Book Image

Practical Industrial Internet of Things Security

By : Sravani Bhattacharjee
Book Image

Practical Industrial Internet of Things Security

By: Sravani Bhattacharjee

Overview of this book

Securing connected industries and autonomous systems is of primary concern to the Industrial Internet of Things (IIoT) community. Unlike cybersecurity, cyber-physical security directly ties to system reliability as well as human and environmental safety. This hands-on guide begins by establishing the foundational concepts of IIoT security with the help of real-world case studies, threat models, and reference architectures. You’ll work with practical tools to design risk-based security controls for industrial use cases and gain practical knowledge of multi-layered defense techniques, including identity and access management (IAM), endpoint security, and communication infrastructure. You’ll also understand how to secure IIoT lifecycle processes, standardization, and governance. In the concluding chapters, you’ll explore the design and implementation of resilient connected systems with emerging technologies such as blockchain, artificial intelligence, and machine learning. By the end of this book, you’ll be equipped with the all the knowledge required to design industry-standard IoT systems confidently.

Related Content you might be interested in

Current Title:

Small book image
Practical Industrial Internet of Things Security
Sravani Bhattacharjee
Jul, 2018 | 324 pages
Small book image
Architecting the Industrial Internet
Shyam Varan Nath | Robert Stackowiak | Carla Romano
Sep, 2017 | 360 pages
Small book image
Practical Internet of Things Security
Brian Russell | Drew Van Duren
Nov, 2018 | 382 pages
Small book image
Industrial Internet Application Development
Alena Traukina | Jayant Thomas | Prashant Tyagi | Veera Kishore Reddipalli
Sep, 2018 | 412 pages
Table of Contents (22 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
Dedication
Dedication
Packt Upsell
Packt Upsell
Foreword
Foreword
Contributors
Contributors
Disclaimer
Disclaimer
Preface
Preface
Free Chapter
1
An Unprecedented Opportunity at Stake
An Unprecedented Opportunity at Stake
Defining the Industrial IoT
Industrial IoT security – a business imperative
Cybersecurity versus cyber-physical IoT security
Industrial "things," connectivity, and operational technologies
IT and OT convergence – what it really means
Industrial IoT deployment architecture
Divergence in IT and OT security fundamentals
Industrial threats, vulnerabilities, and risk factors
Evolution of cyber-physical attacks
Industrial IoT use cases – examining the cyber risk gap
Summary
2
Industrial IoT Dataflow and Security Architecture
Industrial IoT Dataflow and Security Architecture
Primer on IIoT attacks and countermeasures
Trustworthiness of an IIoT system
Industrial big data pipeline and architectures
Industrial IoT security architecture
Summary
3
IIoT Identity and Access Management
IIoT Identity and Access Management
A primer on identity and access control
Distinguishing features of IAM in IIoT
Identity management across the device lifecycle
Authentication and authorization frameworks for IIoT
Trust models – public key infrastructures and digital certificates
PKI certificate standards for IIoT
Extending the OAuth 2.0 authorization framework for IoT access control
IEEE 802.1x
Identity support in messaging protocols
Monitoring and management capabilities
Building an IAM strategy for IIoT deployment
Summary
4
Endpoint Security and Trustworthiness
Endpoint Security and Trustworthiness
Defining an IIoT endpoint
Endpoint security enabling technologies
IIoT endpoint vulnerabilities
Establishing trust in hardware
Endpoint identity and access control
Initialization and boot process integrity
Establishing endpoint trust during operations
Endpoint data integrity
Endpoint security using isolation techniques
Endpoint physical security
Machine learning enabled endpoint security
Endpoint security testing and certification
Endpoint protection industry standards
Summary
5
Securing Connectivity and Communications
Securing Connectivity and Communications
Definitions – networking, communications, and connectivity
Distinguishing features of IIoT connectivity
IIoT connectivity architectures
Controls for IIoT connectivity protection
Security assessment of IIoT connectivity standards and protocols
Fieldbus protocols
Connectivity framework standards
Connectivity transport standards
Connectivity network standards
Data link and physical access standards
Summary
6
Securing IIoT Edge, Cloud, and Apps
Securing IIoT Edge, Cloud, and Apps
Defining edge, fog, and cloud computing
IIoT cloud security architecture
Cloud security – shared responsibility model
Defense-in-depth cloud security strategy
Infrastructure security
Identity and access management
Application security
Data protection
Data encryption
Securing the data life cycle
Cloud security operations life cycle
Secure device management
Cloud security standards and compliance
Case study of IIoT cloud platforms
Cloud security assessment
Summary
7
Secure Processes and Governance
Secure Processes and Governance
Challenges of unified security governance
Securing processes across the IIoT life cycle
Understanding security roles
Elements of an IIoT security program
Security maturity model
Implementing an IIoT security program
Summary
8
IIoT Security Using Emerging Technologies
IIoT Security Using Emerging Technologies
Blockchain to secure IIoT transactions
Cognitive countermeasures – AI, machine learning, and deep learning
Time-sensitive networking – Next-gen industrial connectivity
Other Promising Trends
Summary
9
Real-World Case Studies in IIoT Security
Real-World Case Studies in IIoT Security
Analysis of a real-world cyber-physical attack
Case study 2 – Building a successful IIoT security program
Case study 3 – ISA/IEC 62443 based industrial endpoint protection
Summary
10
The Road Ahead
The Road Ahead
An era of decentralized autonomy
Endpoint security
Standards and reference architecture
Industrial collaboration
Interoperability
Green patches in brownfield
Technology trends
Summary
I
I
II
II
Security standards – quick reference
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Machine learning enabled endpoint security

Cybersecurity countermeasures have traditionally been reactive; in other words, the vaccine comes only after the virus has infected the system. The countermeasure typically follows the evaluation and remedy of a security incident. Cryptographic measurements and controls (to create trusted IIoT ecosystems) and anomaly detection functions address this reactive behavior. Host intrusion detection (HID) and host intrusion protection (HIP) are examples of dynamic integrity attestation controls to proactively secure an endpoint.

In IT environments, network and application blacklisting policies are commonly used. Whitelisting is more common in OT environments. But, when new exploits of zero-day vulnerabilities are detected, these policies are updated after the fact. AI/machine learning allows us to dynamically update blacklisting and whitelisting policies, based on anomalous behavior.

Machine learning extensively uses mathematical models based on historic...

Previous Section
End of Section 12
Next Section