Industrial Internet Consortium Announces Practitioner’s Guide for Assessing the Maturity of IoT System Security

IIC openfog report 400

March 1, 2019

The Industrial Internet Consortium, now incorporating OpenFog, announces the Security Maturity Model (SMM) Practitioner’s Guide, which provides detailed actionable guidance enabling IoT stakeholders to assess and manage the security maturity of IoT systems. Along with the publication of the SMM Practitioner’s Guide is an update to the IoT SMM: Description and Intended Use White Paper, which provides an introduction to the concepts and approach of the SMM. This white paper has been updated for consistency with the SMM Practitioner’s Guide, including revised diagrams and updated terminology.

As organizations connect their systems to the internet, they become vulnerable to new threats, and they are rightly concerned with security. Addressing these concerns requires investment, but determining investment focus and amount is a difficult business decision. The SMM helps by enabling a structured top-down approach toward setting goals as well as a means toward assessing the current security state, taking into account various specific practices. The SMM allows an organization to trade off investment against risk in a sensible manner.

Building on concepts identified in the IIC Industrial Internet Security Framework published in 2016, the SMM defines levels of security maturity for a company to achieve based on its security goals and objectives as well as its appetite for risk. Organizations may improve their security state by making continued security assessments and improvements over time, up to their required level.

“This is the first model of its kind to assess the maturity of organizations’ IoT systems in a way that includes governance, technology and system management,” said Stephen Mellor, CTO, IIC. “Other models address part of what is addressed by the SMM: they may address a particular industry, IoT but not security, or security but not IoT. The SMM covers all these aspects and points to parts of existing models, where appropriate, to recognize existing work and avoid duplication.”

The practitioner’s guide includes tables describing what must be done to reach a given security comprehensiveness for each security domain, subdomain and practice and can be extended to address specific industry or system scope needs. Following each table is an example using various industry use cases to demonstrate how an organization might use the table to pick a target state or to evaluate a current state.

One example is that of an automotive manufacturer considering the possible threats interfering with the operations of a vehicle key fob. The manufacturer sets its target maturity comprehensiveness level to “1” as it considers some IT threats, such as a Denial of Service attack that may prevent a driver from opening the car door using the key fob. Over time, as new threats emerge, the manufacturer realizes it needs additional threat modeling and enhanced practices so raises its target maturity comprehensiveness level to a higher level “2.”

The practitioner’s guide contains three case studies that show IoT stakeholders how to apply the process based on realistic assessments, showing how the SMM can be applied in practice. The case studies include a smarter data-driven bottling line, an automotive gateway supporting OTA updates and security cameras used in residential settings.

IOT SMM: PRACTITIONER’S GUIDE

The Practitioner’s Guide provides a pragmatic approach, enabling implementation teams to communicate an IoT system’s current state of security through confident discussions with business stakeholders about the desired state of security maturity, where gaps exist and a roadmap for achieving their goal. The Practitioner’s Guide describes how to reach a given security comprehensiveness for each security domain, subdomain and practice and can be extended to address specific industry or system scope needs. Various industry use case examples demonstrate how an organization might select a target state or evaluate a current state.

PRIMARY AUTHORS

  • Sandy Carielli – Entrust Datacard
  • Matthew Eble – Praetorian
  • Frederick Hirsch – Fujitsu
  • Ekaterina Rudina – Kaspersky Lab
  • Ron Zahavi – Microsoft Azure IoT

OTHER CONTRIBUTORS

  • Tata Consultancy Services / NetFoundry
  • Wibu-Systems

Go HERE to download the report

Related Articles

Schneider Electric Embarks on a 10-Year Partnership with YVR to Propel Net-Zero Goals

Schneider Electric Embarks on a 10-Year Partnership with YVR to Propel Net-Zero Goals

Schneider Electric recently announced its partnership with Vancouver International Airport (YVR) to improve operational reliability and workplace safety, supporting the airport’s goal to become net zero carbon by 2030. Stemming from a decades-long relationship where Schneider Electric products were integral to the airport’s major expansions, this partnership solidifies a history of strong collaboration between the two entities. Schneider Electric’s proposed modernization of YVR’s existing installed products will significantly cut capital costs for the airport with minimal operational disruption.

Universal Robots Launches First Collaborative Robot Certifications for Education

Universal Robots Launches First Collaborative Robot Certifications for Education

As collaborative robots emerge as the fastest growing segment of industrial automation, cobot curriculum developed by an industrial leader is increasingly sought after in schools and manufacturing industries. “With the Education Program we’re addressing a tremendous need to provide cobot training as part of an integrated course,” says Joe Campbell, senior manager of applications development at Universal Robots (UR).

 

 

 

ABB and Powrmatic Announce New Agreement for Electrical Distribution Solutions on Canadian Market

ABB and Powrmatic Announce New Agreement for Electrical Distribution Solutions on Canadian Market

ABB Canada and Powrmatic Canada Ltd., a distributor of residential, commercial, and electrical supply equipment based in Eastern Canada, have recently announced a new regional distribution agreement. Powrmatic will provide electrical contractors increased access to a complete portfolio of cutting-edge ABB products and smart building solutions including, safety switches, switchboards, panelboards, amongst others, aimed at lowering energy consumption and ensuring electrical safety in residential and commercial buildings. Powrmatic operates six locations in Canada.

Changing Scene

  • Wesco Opens State-of-the-Art Facility in Eastern Canada to Support Influx of Megaprojects in the Region

    Wesco Opens State-of-the-Art Facility in Eastern Canada to Support Influx of Megaprojects in the Region

    Wesco International has recently announced the grand opening of a new state-of-the-art facility on Higney Avenue in Dartmouth, Nova Scotia, Canada, making this the largest facility of any distributor in the Atlantic region. The new building, facilitated by Touchette Real Estate, a division of Groupe Touchette, will feature Wesco’s comprehensive suite of services and solutions including… Read More…

  • PataBid Nominated for Canadian Choice Award in Software Services

    PataBid Nominated for Canadian Choice Award in Software Services

    PataBid is proud to announce its nomination for a Canadian Choice Award in the Software Services category. This recognition highlights PataBid’s commitment to supporting the electrical contracting community across Canada by providing innovative estimating software solutions that streamline estimating processes and ensure predictable and profitable projects. Read More…

Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.

ADVANCED Motion Controls Takes Servo Drives to New Heights (and Depths) with FlexPro Extended Environment Product Line

Advanced Motion Controls is proud to announce the addition of six new CANopen servo drives with Extended Environment capabilities to their FlexPro line. These new drives join AMC’s existing EtherCAT Extended Environment FlexPro drives, making the FlexPro line the go-to solution for motion control applications in harsh environments.

Many motion control applications take place in conditions that are less than ideal, such as extreme temperatures, high and low pressures, shocks and vibrations, and contamination. Electronics, including servo drives, can malfunction or sustain permanent damage in these conditions.

Read More

Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More

Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More

JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More

Latest Articles

  • How Advanced X-Ray and AI Inspection Technologies Optimize Quality Control and Reduce Costs in SMT Manufacturing

    How Advanced X-Ray and AI Inspection Technologies Optimize Quality Control and Reduce Costs in SMT Manufacturing

    Explore how Omron’s latest X-Ray machines and AI-driven solutions are setting new standards in manufacturing efficiency and quality control. The manufacturing landscape is swiftly evolving, and Omron is at the forefront with its innovative PCB inspection machines. These systems offer profound insights into SMT production process, enhanced quality control, and can significantly reduce labor costs. Advancements… Read More…

  • KUKA Establishes New Software and Digital Business Segment

    KUKA Establishes New Software and Digital Business Segment

    Software is playing an increasingly important role in mechanical engineering. What used to be mostly solved mechanically is now done by electronics and the associated software. “With KUKA Digital, we are expanding our offering in order to position ourselves broadly for a market with strong growth potential. Our customers need products, solutions and consulting approaches to digitalize… Read More…