Book Image

Practical Industrial Internet of Things Security

By : Sravani Bhattacharjee
Book Image

Practical Industrial Internet of Things Security

By: Sravani Bhattacharjee

Overview of this book

Securing connected industries and autonomous systems is of primary concern to the Industrial Internet of Things (IIoT) community. Unlike cybersecurity, cyber-physical security directly ties to system reliability as well as human and environmental safety. This hands-on guide begins by establishing the foundational concepts of IIoT security with the help of real-world case studies, threat models, and reference architectures. You’ll work with practical tools to design risk-based security controls for industrial use cases and gain practical knowledge of multi-layered defense techniques, including identity and access management (IAM), endpoint security, and communication infrastructure. You’ll also understand how to secure IIoT lifecycle processes, standardization, and governance. In the concluding chapters, you’ll explore the design and implementation of resilient connected systems with emerging technologies such as blockchain, artificial intelligence, and machine learning. By the end of this book, you’ll be equipped with the all the knowledge required to design industry-standard IoT systems confidently.

Related Content you might be interested in

Current Title:

Small book image
Practical Industrial Internet of Things Security
Sravani Bhattacharjee
Jul, 2018 | 324 pages
Small book image
Architecting the Industrial Internet
Shyam Varan Nath | Robert Stackowiak | Carla Romano
Sep, 2017 | 360 pages
Small book image
Practical Internet of Things Security
Brian Russell | Drew Van Duren
Nov, 2018 | 382 pages
Small book image
Industrial Internet Application Development
Alena Traukina | Jayant Thomas | Prashant Tyagi | Veera Kishore Reddipalli
Sep, 2018 | 412 pages
Table of Contents (22 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
Dedication
Dedication
Packt Upsell
Packt Upsell
Foreword
Foreword
Contributors
Contributors
Disclaimer
Disclaimer
Preface
Preface
Free Chapter
1
An Unprecedented Opportunity at Stake
An Unprecedented Opportunity at Stake
Defining the Industrial IoT
Industrial IoT security – a business imperative
Cybersecurity versus cyber-physical IoT security
Industrial "things," connectivity, and operational technologies
IT and OT convergence – what it really means
Industrial IoT deployment architecture
Divergence in IT and OT security fundamentals
Industrial threats, vulnerabilities, and risk factors
Evolution of cyber-physical attacks
Industrial IoT use cases – examining the cyber risk gap
Summary
2
Industrial IoT Dataflow and Security Architecture
Industrial IoT Dataflow and Security Architecture
Primer on IIoT attacks and countermeasures
Trustworthiness of an IIoT system
Industrial big data pipeline and architectures
Industrial IoT security architecture
Summary
3
IIoT Identity and Access Management
IIoT Identity and Access Management
A primer on identity and access control
Distinguishing features of IAM in IIoT
Identity management across the device lifecycle
Authentication and authorization frameworks for IIoT
Trust models – public key infrastructures and digital certificates
PKI certificate standards for IIoT
Extending the OAuth 2.0 authorization framework for IoT access control
IEEE 802.1x
Identity support in messaging protocols
Monitoring and management capabilities
Building an IAM strategy for IIoT deployment
Summary
4
Endpoint Security and Trustworthiness
Endpoint Security and Trustworthiness
Defining an IIoT endpoint
Endpoint security enabling technologies
IIoT endpoint vulnerabilities
Establishing trust in hardware
Endpoint identity and access control
Initialization and boot process integrity
Establishing endpoint trust during operations
Endpoint data integrity
Endpoint security using isolation techniques
Endpoint physical security
Machine learning enabled endpoint security
Endpoint security testing and certification
Endpoint protection industry standards
Summary
5
Securing Connectivity and Communications
Securing Connectivity and Communications
Definitions – networking, communications, and connectivity
Distinguishing features of IIoT connectivity
IIoT connectivity architectures
Controls for IIoT connectivity protection
Security assessment of IIoT connectivity standards and protocols
Fieldbus protocols
Connectivity framework standards
Connectivity transport standards
Connectivity network standards
Data link and physical access standards
Summary
6
Securing IIoT Edge, Cloud, and Apps
Securing IIoT Edge, Cloud, and Apps
Defining edge, fog, and cloud computing
IIoT cloud security architecture
Cloud security – shared responsibility model
Defense-in-depth cloud security strategy
Infrastructure security
Identity and access management
Application security
Data protection
Data encryption
Securing the data life cycle
Cloud security operations life cycle
Secure device management
Cloud security standards and compliance
Case study of IIoT cloud platforms
Cloud security assessment
Summary
7
Secure Processes and Governance
Secure Processes and Governance
Challenges of unified security governance
Securing processes across the IIoT life cycle
Understanding security roles
Elements of an IIoT security program
Security maturity model
Implementing an IIoT security program
Summary
8
IIoT Security Using Emerging Technologies
IIoT Security Using Emerging Technologies
Blockchain to secure IIoT transactions
Cognitive countermeasures – AI, machine learning, and deep learning
Time-sensitive networking – Next-gen industrial connectivity
Other Promising Trends
Summary
9
Real-World Case Studies in IIoT Security
Real-World Case Studies in IIoT Security
Analysis of a real-world cyber-physical attack
Case study 2 – Building a successful IIoT security program
Case study 3 – ISA/IEC 62443 based industrial endpoint protection
Summary
10
The Road Ahead
The Road Ahead
An era of decentralized autonomy
Endpoint security
Standards and reference architecture
Industrial collaboration
Interoperability
Green patches in brownfield
Technology trends
Summary
I
I
II
II
Security standards – quick reference
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Security standards – quick reference

Standards related to Industrial IoT security discussed in this book are summarized here for quick referenence.

Device endpoint security

  • CWE: Common Weakness Enumeration
  • FIPS 140-2: Security Requirements for Cryptographic Modules
  • FIPS 180-4: NIST-CSRC Secure Hash Standard (SHS)
  • ISO/IEC 197702: Specification on Software Tagging
  • ISA 62443-1-1: Security for Industrial Automation and Control Systems Part 1 – Terminology, Concepts, and Models
  • ISA/IEC 62443-3-3: Security for Industrial Automation and Control Systems Part 3-3 – System Security Requirements and Security Levels
  • ISO/IEC 15408: Common Criteria for Information Technology Security Evaluation
  • NIST SP 800-155: Boot-process integrity measurement
  • NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations

Industrial connectivity infrastructure security

  • ISA95: Purdue Enterprise Reference Architecture Enterprise-Control System Integration
  • ISA-99: Industrial Automation and Control Systems Security (https://www.isa.org/isa99/)
  • IEC 62443: Industrial Network and System Security
  • IEC 62541: OPC Unified Architecture Specification
  • IEC 61850: Substation Automation Protocols
  • IEEE 1588: IEEE Standard for a Precision Clock Synchronization Protocol for Network Measurement and Control Systems
  • NIST SP 800-53 Rev 4: Recommended Security and Privacy Controls for Federal Information Systems and Organizations
  • NIST SP 800-82 Rev 2: Guide to Industrial Control Systems (ICS) Security, May 2015
  • NIST SP 800-52: Guidelines on the Selection and Use of Transport-Layer Security
  • TIA-942-A (http://www.tia-942.org/): ANSI/TIA-942-A: Telecommunications Infrastructure Standard for Datacenters (http://blog.siemon.com/standards/tia-942-and-tia-942-a-%E2%80%9Cdata-center-infrastructure%E2%80%9D-standards)

Edge-cloud security

  • ISO/IEC 27001: A high-level management systems standard and its associated cloud-service-specific standards: ISO/IEC 27017 (for security) and ISO/IEC 27018 (for protection of personal data)
  • Standards addressing specific aspects of cloud computing: ISO/IEC 27033 for network security, ISO/IEC 27034 for application security, ISO/IEC 19086 for cloud service SLAs
  • Technology-specific security standards: Such as OASIS KMIP (key management), FIPS 140-2 (approved cryptographic modules), and OASIS SAML 2.0 (security assertions, used in IdAM implementations)
  • ISO/IEC 20889: Standardizes de-identification techniques
  • US National Institute of Standards and Technology (NIST) Special Publication 800-175B: Provides guidance on strong cryptographic methods
  • NIST SP 800-144: Guidelines on Security and Privacy in Public Cloud Computing

 

 

Some useful documents on cloud security include the following:

Previous Section
End of Chapter
Next Chapter