Industrial Internet Security Framework v 1.0 | Page 64

Security Framework

8: Protecting Endpoints

Endpoint security architecture should be modular, scalable and non-intrusive to the OT
processes. Common building blocks and consistent interfaces across different endpoints ease
integration and enhance end-to-end security. Consistent API-level capabilities across all
endpoints (e.g. the edge, the communications and the cloud) promote a clear integration
framework. Security isolation techniques separate capability and services while limiting their
exposure and possible threat vectors.
Many deployments are spread across numerous legal entities where data ownership rights and
implementation choices may lead to liability concerns. These concerns may lead to integration
inconsistencies that can complicate even the most straightforward architectural choices.
8.2.1 ENDPOINT SECURITY LIFECYCLE
An IIoT security model begins with the security capabilities of the endpoints, as implemented by
the vendors. Their choices have long-lasting effects on the security potential of the endpoint.
Hardware is difficult to change after manufacture, and software too depends directly upon the
vendors’ willingness and ability to test for security flaws properly.
Once the vendors have delivered the endpoint to the market, the system integrator inherits the
burden of integrating the products securely. Ideally, the system integrator designs a framework
for end-to-end security across the system. In practice, inconsistencies between the vendors’
security controls and the quality of their implementation often require additional effort.
A security maturity model 1 enables evaluation based on implementation mechanisms and
architectural design, development and maintenance processes. Both the system integrator and
the owner/operator can evaluate the maturity of the security posture holistically, rather than
depending on penetration testing after the security has been implemented. This allows for future
security needs to be shared with manufacturers, and both a roadmap of security capabilities, as
well as the results of the periodic (hopefully frequent) testing of the security, to define clearly
how the security improves over time to react to the threat environment.
8.2.2 HARDWARE VERSUS SOFTWARE
Implementing security in hardware as opposed to software offers some specific advantages and
disadvantages that must be considered for IIoT. Specialized tamper-resistant hardware provides
a greater level of trust, particularly for cryptographic keys and operations. However, this comes
at a cost, either monetary or in terms of management and update complexity. Software security
has been dominant in IT and enterprise settings, but those solutions may not translate well to
OT-based environments. Software security solutions generally have a lesser level of trust, but
have better infrastructure for management and updates.
Battery life is a concern for many resource-constrained devices. In most cases, hardware-assisted
security dramatically extends the useful battery life compared to software.

1

See [ENER-C2M2]

IIC:PUB:G4:V1.0:PB:20160926

- 64 -