Industrial Internet Security Framework v 1.0 | Page 95

Security Framework

9: Protecting Communications and Connectivity

Figure 9-7: Protecting Legacy Endpoints and Communication Links Using Gateways

9.3

SECURITY MODEL AND POLICIES FOR PROTECTING COMMUNICATION

Various system components in IIoT systems may be owned and deployed by one entity, but
managed, maintained, or used by other entities. For example, a maintenance company must have
access to the control and instrumentation and monitoring channels of the jet engine to do
predictive maintenance. In some situations, this access takes place when the equipment is in
operation, and the operation must not be affected by such access. Once proper security policies
are in place, protection of transactions across software and hardware boundaries can be
enforced using technologies such as SAML, OAuth, OpenID.
Security policies are often captured formally or semi-formally using security models. A security
model specifies allowed and prohibited relationships between subjects and objects and therefore
can define security policies more concretely. For example, the security model for Linux file system
specifies what subjects (i.e. processes) can perform what operations (e.g. read, write, execute)
on what objects (e.g. files). Similar security models exist for IIoT communications and connectivity
protocols such as DDS.
Communication & connectivity security policies must be derived from comprehensive risk
analysis. These policies specify how to filter and route traffic, how to protect exchanged data and
metadata and what access control rules should be used. Communication and connectivity policies
can be defined with a policy definition language (i.e., XML or XACML) and enforced with a
combination of communication middleware and network administration rules. These policies
should be explicitly tested for consistency and evaluated for comprehensiveness. Security testing
should be conducted using test cases derived from the defined policies.
Security policies should be specified and enforced with fine granularity. The right policy must be
defined in a detailed, consistent and comprehensive manner, and the defined policy must be
enforced with security tests to provide evidence for such enforcement.

IIC:PUB:G4:V1.0:PB:20160926

- 95 -