Ultimately, it comes down to trust. When someone hears about the Industrial IoT, and asks, “What about security?” what they probably mean is, “Should I trust it?” Without trust, things get complicated, bog down, and sometimes stop moving altogether. Without trust it’s difficult to build anything—a team, a business, or a family. And among other things, trust depends on security.
Recently the Industrial Internet Consortium (IIC) published a paper titled Industrial Internet of Things Volume G4: Security Framework, that outlines a comprehensive security framework for the Industrial IoT (IIoT). In the introduction, the paper outlines five key system characteristics that build trust: security, safety, reliability, resilience and privacy. The IIC paper then describes how these characteristics must be infused into the IIoT for industrial users to trust it.
It says, “A typical Industrial Internet of Things (IIoT) system is a complex assembly of system elements. The trustworthiness of the system depends on trust in all of these elements, how they are integrated and how they interact with each other. Permeation of trust is the hierarchical flow of trust within a system from its overall usage to all its components.”
Trust is fundamental to the Security Framework
The idea is that for trust to permeate through the IIoT system—for the users to trust it—the system must be trustworthy from the ground up. First, the components or building blocks of the system must be trusted. Next, the system builders need to both trust these components, as well as put them together in a trustworthy way. When all is checked, tested, and functioning well at these two levels, and the system meets the specifications of the system users, then the users will begin to trust the system. Trust will permeate down from the users to the system builders, and ultimately to the components and those who supply them.
Skkynet’s secure-by-design approach to the IIoT follows this model. At the level of components, our software and services have been installed in hundreds of mission-critical systems. The system integrators who work with these components trust them, because they have seen how they perform. Using DataHub® and SkkyHub™, they have been able to deliver highly-trusted, well performing systems. Plant managers and owners are satisfied with these systems, and have extended their trust to the system integrators, as well as to the software and services.
How the IIC’s Security Framework applies specifically to Skkynet’s SkkyHub, DataHub, and ETK is well beyond the scope of one blog—more needs to be said, and is coming soon. The Security Framework concepts are familiar to us, as we have been incorporating them for years in the secure-by-design approach we take in developing our software and services. We are pleased that the IIC has published this paper, and consider it a valuable resource for gaining a better understanding about security and the Industrial IoT.