#CyberFLASH: Security framework released for industrial Internet of Things

leaked_data_focus_455234Security experts have warned for some time that the so-called Internet of Things opens many vulnerabilities when interconnecting industrial devices across a public distributed network.

Now C-level executives who aren’t sure what to do about it can consult a security framework published by the Industrial Internet Consortium, a group of over 240 vendors and associations including Schneider Electric, General Electric, Fujitsu, Intel, Kaspersky, Cisco Systems, Symantec, Microsoft and SAP. The framework emphasizes the importance of five industrial IoT characteristics – safety, reliability, resilience, security and privacy, as well as defines risk, assessments, threats, metrics and performance indicators to help business managers protect their organizations.

“Today, many industrial systems simply do not have adequate security in place,” Richard Soley, the consortium’s executive director. “The level of security found in the consumer Internet just won’t do for the Industrial Internet. In order to add security to an industrial system, you must make sure it won’t interfere with safety and reliability requirements. The (framework) explores solutions to industrial problems that have plagued the industry for years.”

Because Internet-connected industrial control systems (ICS) — everything from sensors on electrical grids and pipelines to medical devices — often link with enterprise systems, they are just as much a target for attackers as the servers, switches and routers on the corporate side. And if compromised the effect can be tremendous — possibly shutting down power stations, for example. Industrial Internet systems may also connect with intermediary organizations, so link encryption may not be a solution. Another complication is the devices have long lifetimes.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.