A four-tier IIoT security model

An industrial IoT system is highly complex and involves several moving parts. To simplify the security analysis and implementation, there are multiple ways we can decompose IIoT architecture into constituent components. Since most common deployment models consist of the edge, platform, and enterprise tiers, and security research and development are more aligned with the technology stacks, in this book, to facilitate security analysis, planning, and implementation, we shall dissect the overall architecture in a four-tier security model, with the following tiers:

1. Endpoints and embedded software
2. Communication and connectivity
3. Cloud platform and applications
4. Process and governance

This layering follows the unique security considerations of IIoT as discussed earlier, namely:

• Security integration needs to factor in IT and OT domain specific dynamics
• Security needs to address the industrial lifecycle (which may run into decades) and brownfield deployments (coexistence with older technologies)
• Resource constraints of industrial endpoints and their high availability requirements

This four-tier security model takes into account data protection layer functionality in the IISF (Figure 2.11), which encompasses data at rest, in use, and in motion. The functionalities in the top layer of the security framework map to tiers 1-3 of this four-tier security model. The security and policy layer of the security framework maps to the process and governance tier of this model:

The four-tier model is explained as follows:

• Tier 1—Endpoints and embedded software: In IIoT deployments, security must extend from the silicon to the software layers of device endpoints. IIoT endpoints range from resource-constrained field devices to enterprise-grade servers and routers with significant storage and compute capabilities. Many industrial deployments include legacy devices with insecure protocol stacks. This provides a unique environment where security must not be limited to the network perimeter, but extend up to the endpoints. Chapter 3, IIoT Identity and Access Management, and Chapter 4, Endpoint Security and Trustworthiness, discuss the challenges involved in IIoT endpoint security, and present various endpoint security methodologies and solutions, such as access and identity management, establishing root of trust and trust chains, secure boot and firmware/software upgrades, partitioning, and more.
• Tier 2—Communications and connectivity: This tier focuses on securing data in use and in motion through secured transport, deep packet inspection, intrusion detection and prevention, secured communication protocols, and more. In Chapter 5, Securing Connectivity and Communications, the challenges and solutions of securing IIoT connectivity and communication have been dealt with in depth.
• Tier 3—Cloud platform and applications: This is the third tier that needs to be secured. Cloud-based IIoT deployments extend the attack surface significantly. IIoT use cases involve mission-critical command and controls with low latency requirements, which presents a unique set of security challenges at this tier. Cloud platform services often extend to the industrial edge, and as such need to factor in special attack vectors and mitigation strategies. Security architectures and methodologies to protect the industrial edge, cloud, and applications are discussed in depth in Chapter 6, Securing IIoT Edge, Cloud, and Apps.
• Tier 4—Process and governance: Practical security management requires a risk-based approach to "right-size" security investments. Security management must cut across the entire lifecycle, from design through operations. IIoT stakeholders must also play their respective roles to secure IIoT deployments.

Every organization that adopts and implements industrial IoT would benefit by having policies and governance guidelines for threat prevention and risk management. This is an essential component of meeting security objectives and business goals with industrial IoT. Security standards developed by industry organizations such as NIST, IEEE, and so on, and also open industry standards, need to be evaluated and suitably adopted at the design and planning phase of any IoT deployment. In addition, use case specific security models and policies need to be developed around configuration and management, data protection, connectivity, endpoint protection, threat analysis, and so on.

Chapter 7, Secure Processes and Governance, provides more insights into the risk management aspects of industrial IoT. It also reviews existing standards and governance principles to develop a successful security governance model for businesses.