Skip to main content Skip to Footer

LATEST THINKING


Security for the Industrial Internet of Things: A framework to optimize capabilities

As the Industrial IoT presents differing threat vectors for enterprise IT, we have gaps to fill.

IDENTIFYING THE PROBLEM

Different Threats, Different Attack Surfaces

The expanding Industrial IoT introduces various operational technology (OT) architectures with inherently different threat vectors to an enterprise’s traditional IT. As a result, we see different attack surfaces than the usual IT footprint.

To fill this gap, Accenture Labs developed a holistic, scalable and strategic framework for IIoT security that can be used to assess, prioritize, implement and optimize both security architecture and security capabilities within IIoT environments.

In developing this framework, we considered trustworthiness and resilience requirements, as well as implications across IT and OT architectures, including data integrity and privacy considerations.

Read on for more on how we apply our framework.

Today’s IT-centric cybersecurity frameworks are not adequate to address the unique security and resilience needs of the industrial domains’ operational technology.

DIFFERENT APPROACHES

Tiers of Security

Our security framework can be used to identify security requirements for an IIoT architecture, or to determine security capability and mission assurance gaps in an IIoT network.

Our framework includes security solutions along various layers, or tiers, on different levels of the IIoT architecture.

The components in each layer have similar functional requirements and are exposed to similar cyber risks. These shared requirements call for a set of unique and complementary security solutions at each architectural layer:

  • “Edge” tier is self-organizing and self-reliant ‐ The “things” at this tier can sense the surrounding physical environment and may interact with it. Examples of these devices include video cameras, temperature sensors or furnaces.

  • Fog tier augments brownfield devices - The fog tier is formed by near-user devices such as gateways that consolidate a number of lower-powered and lower-capability edge devices in order to carry out a notable amount of computing, communication and storage capabilities on their behalf.

  • Local infrastructure tier customizes for domain-specific deployments - Business and operation management of enterprise (IT) and manufacturing (OT) zones are provided in the local infrastructure layer of each zone

  • Cloud tier provides cross IT-OT situational awareness - This layer focuses on the aggregation of data and compute for IIoT within the wide-area network. Securing critical infrastructures requires improved situational awareness, and the ability to detect anomalous activities across converged IT and OT infrastructures.

OUR WAY FORWARD

A Comprehensive, Modular Solution

In summary, traditional perimeter solutions are inadequate.

IIoT security is complex and requires a multi-layered solution that works as a comprehensive unit.

Accenture Labs’ framework provides the mechanism to put together and assess such a comprehensive and modular solution, which is composed of point solutions that work together within and across tiers.

In summary, traditional perimeter solutions are inadequate.

IIoT security is complex and requires a multi-layered solution that works as a comprehensive unit.

Accenture Labs’ framework provides the mechanism to put together and assess such a comprehensive and modular solution, which is composed of point solutions that work together within and across tiers.

SUGGESTED CONTENT