Book Image

Practical Industrial Internet of Things Security

By : Sravani Bhattacharjee
Book Image

Practical Industrial Internet of Things Security

By: Sravani Bhattacharjee

Overview of this book

Securing connected industries and autonomous systems is of primary concern to the Industrial Internet of Things (IIoT) community. Unlike cybersecurity, cyber-physical security directly ties to system reliability as well as human and environmental safety. This hands-on guide begins by establishing the foundational concepts of IIoT security with the help of real-world case studies, threat models, and reference architectures. You’ll work with practical tools to design risk-based security controls for industrial use cases and gain practical knowledge of multi-layered defense techniques, including identity and access management (IAM), endpoint security, and communication infrastructure. You’ll also understand how to secure IIoT lifecycle processes, standardization, and governance. In the concluding chapters, you’ll explore the design and implementation of resilient connected systems with emerging technologies such as blockchain, artificial intelligence, and machine learning. By the end of this book, you’ll be equipped with the all the knowledge required to design industry-standard IoT systems confidently.

Related Content you might be interested in

Current Title:

Small book image
Practical Industrial Internet of Things Security
Sravani Bhattacharjee
Jul, 2018 | 324 pages
Small book image
Architecting the Industrial Internet
Shyam Varan Nath | Robert Stackowiak | Carla Romano
Sep, 2017 | 360 pages
Small book image
Practical Internet of Things Security
Brian Russell | Drew Van Duren
Nov, 2018 | 382 pages
Small book image
Industrial Internet Application Development
Alena Traukina | Jayant Thomas | Prashant Tyagi | Veera Kishore Reddipalli
Sep, 2018 | 412 pages
Table of Contents (22 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
Dedication
Dedication
Packt Upsell
Packt Upsell
Foreword
Foreword
Contributors
Contributors
Disclaimer
Disclaimer
Preface
Preface
Free Chapter
1
An Unprecedented Opportunity at Stake
An Unprecedented Opportunity at Stake
Defining the Industrial IoT
Industrial IoT security – a business imperative
Cybersecurity versus cyber-physical IoT security
Industrial "things," connectivity, and operational technologies
IT and OT convergence – what it really means
Industrial IoT deployment architecture
Divergence in IT and OT security fundamentals
Industrial threats, vulnerabilities, and risk factors
Evolution of cyber-physical attacks
Industrial IoT use cases – examining the cyber risk gap
Summary
2
Industrial IoT Dataflow and Security Architecture
Industrial IoT Dataflow and Security Architecture
Primer on IIoT attacks and countermeasures
Trustworthiness of an IIoT system
Industrial big data pipeline and architectures
Industrial IoT security architecture
Summary
3
IIoT Identity and Access Management
IIoT Identity and Access Management
A primer on identity and access control
Distinguishing features of IAM in IIoT
Identity management across the device lifecycle
Authentication and authorization frameworks for IIoT
Trust models – public key infrastructures and digital certificates
PKI certificate standards for IIoT
Extending the OAuth 2.0 authorization framework for IoT access control
IEEE 802.1x
Identity support in messaging protocols
Monitoring and management capabilities
Building an IAM strategy for IIoT deployment
Summary
4
Endpoint Security and Trustworthiness
Endpoint Security and Trustworthiness
Defining an IIoT endpoint
Endpoint security enabling technologies
IIoT endpoint vulnerabilities
Establishing trust in hardware
Endpoint identity and access control
Initialization and boot process integrity
Establishing endpoint trust during operations
Endpoint data integrity
Endpoint security using isolation techniques
Endpoint physical security
Machine learning enabled endpoint security
Endpoint security testing and certification
Endpoint protection industry standards
Summary
5
Securing Connectivity and Communications
Securing Connectivity and Communications
Definitions – networking, communications, and connectivity
Distinguishing features of IIoT connectivity
IIoT connectivity architectures
Controls for IIoT connectivity protection
Security assessment of IIoT connectivity standards and protocols
Fieldbus protocols
Connectivity framework standards
Connectivity transport standards
Connectivity network standards
Data link and physical access standards
Summary
6
Securing IIoT Edge, Cloud, and Apps
Securing IIoT Edge, Cloud, and Apps
Defining edge, fog, and cloud computing
IIoT cloud security architecture
Cloud security – shared responsibility model
Defense-in-depth cloud security strategy
Infrastructure security
Identity and access management
Application security
Data protection
Data encryption
Securing the data life cycle
Cloud security operations life cycle
Secure device management
Cloud security standards and compliance
Case study of IIoT cloud platforms
Cloud security assessment
Summary
7
Secure Processes and Governance
Secure Processes and Governance
Challenges of unified security governance
Securing processes across the IIoT life cycle
Understanding security roles
Elements of an IIoT security program
Security maturity model
Implementing an IIoT security program
Summary
8
IIoT Security Using Emerging Technologies
IIoT Security Using Emerging Technologies
Blockchain to secure IIoT transactions
Cognitive countermeasures – AI, machine learning, and deep learning
Time-sensitive networking – Next-gen industrial connectivity
Other Promising Trends
Summary
9
Real-World Case Studies in IIoT Security
Real-World Case Studies in IIoT Security
Analysis of a real-world cyber-physical attack
Case study 2 – Building a successful IIoT security program
Case study 3 – ISA/IEC 62443 based industrial endpoint protection
Summary
10
The Road Ahead
The Road Ahead
An era of decentralized autonomy
Endpoint security
Standards and reference architecture
Industrial collaboration
Interoperability
Green patches in brownfield
Technology trends
Summary
I
I
II
II
Security standards – quick reference
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Cloud security – shared responsibility model

To protect cloud-based solutions, the tenant (customer) and the CSPs usually share the security responsibilities. The three common models of cloud service offerings are listed as follows:

  • Infrastructure-as-a-Service (IaaS)
  • Platform-as-a-Service (PaaS)
  • Software-as-a-Service (SaaS)

The split in responsibilities varies according to the cloud service level agreement between the customer and cloud provider, as specified in the ISO/IEC 17789 standard. Since the customer is in control of the edge functionalities, a separation of duties is key to ensure the implementation of the right security controls. To avoid any ambiguity, the ISO/IEC 27017 standard recommends a cloud service agreement between the customer and the provider to clearly enumerate these shared roles and responsibilities.

In the case of the IaaS cloud service model, the customer is typically responsible for the security of data, application software stack, systems, networks, and also security...

Previous Section
End of Section 4
Next Section