Endpoint security best practices white paper released
The Industrial Internet Consortium (IIC) announced the publication of the Endpoint Security Best Practices white paper. It is a document designed as a reference point for equipment manufacturers, critical infrastructure operators, integrators and others to implement countermeasures and controls they need to ensure the safety, security and reliability of Internet of Things (IoT) endpoint devices. Endpoints include edge devices such as sensors, actuators, pumps, flow meters, controllers and drives in industrial systems, embedded medical devices, electronic control units vehicle controls systems, as well as communications infrastructure and gateways.
"The number of attacks on industrial endpoints has grown rapidly in the last few years and has severe effects. Unreliable equipment can cause safety problems, customer dissatisfaction, liability and reduced profits," said Steve Hanna, IIC white paper co-author, and Senior Principal, Infineon Technologies. "The Endpoint Security Best Practices white paper moves beyond general guidelines, providing specific recommendations by security level. Thus, equipment manufacturers, owners, operators and integrators are educated on how to apply existing best practices to achieve the needed security levels for their endpoints."
The paper explores one of the six functional building blocks from the IIC Industrial Internet Security Framework (IISF): Endpoint Protection. The 13-page white paper distills key information about endpoint device security from industrial guidance and compliance frameworks.
Equipment manufacturers, industrial operators and integrators can use the document to understand how countermeasures or controls can be applied to achieve a particular security level (basic, enhanced, or critical) when building or upgrading industrial IoT endpoint systems, which they can determine through risk modeling and threat analysis.
"By describing best practices for implementing industrial security that are appropriate for agreed-upon security levels, we’re empowering industrial ecosystem participants to define and request the security they need," said Dean Weber, IIC white paper co-author, and CTO, Mocana. "Integrators can build systems that meet customer security needs and equipment manufacturers can build products that provide necessary security features efficiently."
While the white paper is primarily targeted at improving the security of new endpoints, the concepts can be used with legacy endpoints by employing gateways, network security, and security monitoring.
Industrial Internet Consortium (IIC)
– Edited from an IIC press release by CFE Media. The IIC is a CFE Media content partner. See more Control Engineering cybersecurity stories.
Click here to download the Endpoint Security Best Practices white paper.