industrial+internetsecurity+framework+€¦ · industrial+internetsecurity+framework+ +...

Industrial  Internet  Security  Framework    Hamed  Soroush,  Ph.D  Senior  Research  Security  Engineer  (RTI)  IIC  Security  Working  Group  Co-­‐Chair  

CommunicaFons  &  ConnecFvity  Layers  

ConnecFvity  Standards  &  Security  

•  Requirements  for  Core  ConnecFvity  Technology:  – be  an  open  standard  with  strong  independent,  internaFonal  governance,  such  as  IEEE,  IETF,  OASIS,  OMG,  or  W3C,  

– be  horizontal  and  neutral  in  its  applicability  across  industries,  

– be  applicable,  stable  and  proven  across  mulFple  industries  and  

– have  standard-­‐defined  gateways  to  all  other  connecFvity  standards.  

Building  Blocks  for  ProtecFng  Exchanged  Content  

•  Explicit  Endpoint  CommunicaFon  Policies  •  Cryptographically  Strong  Mutual  AuthenFcaFon  Between  Endpoints  •  AuthorizaFon  Mechanism  for  Enforcing  Access  Control  Rules  from  Policy  •  Cryptographically  Backed  Mechanisms  for  Ensuring  ConfidenFality,  Integrity,  and  Freshness  of  Exchanged  InformaFon  

Examples  

InformaFon  Flow  ProtecFon    

•  Network  SegmentaFon  •  Gateways  &  Filtering  – Layer  2,  Layer  3/4,  ApplicaFon/Middleware,  Message  rewriFng,  Proxies,  Server  ReplicaFon    

•  Network  Firewalls  •  UnidirecFonal  Gateways  •  Network  Access  Control  

Thank  You!