Index
A
- access control services (ACS) / Microservice architecture
- Advanced Message Queuing Protocol (AMQP)
- about / Advanced Message Queuing Protocol (AMQP)
- reference / Advanced Message Queuing Protocol (AMQP)
- Advanced Metering Infrastructure (AMI) / IEEE 802.16 (WiMAX)
- AI-based IIoT security
- practical considerations / Practical considerations for AI-based IIoT security
- Amazon AWS IoT case study / Case study 3 – Amazon AWS IoT
- Amazon Web Services (AWS)
- shared responsibility model / Cloud security – shared responsibility model
- application entities (AEs) / oneM2M
- application security
- about / Application security
- microservice architecture / Microservice architecture
- container security / Container security
- credential store / Credential store and vault
- vault / Credential store and vault
- artificial intelligence (AI) / Cognitive countermeasures – AI, machine learning, and deep learning
- attack surface / Attack surfaces and attack vectors
- attack trees / Attack trees
- attack vector / Attack surfaces and attack vectors
- authentication / IEEE 802.1x
- authentication, authorization, and accounting (AAA) protocol / IEEE 802.1x
- authentication frameworks
- authorization / IEEE 802.1x
- authorization frameworks
- automated process control system (APCS) / Controls for IIoT connectivity protection
- autonomous ecosystem
- endpoint security / Endpoint security
- standards / Standards and reference architecture
- reference architecture / Standards and reference architecture
B
- Basic Input/Output System (BIOS) / Initialization and boot process integrity
- Basic Safety Messages (BSM) / Smart city and autonomous transportation
- biometrics / Biometrics
- Bitcoin / Blockchain to secure IIoT transactions, Digital identity with blockchains
- block / Blockchain to secure IIoT transactions
- blockchain
- IIoT transactions, securing / Blockchain to secure IIoT transactions
- public blockchain / Public and private blockchains
- private blockchain / Public and private blockchains
- supply chain, securing / Securing the supply chain
- challenges / Blockchain challenges
- Bluetooth low-energy (BLE) / Healthcare and pharmaceuticals
- boot process integrity / Initialization and boot process integrity
- boundary defense
- with filtering / Boundary defense with firewalls and filtering
- with firewalls / Boundary defense with firewalls and filtering
- bring-your-own-device (BYOD) trend / Interdependence of critical infrastructures
- brownfield deployments
- green patches / Green patches in brownfield
- Business Continuity Plan and Disaster Recovery (BCP DR) / Business continuity plan and disaster recovery
- business intelligence (BI) / Industrial big data pipeline and architectures
- business viewpoint / Business viewpoint
C
- cellular communications / Cellular communications
- certificate-based authentication / Certificate-based authentication
- certificate authority (CA) / Certificate-based authentication
- Certificate Revocation List (CRL) / Revocation support and OCSP, Resource-constrained endpoint protection
- certificate signing requests (CSR) / Trust models – public key infrastructures and digital certificates
- chronicled
- reference / Securing the supply chain
- client-server pattern / Connectivity framework standards
- cloud computing
- about / Defining edge, fog, and cloud computing
- implications / Defining edge, fog, and cloud computing
- Cloud Control Matrix
- reference / Cloud security standards and compliance
- cloud delivery models
- SaaS model / Vulnerability management
- PaaS model / Vulnerability management
- cloud security
- about / Cloud security – shared responsibility model
- standards / Cloud security standards and compliance
- assessment / Cloud security assessment
- cloud security operations life cycle
- about / Cloud security operations life cycle
- Business Continuity Plan and Disaster Recovery (BCP DR) / Business continuity plan and disaster recovery
- secure patch management / Secure patch management
- security monitoring / Security monitoring
- vulnerability management / Vulnerability management
- threat intelligence / Threat intelligence
- incident response / Incident response
- cloud service provider (CSP) / Secure tunnels and VPNs
- cognitive computing / Cognitive countermeasures – AI, machine learning, and deep learning
- Cognitive IoT (cIoT) / Technology trends
- Commercial Off-The-Shelf (COTS) / Endpoint security testing and certification
- Common Industrial Protocol (CIP) / Fieldbus protocols
- common service entity (CSE) / oneM2M
- communications / Definitions – networking, communications, and connectivity
- components, ICS/SCADA system
- control server / ICS components and data networks
- master terminal unit (MTU) / ICS components and data networks
- remote telemetry unit (RTU) / ICS components and data networks
- intelligent electronic devices (IED) / ICS components and data networks
- human-machine interface (HMI) / ICS components and data networks
- data historian / ICS components and data networks
- IO server / ICS components and data networks
- comprehensive access control / Comprehensive access control
- connectivity / Definitions – networking, communications, and connectivity
- connectivity network standards / Connectivity network standards
- connectivity transport standards
- about / Connectivity transport standards
- Transmission Control Protocol (TCP) / Transmission Control Protocol (TCP)
- User Datagram Protocol (UDP) / User Datagram Protocol (UDP)
- MQTT / MQTT and MQTT-SN
- MQTT-SN / MQTT and MQTT-SN
- Constrained Application Protocol (CoAP) / Constrained Application Protocol (CoAP)
- Advanced Message Queuing Protocol (AMQP) / Advanced Message Queuing Protocol (AMQP)
- connect packet / Extending the OAuth 2.0 authorization framework for IoT access control
- Constrained Application Protocol (CoAP)
- about / Constrained Application Protocol (CoAP)
- security / CoAP security
- consumer
- versus Industrial IoT / Consumer versus Industrial IoT
- container isolation / Container isolation
- container security / Container security
- Continuous Integration/Continuous Deployment (CI/CD) / Cloud security operations life cycle
- control area network (CAN) / Smart city and autonomous transportation
- core gateway / Core and edge gateways
- crypto accelerators / Hardware security components
- cryptographic algorithms
- encryption / Key-based authentication
- decryption / Key-based authentication
- CSCC white paper Cloud Security Standards
- reference / Cloud security standards and compliance
- Customer Relationship Management (CRM) / Industrial big data pipeline and architectures, Functional viewpoint
- cyber-physical attacks
- evolution / Evolution of cyber-physical attacks
- cyber-physical defense / Cyber-physical defense – Lessons learned
- cyber-physical system (CPS) / What is a cyber-physical system?
- cyber risk gap
- cybersecurity
- versus cyber physical IoT security / Cybersecurity versus cyber-physical IoT security
- Cylance
- reference / Machine learning enabled endpoint security
D
- Data Distribution Service (DDS)
- about / Pattern 2 – Layered databus architecture, Cryptography controls
- security / DDS security
- authentication / DDS security
- access control / DDS security
- cryptographic control / DDS security
- logging / DDS security
- tagging / DDS security
- Data Distribution Standard (DDS) / DDS
- data encryption
- about / Data encryption
- keys / Key and digital certificate management
- digital certificate management / Key and digital certificate management
- Data Exchange Layer (DXL) / MQTT
- data governance / Data governance
- Datagram TLS (DTLS) / CoAP
- Datagram Transport Layer Security (DTLS) / Extending the OAuth 2.0 authorization framework for IoT access control, UDP security
- Data in motion (DIM) / Endpoint data integrity
- Data in use (DIU) / Endpoint data integrity
- data life cycle
- securing / Securing the data life cycle
- data protection / Data protection
- decentralized autonomy / An era of decentralized autonomy
- decentralized identifier (DID) / Digital identity with blockchains
- decentralized PKI (DPKI) infrastructure / Digital identity with blockchains
- dedicated short-range communications (DSRC) / Smart city and autonomous transportation
- deep learning / Cognitive countermeasures – AI, machine learning, and deep learning
- deep packet inspection (DPI) /
- defense-in-depth cloud security strategy / Defense-in-depth cloud security strategy
- demilitarized zone (DMZ) / Industrial demilitarized zones
- Denial of Service (DoS) / Software platform vulnerabilities
- Department of Homeland Security (DHS) / Evolution of cyber-physical attacks
- Department of Transportation (DOT) / Smart city and autonomous transportation
- device management capabilities
- monitoring / Monitoring and management capabilities
- managing / Monitoring and management capabilities
- activity logging / Activity logging support
- OCSP / Revocation support and OCSP
- revocation / Revocation support and OCSP
- digital certificates / Trust models – public key infrastructures and digital certificates
- digital continuum / Manufacturing
- digital identity
- with blockchain / Digital identity with blockchains
- distributed control system (DCS) / What is a cyber-physical system?, An overview of SCADA, DCS, and PLC
- distribution management system (DMS) / Analysis of a real-world cyber-physical attack
- DREAD threat model
- about / DREAD threat model
- damage / DREAD threat model
- reproducibility / DREAD threat model
- exploitability / DREAD threat model
- affected users / DREAD threat model
- discoverability / DREAD threat model
E
- edge computing
- about / Defining edge, fog, and cloud computing
- capabilities / Defining edge, fog, and cloud computing
- edge gateway / Core and edge gateways
- electronic serial numbers (ESNs) / Identity management across the device lifecycle
- elements, IIoT security program
- risk assessment / Risk assessment
- regulatory compliance / Regulatory compliance
- security policy / Security policy
- security monitoring / Security monitoring
- security analysis / Security analysis
- incident response / Incident response and management
- security audits / Security audits
- elliptic curve cryptography (ECC) / Asymmetric keys
- Embedded Device Security Assurance (EDSA) / Endpoint security testing and certification
- endpoint access control / Endpoint identity and access control
- endpoint data integrity
- about / Endpoint data integrity
- configuration / Endpoint configuration and management
- management / Endpoint configuration and management
- visibility / Endpoint visibility and control
- control / Endpoint visibility and control
- endpoint identity / Endpoint identity and access control
- endpoint physical security / Endpoint physical security
- endpoint security
- enabler technologies / Endpoint security enabling technologies
- endpoint security, with isolation techniques
- about / Endpoint security using isolation techniques
- process isolation / Process isolation
- container isolation / Container isolation
- virtual isolation / Virtual isolation
- physical isolation / Physical isolation
- endpoint security best practices (ESec-BP) / Endpoint security enabling technologies
- endpoint trust, during operation phase
- about / Establishing endpoint trust during operations
- secure updates / Secure updates
- trustworthy execution ecosystem / A trustworthy execution ecosystem
- Enterprise Resource Planning (ERP) / Industrial big data pipeline and architectures, Functional viewpoint
- European Commission (EC) / Industry governance
- extensible authentication protocol (EAP) / IEEE 802.1x
- extract, transform, and load (ETL) / Industrial big data pipeline and architectures
F
- false acceptance rate (FAR) / Authentication
- false rejection rate (FRR) / Authentication
- fault tree analysis (FTA) / Fault tree analysis
- Federal Information Processing Standard (FIPS) / Evaluating security products
- FIDO alliance
- reference / Biometrics
- Fieldbus protocols / Fieldbus protocols, Fieldbus protocols
- field programmable gate arrays (FPGA) / Resource-constrained endpoint protection, Hardware security components
- final control elements (FCEs) / What is a cyber-physical system?
- fog computing
- about / Defining edge, fog, and cloud computing
- capabilities / Defining edge, fog, and cloud computing
- Food and Drug Administration (FDA) / Healthcare and pharmaceuticals
- Forward Collision Warning (FSW) / Smart city and autonomous transportation
- full function device (FFD) / IEEE 802.15.4 WPAN
- functional viewpoint
- about / Functional viewpoint
- control domain / Functional viewpoint
- operations domain / Functional viewpoint
- information domain / Functional viewpoint
- application domain / Functional viewpoint
- business domain / Functional viewpoint
G
- General Electric (GE) / Industrial IoT, Industrial Internet, and Industrie 4.0
- Global Data Protection Regulation (GDPR) / Challenges of unified security governance
- Global Discovery Server (GDS) / OPC UA security
- globally unique identifier (GUID) / Identity management across the device lifecycle
- greenhouse gases (GHG) / Smart city and autonomous transportation
- gross domestic product (GDP) / Industrial IoT, Industrial Internet, and Industrie 4.0
H
- Hardware Security Modules (HSM) / Hardware security components
- host intrusion detection (HID) / Machine learning enabled endpoint security
- host intrusion protection (HIP) / Machine learning enabled endpoint security
- Human Machine Interface (HMI) / Evolution of cyber-physical attacks, Virtual isolation
- Human Resource Management (HRM) / Functional viewpoint
- Hypertext Transfer Protocol (HTTP)
- about / Web services and HTTP
- security / Web services and HTTP security
- Hypr
- reference / Biometrics
I
- IAM strategy
- building, for IIoT deployment / Building an IAM strategy for IIoT deployment
- risk-based policy management / Risk-based policy management
- ICS/SCADA system
- ICS risks / Risks
- Identification and Authentication Control / Endpoint identity and access control
- identity and access control
- about / A primer on identity and access control
- identification / Identification
- authentication / Authentication
- authorization / Authorization
- account management / Account management
- identity and access management (IAM)
- features, distinguishing in IIoT / Distinguishing features of IAM in IIoT
- IIoT endpoints, diversity / Diversity of IIoT endpoints
- resource-constrained / Resource-constrained and brownfield considerations
- brownfield considerations / Resource-constrained and brownfield considerations
- physical safety and reliability / Physical safety and reliability
- scalability and autonomy / Autonomy and scalability
- event logging / Event logging is a rarity
- subscription-based models / Subscription-based models
- identity attacks, increasing / Increasing sophistication of identity attacks
- risk-based access control policy / Risk-based access control policy
- identity management
- across device lifecycle / Identity management across the device lifecycle
- about / Identity and access management
- IEC
- reference / Endpoint security testing and certification
- IEEE 802.1x / IEEE 802.1x
- IEEE 802.11 wireless LAN / IEEE 802.11 wireless LAN
- IEEE 802.15.4 WPAN / IEEE 802.15.4 WPAN
- IETF RFC 4301
- reference / Connectivity network standards
- IIC's Industrial Internet Security Framework (IIC-IISF)
- about / Building blocks of industrial IoT security architecture
- endpoint protection / Building blocks of industrial IoT security architecture
- communications and connectivity protection / Building blocks of industrial IoT security architecture
- security model and policy / Building blocks of industrial IoT security architecture
- IIC Industrial Internet Connectivity Framework (IIC-IICF) / Interoperability
- IIC Vocabulary / Defining an IIoT endpoint
- IIoT
- authorization frameworks for / Authentication and authorization frameworks for IIoT
- authentication frameworks for / Authentication and authorization frameworks for IIoT
- password-based authentication / Password-based authentication
- biometrics / Biometrics
- multi-factor authentication / Multi-factor authentication
- key-based authentication / Key-based authentication
- zero-knowledge keys / Zero-knowledge keys
- certificate-based authentication / Certificate-based authentication
- PKI certificate standards for / PKI certificate standards for IIoT
- IIoT attacks
- about / Primer on IIoT attacks and countermeasures
- attack surface / Attack surfaces and attack vectors
- attack vector / Attack surfaces and attack vectors
- attack trees / Attack trees
- fault tree analysis (FTA) / Fault tree analysis
- threat modeling / Threat modeling
- IIoT cloud platforms
- case study / Case study of IIoT cloud platforms
- Predix IIoT platform case study / Case study 1 – Predix IIoT platform
- Microsoft Azure IoT case study / Case study 2 – Microsoft Azure IoT
- Amazon AWS IoT case study / Case study 3 – Amazon AWS IoT
- IIoT cloud security architecture
- about / IIoT cloud security architecture
- secured industrial site / Secured industrial site
- secured edge intelligence / Secured edge intelligence
- secured edge-cloud transport / Secure edge cloud transport
- secure cloud services / Secure cloud services
- IIoT connectivity
- features, distinguishing / Distinguishing features of IIoT connectivity
- deterministic behavior / Deterministic behavior
- interoperability / Interoperability – proprietary versus open standards
- performance characteristics / Performance characteristics – latency, jitter, and throughput
- legacy networks, with disappearing air gaps / Legacy networks with disappearing air gaps
- physical layer, for resource-constrained networks / Access to resource-constrained networks
- massive transition / Massive transition by connecting the unconnected
- security assessment, of standards and protocols / Security assessment of IIoT connectivity standards and protocols
- IIoT connectivity architectures
- about / IIoT connectivity architectures
- multi-tier model / Multi-tier IIoT-secured connectivity architecture
- layered databus architecture / Layered databus architecture
- IIoT connectivity framework standards
- about / Connectivity framework standards
- data distribution service / Data Distribution Service
- oneM2M / oneM2M
- Open Platform Communications Unified Architecture / Open Platform Communications Unified Architecture (OPC UA)
- web services / Web services and HTTP
- HTTP / Web services and HTTP
- IIoT connectivity protection
- controls / Controls for IIoT connectivity protection
- tunnels, securing / Secure tunnels and VPNs
- VPNs, securing / Secure tunnels and VPNs
- cryptography controls / Cryptography controls
- network segmentation / Network segmentation
- industrial demilitarized zones / Industrial demilitarized zones
- boundary defense, with firewalls / Boundary defense with firewalls and filtering
- boundary defense, with filtering / Boundary defense with firewalls and filtering
- comprehensive access control / Comprehensive access control
- core gateway / Core and edge gateways
- edge gateway / Core and edge gateways
- unidirectional gateway protection / Unidirectional gateway protection
- asset discovery / Asset discovery, visibility, and monitoring
- asset visibility / Asset discovery, visibility, and monitoring
- asset monitoring / Asset discovery, visibility, and monitoring
- physical security / Physical security – the first line of defense
- IIoT countermeasures / Primer on IIoT attacks and countermeasures
- IIoT endpoint
- defining / Defining an IIoT endpoint
- motivation for endpoint protection / Motivation and risk-based endpoint protection
- risk-based endpoint protection / Motivation and risk-based endpoint protection
- resource-constrained endpoint protection / Resource-constrained endpoint protection
- Brownfield scenario considerations / Brownfield scenario considerations
- vulnerabilities / IIoT endpoint vulnerabilities
- trust, establishing in hardware / Establishing trust in hardware
- hardware security components / Hardware security components
- secrets, securing / Securing secrets, or sealing
- security test approaches / Endpoint security testing and certification
- certification / Endpoint security testing and certification
- protection industry standards / Endpoint protection industry standards
- IIoT lifecycle
- security practices / Securing processes across the IIoT life cycle
- business cases / Business cases
- system definitions / System definitions
- development / Development
- deployment / Deployment
- operations / Operations
- IIOT security, distinguishing characteristics
- operational priorities / Divergence in IT and OT security fundamentals, Operational priorities
- attack surface / Attack surface and threat actors
- threat actors / Attack surface and threat actors
- IIoT security program
- elements / Elements of an IIoT security program
- implementing / Implementing an IIoT security program, Implementation
- regulatory compliance / Deciding on regulatory compliance
- risk assessment / Assessing and managing risks
- third-party security management / Managing third-party security
- security policy, enforcing / Enforcing the security policy
- continuous monitoring / Continuous monitoring and analysis
- analysis / Continuous monitoring and analysis
- security training, conducting / Conducting security training
- incident management / Implementing incident management
- security audits / Defining security audits
- security revisions / Security revisions and maturity
- maturity / Security revisions and maturity
- building / Case study 2 – Building a successful IIoT security program
- background / Background
- defining / Defining the security program
- IIoT security team
- establishing / Establishing an IIoT security team
- IIoT system
- trustworthiness / Trustworthiness of an IIoT system
- about / Technology trends
- IIoT transactions
- securing, blockchain used / Blockchain to secure IIoT transactions
- industrial automation control system (IACS) / Case study 2 – Building a successful IIoT security program
- industrial big data pipeline
- architectures / Industrial big data pipeline and architectures
- about / Industrial big data pipeline and architectures
- on-premise data sources / Industrial big data pipeline and architectures
- data ingestion / Industrial big data pipeline and architectures
- data preparation and analytics / Industrial big data pipeline and architectures
- stream analytics / Industrial big data pipeline and architectures
- data visualization / Industrial big data pipeline and architectures
- industrial control system (ICS)
- about / An overview of SCADA, DCS, and PLC
- architecture / Industrial control system architecture
- network components /
- industrial DMZ (IDMZ) / Industrial demilitarized zones
- Industrial Internet / Industrial IoT, Industrial Internet, and Industrie 4.0
- Industrial Internet Consortium (IIC) / Consumer versus Industrial IoT, Industrial IoT security architecture, Industry governance, Standards and reference architecture
- Industrial Internet of Things (IIoT) / Industrial IoT, Industrial Internet, and Industrie 4.0
- Industrial Internet Reference Architecture (IIRA) / Industrial IoT security architecture
- Industrial IoT
- defining / Defining the Industrial IoT
- versus consumer / Consumer versus Industrial IoT
- deployment architecture / Industrial IoT deployment architecture
- use cases / Industrial IoT use cases – examining the cyber risk gap
- Industrial IoT Security / Industrial IoT security – a business imperative
- Industrial IoT security architecture
- about / Industrial IoT security architecture
- business viewpoint / Business viewpoint
- usage viewpoint / Usage viewpoint
- functional viewpoint / Functional viewpoint
- implementation viewpoint / Implementation viewpoint
- patterns / IIoT architecture patterns
- three-tier architectural model / Pattern 1 – Three-tier architectural model
- layered databus architecture / Pattern 2 – Layered databus architecture
- building blocks / Building blocks of industrial IoT security architecture
- our-tier IIoT security model / A four-tier IIoT security model
- industrial technologies
- interoperability / Interoperability
- Industrie 4.0 / Industrial IoT, Industrial Internet, and Industrie 4.0
- industry collaboration / Industrial collaboration
- industry governance / Industry governance
- information assurance (IA) / Industrial threats, vulnerabilities, and risk factors, Threats and threat actors
- information technology (IT) / Industrial IoT, Industrial Internet, and Industrie 4.0
- Infrastructure-as-a-Service (IaaS) / Cloud security – shared responsibility model
- infrastructure security / Infrastructure security
- insider threats / Public and private blockchains
- International Society of Automation (ISA) / IIoT connectivity architectures
- Internet Engineering Task Force (IETF) / Defining the Industrial IoT
- Internet Group Management Protocol (IGMP) / Connectivity network standards
- internet protocol (IP) / Massive transition by connecting the unconnected
- intrusion detection and prevention (IDS/IPS) / Boundary defense with firewalls and filtering
- IoT Security Maturity Model (IIC-SMM) / Security maturity model
- ISA/IEC 62443-based industrial endpoint protection case study
- about / Case study 3 – ISA/IEC 62443 based industrial endpoint protection
- background / Background
- solution / Solution
- ISA Security Compliance Institute (ISCI)
- reference / Endpoint security testing and certification
- ISO
- reference / Endpoint security testing and certification
- IT/ICS security
- characteristics / Interdependence of critical infrastructures
- IT convergence / IT and OT convergence – what it really means
- ITU-T X.509 / ITU-T X.509
K
- key-based authentication
- about / Key-based authentication, Symmetric keys
- symmetric keys / Symmetric keys
- asymmetric keys / Asymmetric keys
- key encryption keys (KEK) / Symmetric keys
L
- layered databus architecture / Layered databus architecture
- local area network (LAN) / An overview of SCADA, DCS, and PLC, Data link and physical access standards
- Logical Access Control System (LACS) / Physical safety and reliability
- low-power wide area network (LPWAN) / LoRaWAN
M
- machine-to-cloud (M2C) connectivity / Layered databus architecture
- machine-to-machine (M2M) / Machine-to-Machine, Layered databus architecture
- machine learning / Cognitive countermeasures – AI, machine learning, and deep learning
- machine learning-enabled endpoint security / Machine learning enabled endpoint security
- machine to cloud (M2C) communications / Identity and access management
- managed remote access (MRA) / Comprehensive access control
- Manufacturing Execution System (MES) / Functional viewpoint
- measured boot / Initialization and boot process integrity
- Measurement Assessment Authority (MAA) / Initialization and boot process integrity
- media access control (MAC) / Identification
- media access link layer infrastructure / Definitions – networking, communications, and connectivity
- Message Queuing Telemetry Transport (MQTT) / Pattern 2 – Layered databus architecture
- messaging protocols
- identity support in / Identity support in messaging protocols
- MQTT / MQTT
- CoAP / CoAP
- DDS / DDS
- REST / REST
- microservice architecture / Microservice architecture
- Microsoft Azure IoT case study / Case study 2 – Microsoft Azure IoT
- mining / Blockchain to secure IIoT transactions
- modus operandi / Blockchain to secure IIoT transactions
- MQ Telemetry Transport (MQTT)
- about / MQTT and MQTT-SN
- security / MQTT security
- multi-factor authentication / Multi-factor authentication
N
- National Health Service (NHS) / The ransomware attack on the healthcare enterprise – "WannaCry" case study
- National Highway Traffic Safety Administration (NHTSA) / Smart city and autonomous transportation
- National Institute of Standards and Technology (NIST) / Data encryption
- Network As a Platform (INETNW) / Defining edge, fog, and cloud computing
- networking / Definitions – networking, communications, and connectivity
- network segmentation / Network segmentation
- network vulnerabilities / Network vulnerability
O
- OAuth 2.0 authorization framework
- extending, for IoT access control / Extending the OAuth 2.0 authorization framework for IoT access control
- Object Management Group (OMG) / Pattern 2 – Layered databus architecture, Data Distribution Service
- oneM2M
- about / oneM2M
- security / oneM2M security
- Online Certificate Status Protocol (OCSP) / Revocation support and OCSP, Resource-constrained endpoint protection
- Open Interoperability Consortium (OIC) / oneM2M
- Open Platform Communications Unified Architecture (OPC UA)
- about / Open Platform Communications Unified Architecture (OPC UA)
- security / OPC UA security
- operational technology (OT) / Operational technology
- OT convergence / IT and OT convergence – what it really means
- our-tier IIoT security model
- about / A four-tier IIoT security model
- endpoints and embedded software / A four-tier IIoT security model
- communication and connectivity / A four-tier IIoT security model
- cloud platform and applications / A four-tier IIoT security model
- process and governance / A four-tier IIoT security model
- over-the-air (OTA) firmware / Secure edge cloud transport
- overall operations effectiveness (OOE) / Massive transition by connecting the unconnected
- OWASP IoT attack surfaces / OWASP IoT attack surfaces
- OWASP Secure Coding Practices (OWASP-SEC) / Application security
P
- password-based authentication
- about / Password-based authentication
- scalability / Password-based authentication
- passwords, managing / Password-based authentication
- secured storage / Password-based authentication
- defaulter syndrome / Password-based authentication
- performance characteristics
- performance characteristics, IIoT connectivity
- personal digital assistant (PDA) /
- personal identifying information (PII) / Smart city and autonomous transportation
- Personally Identifiable Information (PII) / Data protection
- Physical Access Control System (PACS) / Physical safety and reliability
- physical infrastructure / Definitions – networking, communications, and connectivity
- physical isolation / Physical isolation
- physical security, IIoT connectivity protection
- perimeter protection / Physical security – the first line of defense
- physical access, controlling / Physical security – the first line of defense
- authorized device-based access / Physical security – the first line of defense
- site, monitoring / Physical security – the first line of defense
- physical unclonable function (PUF) / Other Promising Trends
- PKI certificate standards
- for IIoT / PKI certificate standards for IIoT
- ITU-T X.509 / ITU-T X.509
- IEEE 1609.2 / IEEE 1609.2
- certificate management, in IIoT deployments / Certificate management in IIoT deployments
- Platform-as-a-Service (PaaS) / Cloud security – shared responsibility model
- policy vulnerabilities / Policy and procedure vulnerabilities
- Practical AI / Cognitive countermeasures – AI, machine learning, and deep learning
- Precise Time Protocol (PTP) / Time synchronization
- Predix IIoT platform case study / Case study 1 – Predix IIoT platform
- private blockchain / Public and private blockchains
- procedure vulnerabilities / Policy and procedure vulnerabilities
- process isolation / Process isolation
- Product Lifecycle Management (PLM) / Functional viewpoint
- programmable logic controller (PLC) / What is a cyber-physical system?, An overview of SCADA, DCS, and PLC, Virtual isolation, Case study 3 – ISA/IEC 62443 based industrial endpoint protection
- proof of concept (POC) / Deployment
- protocol data units (PDUs) / IEEE 1609.2
- pseudo-wire (PW) / Secure tunnels and VPNs
- public blockchain / Public and private blockchains
- public key infrastructures (PKI) / Trust models – public key infrastructures and digital certificates
- publish-subscribe / Connectivity framework standards
- Purdue Enterprise Reference Architecture (PRA) / IIoT connectivity architectures
Q
- quantum computing / Other Promising Trends
R
- radio-frequency identification (RFID) / Autonomy and scalability
- real-time operating system (RTOS) / Endpoint security testing and certification
- real-world cyber-physical attack
- analysis / Analysis of a real-world cyber-physical attack
- background / Background and impact
- impact / Background and impact
- sequence of events / The sequence of events
- loopholes, exploiting to perform attack / Exploit loopholes to perform the attack
- attack, triggering with impact / Trigger the attack with impact
- impair operations / Impair operations and delay recovery
- delay recovery / Impair operations and delay recovery
- attack anatomy / Inside the attack anatomy
- reconnaissance / Reconnaissance
- spear phishing / Spear phishing
- credential theft / Credential theft
- data exfiltration / Data exfiltration
- remote access exploit / Remote access exploit
- impair recovery / Impair recovery – Malicious firmware, TDOS, and UPS failure
- reduced function device (RFD) / IEEE 802.15.4 WPAN
- registration authority (RA) / Trust models – public key infrastructures and digital certificates
- Remote Access Trojan (RAT) / Evolution of cyber-physical attacks
- request-response / Connectivity framework standards
- risks / Risks
- roadside equipment (RSE) / Biometrics
- role-based access control (RBAC) / Incident response
- root of trust (RoT) / Root of trust – TPM, TEE, and UEFI
S
- secured boot / Initialization and boot process integrity
- secured development life cycle (SDLC) / Development
- Secure Development Lifecycle Assurance (SDLA) / Endpoint security testing and certification
- secure device management / Secure device management
- Secure Sockets Layer (SSL) / Web services and HTTP security
- security analysis / Security analysis
- Security Analysis on Consumer and Industrial IoT Devices (SEC-IIoT)
- case study / Case study – White hack exposes smart grid meter vulnerability, Use case, Developing the exploit
- demonstration / Demonstration
- Security Assertion Markup Language (SAML) / Web services and HTTP security
- security audits / Security audits
- security operations center (SOC) / Comprehensive access control, Implementation
- security policy / Security policy
- security roles
- about / Understanding security roles
- solution provider / Solution provider
- hardware manufacturers / Hardware manufacturers
- industry governance / Industry governance
- solution owner / Solution owner
- sensor-actuator (SA) / MQTT and MQTT-SN
- Serialized Global Trade Item Number (SGTIN) / Securing the supply chain
- Server Message Block (SMB) / The ransomware attack on the healthcare enterprise – "WannaCry" case study
- set points (SPs) / What is a cyber-physical system?
- Short Lived Certificates (SLC) / Resource-constrained endpoint protection
- Simple Object Access Protocol (SOAP) / Web services and HTTP security
- Software-as-a-Service (SaaS) / Cloud security – shared responsibility model
- software-defined radio (SDR) / Demonstration
- software development life cycle (SDLC) / Application security
- software platform vulnerabilities / Software platform vulnerabilities
- solution owner / Solution owner
- solution provider / Solution provider
- STRIDE threat model
- about / STRIDE threat model
- spoofing identity / STRIDE threat model
- data, tampering / STRIDE threat model
- repudiation / STRIDE threat model
- information disclosure / STRIDE threat model
- denial of service / STRIDE threat model
- elevation of privilege / STRIDE threat model
- Stuxnet case study
- about / Cyberattack on industrial control systems – Stuxnet case study
- event flow / Event flow
- key points / Key points
- risk gap summary / Risk gap summary
- Supervisory Control and Data Acquisition (SCADA) / What is a cyber-physical system?, An overview of SCADA, DCS, and PLC
- System on Chip (SoC) / Resource-constrained endpoint protection
- System Security Assurance (SSA) / Endpoint security testing and certification
- systems of systems / Layered databus architecture
T
- telephonic denial of service (TDOS) / Impair recovery – Malicious firmware, TDOS, and UPS failure
- threat / Threats and threat actors
- threat intelligence (TI) / Threat intelligence
- threat modeling
- about / Threat modeling
- STRIDE threat model / STRIDE threat model
- DREAD threat model / DREAD threat model
- time-sensitive networking (TSN)
- about / Time-sensitive networking – Next-gen industrial connectivity, Technology trends
- time synchronization / Time synchronization
- traffic scheduling / Traffic scheduling
- system configuration / Network and system configuration
- network equipment / Network and system configuration
- benefits / TSN security
- total effective equipment performance (TEEP) / Massive transition by connecting the unconnected
- Transmission Control Protocol (TCP)
- about / Transmission Control Protocol (TCP)
- security / TCP security
- Transport Layer Security (TLS) / Extending the OAuth 2.0 authorization framework for IoT access control, Web services and HTTP security
- transport mode / Cryptography controls
- Trusted Platform Module (TPM) / Hardware security components
- trustworthiness / Trustworthiness of an IIoT system
- tunnel mode / Cryptography controls
U
- unidirectional gateway protection / Unidirectional gateway protection
- unified security governance
- challenges / Challenges of unified security governance
- uniform resource indicators (URIs) / Constrained Application Protocol (CoAP)
- uninterruptible power supply (UPS) / Impair recovery – Malicious firmware, TDOS, and UPS failure
- universally unique identifier (UUID) / Identity management across the device lifecycle
- unreliable transport protocol (UDP) / Extending the OAuth 2.0 authorization framework for IoT access control
- usage viewpoint / Usage viewpoint
- use cases, Industrial IoT
- smart grids / Energy and smart grids
- energy sectors / Energy and smart grids
- manufacturing / Manufacturing
- Stuxnet case study / Cyberattack on industrial control systems – Stuxnet case study
- smart city / Smart city and autonomous transportation
- autonomous transportation / Smart city and autonomous transportation
- healthcare / Healthcare and pharmaceuticals
- pharmaceuticals / Healthcare and pharmaceuticals
- Wannacry case study / The ransomware attack on the healthcare enterprise – "WannaCry" case study
- user account and authentication (UAA) / Microservice architecture
- User Datagram Protocol (UDP)
- about / User Datagram Protocol (UDP)
- security / UDP security
V
- vehicle-to-infrastructure (V2I) / IEEE 1609.2
- vehicle-to-vehicle (V2V) / IEEE 1609.2
- vehicle to infrastructure (V2I) / Smart city and autonomous transportation
- vehicle to vehicle (V2V) / Smart city and autonomous transportation
- virtual isolation / Virtual isolation
- virtual machine (VM) / Resource-constrained endpoint protection
- virtual private LAN service (VPLS) / Secure tunnels and VPNs
- virtual private network (VPN) / Pattern 1 – Three-tier architectural model, Secure tunnels and VPNs
- vulnerabilities
- about / Vulnerabilities
- policy vulnerabilities / Policy and procedure vulnerabilities, Platform vulnerabilities
- platform vulnerabilities / Platform vulnerabilities
- software platform vulnerabilities / Software platform vulnerabilities
- network vulnerabilities / Network vulnerability
W
- Wannacry case study
- cyber risk gap summary / Cyber risk gap summary
- Web Application Firewalls (WAF) / Infrastructure security
- web service
- security / Web services and HTTP security
- web services / Web services and HTTP
- web services security (WS-Security) / Web services and HTTP security
- wide area networks (WAN) / Data link and physical access standards
- wireless access in vehicular environments (WAVE) / IEEE 1609.2
- wireless personal area networks (WPAN) / Data link and physical access standards
- wireless sensor networks (WSN) / Access to resource-constrained networks
- wireless wide area network standards
- about / Wireless wide area network standards
- IEEE 802.16 (WiMAX) / IEEE 802.16 (WiMAX)
- LoRaWAN / LoRaWAN
- Worldwide Interoperability for Microwave Access (WiMAX)
- about / IEEE 802.16 (WiMAX)
- reference / IEEE 802.16 (WiMAX)
Z
- zero-knowledge keys / Zero-knowledge keys
- zero-knowledge password proof (ZKPP) / Zero-knowledge keys
- Zero Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK) / Securing the supply chain