security should consider the following functions for protecting and controlling data-in-motion. Physical Security of Connections ensures that the physical connectivity layer (cables, radios) to the network is protected. Communicating Endpoints Protection provides some of the functional security building blocks, such as cryptographic keys, to secure communication between endpoints. Cryptographic Protection uses cryptographic technologies to protect authenticity of communicating parties and integrity and confidentiality of exchanged data and metadata. Information Flow Protection ensures that only permitted kinds of messages and content reach sensitive systems and networks by isolating network flows using network segmentation and perimeter protection technologies. Network Configuration and Management controls updates to all network elements and provides enforcement of security policy and configuration for the communications, including network segmentation, cryptographically protected communications settings, and configuration of gateways and firewalls. Network Monitoring and Analysis collects network data for analysis and includes intrusion detection, network access control, deep packet inspection and network log analysis. Data-in-Motion Protection provides controls to preserve the integrity, confidentiality and availability of its data. IIC:PUB:G4:V1.0:PB:20160926 - 51 -