A security framework for the Industrial Internet

Industrial accidents can cause devastating damage (as witnessed at Fukushima, Chernobyl, and Bhopal) with large-scale damage to the environment, injury, or the loss of human life. As we enable software-based systems to increasingly interact with operations of critical infrastructure, there is an increasing need for robust security frameworks for the Industrial Internet.

The IIC has defined an Industrial Internet Security Framework (IISF). The IISF is a collective work product of security experts from companies such as ABB, GE, Intel, RTI, as well as academicians from JHU and UPenn. It was reviewed by professionals from Oracle, Microsoft, and IBM to name a few. Such cross-company initiatives prove that security frameworks and best practices cannot be over-emphasized for Industrial Internet.

The purpose of IISF is to provide a point of view on the security-related architectures, designs, and technologies, and identify procedures relevant to trustworthy Industrial Internet systems. IISF describes the security characteristics, technologies, and techniques needed to address security concerns and gain the assurance that system trust worthiness is achieved.

Apart from the traditional concerns of hacking and theft of information, resiliency is a key concern for Industrial Internet systems. IIC defines resilience as the condition of the system that allows it to be able to avoid, absorb, and/or manage dynamic adversarial conditions while completing assigned mission(s), and to reconstitute operational capabilities after casualties.

For example, a smart thermostat controlling the HVAC system in a building could receive a command to raise the building's temperature by 50 degrees Fahrenheit in the next hour. It is known that the building was operating in a normal temperature range for the human occupants in the building. The resilience built into the system would prevent a sudden rise in temperature and would either create an alarm for this command or include a reliable human in the loop of the decision making before acting.

This kind of system is called a Cyber-Physical System (CPS). According to the National Science Foundation (NSF), CPSs are engineered systems that are built from, and depend upon, the seamless integration of computational algorithms and physical components (https://nsf.gov/funding/pgm_summ.jsp?pims_id=503286).

Future research and advances in CPS will enable capability, adaptability, scalability, resiliency, safety, security, and usability that can be used for the benefit of Industrial Internet systems. CPS technology will drive innovation and competition in the industrial sectors such as agriculture, energy, transportation, building design and automation, healthcare, and manufacturing.