Consortium Forms Framework for Industrial Cybersecurity
The Industrial Internet Consortium (IIC) has released the initial version of its Security Framework for industrial Internet of Things (IIoT) development. The Framework, an adjunct to the IIoT Reference Architecture the Consortium released last year, seeks to initiate a process that will result in broad industry consensus on how to secure IIoT systems. The goal is to ensure that security is a fundamental part of an IIoT system’s architecture, not simply bolted on, and covers the system end-to-end including endpoint devices and the links between system elements.
The IIC is an open membership organization, formed in 2014 to accelerate the development, adoption, and wide-spread use of interconnected machines and devices along with intelligent analytics. From its founding by AT&T, Cisco, General Electric, IBM, and Intel, the Consortium has grown to more than 160 members from 24 countries and is now under management by the Object Management Group standards organization.
“The Security Framework looks at IIoT security from three different perspectives,” Hamed Soroush, the IIC’s security working group chair, told EE Times in an interview. “Chip makers, equipment developers, and end users all have an important role in security for the IIoT, but often work without knowing one another’s perspectives. The Framework will help them talk to each other.” It also provides guidance to management on risk management when considering security, he added.