the safe, secure and reliable industrial internet: a standards … · home. defense/ aerospace:...

The Safe, Secure and Reliable Industrial Internet: A Standards Story March 2017

© 2017 MITRE. All rights reserved, all other material used with permission. Approved for Public Release; Distribution Unlimited. Case Number 16-4794

Industrial Internet Consortium (IIC)

Mission To be a global, member supported, organization that promotes the accelerated growth of the Industrial Internet of Things (IIoT) by coordinating ecosystem initiatives to securely connect, control and integrate assets and systems of assets with people, processes and data using common architectures, interoperability and open standards to deliver transformational business and societal outcomes across industries and public infrastructure. Launched in March 2014 – now over 270 members

2

The IIC is an open, neutral “sandbox” where industry, academia and government meet to

collaborate, innovate and enable.

270+ Member Organizations

Spanning 30 Countries

Approved for Public Release; Distribution Unlimited. Case Number 16-4794 © 2017 MITRE. All rights reserved, all other material used with permission.

3

Collaboration within the Industrial Internet Consortium

IIC Working Groups have individual charters, inter-related outcomes both within the Working Groups and with external organizations.

Security

Data

Framework

Reference Architecture

Open, Standards, Horizontal

Enable & Accelerate

New Technologie

s

Open Standards

Usecases

Testbeds


Definition: The Industrial Internet of Things (IIoT)

"An Industrial Internet of Things (IIoT) system connects and integrates control systems with enterprise systems, business processes, and analytics. An IIoT system enables significant advances in optimizing decision-making, operations, and collaborations among a large number of increasingly autonomous control systems. Insights gained through the IIoT technologies will provide new business outcomes and will likely disrupt many existing business practices. IIoT technology is useful for all industry and infrastructure, from manufacturing to utilities, healthcare, financial services, and telecommunications. Because of the nature of the assets connected to the Industrial Internet, IIoT systems must be designed to be secure, reliable and resilient to insure safety, business innovation, and public trust."

4 © 2017 MITRE. All rights reserved, all other material used with permission. Approved for Public Release; Distribution Unlimited. Case Number 16-4794

The IIC Addresses Ecosystems

5 Approved for Public Release; Distribution Unlimited. Case Number 16-4794 Approved for Public Release; Distribution Unlimited. Case Number 16-4794 © 2017 MITRE. All rights reserved, all other material used with permission.

The IIC Addresses All Kinds of Networks and Connectivity

6 Approved for Public Release; Distribution Unlimited. Case Number 16-4794 Approved for Public Release; Distribution Unlimited. Case Number 16-4794 © 2017 MITRE. All rights reserved, all other material used with permission.

The IIC Addresses IIoT Systems in Numerous Sectors & Verticals

7 Approved for Public Release; Distribution Unlimited. Case Number 16-4794

agriculture building consumer & home

defense/ aerospace

energy healthcare manufacturing public sector public security & safety

transportation

farming building/ construction

consumer products

defense energy connected medical devices

factory education public safety mobility

ranching smart home home products military utilities hospitals industrial automation

environment public security transportation

fishing office cooking (commercial)

aerospace mining medical offices smart products water surveillance public transportation

weather building security entertainment oil and gas pharmacies transportation disaster prevention

vehicle

building maintenance

phone & network services

smart grid medical therapy waste management

law enforcement/ police

traffic infrastructure

sporting events home healthcare civil administration

fire logistics

travel disease diagnosis emergency and crisis response

freight management

tourism continuous patient monitoring

military pipelines

clinical trials shipping

assisted care aeronautics dentistry


8



Security

Data

Framework



Enable & Accelerate

New Technologie

s

Open Standards

Usecases

Testbeds


Industrial Internet Reference Architecture –

9 2017 IIC. All rights reserved, used with permission.

Viewpoint 4

Viewpoint 3

Viewpoint 2

Viewpoint 1

• Concern 4.1 • Concern 4.2




Stakeholders

Implementation Viewpoint

Functional Viewpoint

Usage Viewpoint

Business Viewpoint

Chapter 3 Chapters 4, 5, 6, & 7

Approved for Public Release; Distribution Unlimited. Case Number 16-4794

Viewpoints – Chapter 6 – Functional Viewpoint

© 2017 IIC. All rights reserved, used with permission.

Human Users

Functional Domains Business

App

licat

ion

Physical Systems

Actuation Sense

Control

Info

rmat

ion

Ope

ratio

ns

IIRA FUNCTIONAL VIEW

Approved for Public Release; Distribution Unlimited. Case Number 16-4794 18

Viewpoints – Chapter 7 – Implementation Viewpoint

© 2017 IIC. All rights reserved, used with

permission.

Platform Tier Enterprise Tier Edge Tier

Controller Actuators

Sensors

Control Domain

Application & Gateway

Information Domains

Biz Analytics CRM EMR

OSS BSS …

Business Domain

Application Domain

Logic & rules

API & Portal

Biz Apps

Biz users Asset mgmt flows

data flows

data flows

orchestration flows

Proximity Network

Access Network Service Network

biz app flows

asset mgmt service flows

other information domains

information flows

$ Monetization

ops app flows

OT Apps

OT users

Data Services and Platforms

Persistence & distribution

Ingestion & transformation

Analytic Services and Platforms

Streaming & batch

Persistence & distribution

Operations Domain Provisioning & Deployment

Monitor & Diagnostics

Asset & Meta data

Management

Prognostics & Optimization

API & Portal

data flows

IIOT SYSTEM VIEW


Relevant Business, Usage, Functional, & Implementation Standards

OMG Business Process Model and Notation (BPMN) Standard OMG Unified Modeling Language (UML) Standard OMG System Modeling Language (SysML) Standard Knowledge Discovery Metamodel (KDM) - ISO/IEC 19506 & OMG KDM OMG Unified Architecture Framework Standard OMG Unified Component Model for Standard OMG Interaction Flow Modelling Language (IFML) OMG Data-Distribution Service for Real-Time Systems (DDS) Standard

March 22, 2017 12

13



Security

Data

Framework



Enable & Accelerate

New Technologie

s

Open Standards

Usecases

Testbeds


The IIC is not a standards organization. It evaluates and organizes existing standards to: • Advocate for open standard

technologies • Influence the global standards

development The Technology Working Group is currently: • Evaluating existing standards • Identifying requirements for the

Industrial Internet

The IIC and Standards Organizations

14

IIC Formal Liaisons as of July 2017

Approved for Public Release; Distribution Unlimited. Case Number 16-4794 Approved for Public Release; Distribution Unlimited. Case Number 16-4794 © 2017 MITRE. All rights reserved, all other material used with permission.

CONVERGENCE OF INFORMATION TECHNOLOGY AND OPERATIONAL TECHNOLOGY



Need Secure, Safe, Reliable, and Resilient Behavior that Upholds Privacy Expectations

16 © 2017 Gartner. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 16-4794

System Engineering Assurance

Privacy

Security Safety

Resilience

Reliability

Key System Characteristics Enabling Trustworthiness


• ISO Assurance Case Standard • OMG Structured Assurance Case Metamodel Standard • Open Group Dependability through Assurance Standard


CONVERGENCE OF IT AND OT TRUSTWORTHINESS



TRUSTWORTHY SYSTEMS



Interaction and relations

Security Privacy Safety Reliability Resilience

20

The Key System Characteristics of Trustworthiness as a Quality Measure

0

0.2

0.4

0.6

0.8

1

Security

Privacy

ResilienceReliability

Safety

Vertical Customer

Trustworthiness Measure

• Industrial IoT Quality is a continuum of system characteristics

• OT Safety (IEC 62443*) meets IT Security (ISO 27000*) • Privacy (GDPR*), Resilience (ISO*, IEC*), Reliability

(NIS*) are quality features in both OT and IT • Determine and ensure quality measures per vertical, e.g.

audit, certification

* Examples

Interaction and relations

Security Privacy Safety Reliability Resilience

21

Composition of a Trustworthiness Quality Measure

0

0.5

1Art 1

Art 2

Art 3Art 4

Art 4

EU: NIS UK: … (after Brexit) US: ... CN: () JP: analog NIS …

Reliability*

00.10.20.30.4

Art 88

Art 99

Art 111

Art 222

EU: GDPR UK: … (after Brexit) US: … CN: () JP: analog GDPR …

Privacy*

01234

SL

REQ A

REQ B

REQ CREQ D

…

REQ N

Safety* EU: IEC 61508/62626 UK: … (after Brexit) US: IEC 61508 CN: () JP: IEC 61508 …

* Examples

010203040

Art1

Art2

Art3

Art4Art5

Art6

Art7

Security*

01020304050

Art1

Art2

Art3

Art4

Art5

Art7

Resilience*

Capturing of Complicated Claims-Evidence Relationships

22

OMG Structured Assurance Case MetaModel

Exchange and Composition of Assurance Cases between tools and programs

Approved for Public Release; Distribution Unlimited. 16-1238

Evidence of Trustworthiness as Assurance Cases

01234

SL

REQ A

REQ B

REQ CREQ D

…

REQ N

00.10.20.30.4

Art 88

Art 99

Art 111

Art 2220

0.5

1Art 1

Art 2

Art 3Art 4

Art 4

EU: NIS UK: … (after Brexit) US: ... CN: () JP: analog NIS …

Reliability* EU: GDPR UK: … (after Brexit) US: … CN: () JP: analog GDPR …

Privacy* Safety* EU: IEC 61508/62626 UK: … (after Brexit) US: IEC 61508 CN: () JP: IEC 61508 …

010203040

Art1

Art2

Art3

Art4Art5

Art6

Art7

Security*

01020304050

Art1

Art2

Art3

Art4

Art5

Art7

Resilience*

Evidence-based Assurance Case supporting Resilience claims

Evidence-based Assurance Case supporting Reliability claims

Evidence-based Assurance Case supporting Security claims

Evidence-based Assurance Case supporting Privacy claims

Evidence-based Assurance Case supporting Safety claims

TRUSTWORTHINESS MANAGEMENT CONSIDERATIONS



Industrial Internet Security Framework Functional Viewpoint – Security Building Blocks



Relevant Trustworthiness Assurance Standards

• Assurance Case Standard ISO/IEC 15026-2:2011 • OMG Structured Assurance Case Metamodel (SACM) Standard 2.0 • OMG Dependability Assurance Framework for Safety-Sensitive Consumer Devices (DAF) • Open Group Dependability through Assurance Standard • OMG Threat & Risk Model RFP • OMG Cyber Risk Assessment Framework (CRAF) Metamodel RFC • Safety and Reliability for UML RFP • OMG Automated Source Code Maintainability Measure Standard (ASCMM) • OMG Automated Source Code Performance Efficiency Measure Standard (ASCPEM) • OMG Automated Source Code Reliability Measure Standard (ASCRM) • OMG Automated Source Code Security Measure Standard (ASCSEM) • ITU-T Common Vulnerabilities and Exposures (X.1520 – CVE) • ITU-T Common Vulnerabilities Scoring System (X.1521 – CVSS) • ITU-T Common Weakness Enumeration (X.1524 – CWE) • ITU-T Common Weakness Scoring System (X.1525 – CWSS) • Extensible Configuration Checklist Description Format (XCCDF) ISO/IEC 18180:2013

March 22, 2017 30

31



Security

Data

Framework



Enable & Accelerate

New Technologie

s

Open Standards

Usecases

Testbeds


Approved Testbed Portfolio 25 Approved Testbeds

INFINITE: Dell EMC CM & PM: IBM, NI, SparkCognition Connected Care: Infosys, GE, PTC, RTI, MD PnP Track & Trace: Bosch, Tech Mahindra, Cisco, SAP Factory Operations Visibility & Intelligence: Fujitsu, Cisco Smart Manufacturing Connectivity: TE Connectivity, SAP Smart Asset Outage Management: Genpact, GE, NI Smart Energy Management: Infosys, Schneider Electric, PTC Connected Vehicle Urban Traffic Mgmt: Infosys, RTI, Bosch, Microsoft Intelligent Urban Water Supply: Water & Process Group, Thingswise, CAICT Smart Airline Baggage Management: GE, M2Mi, Oracle, Boeing, Infosys Factory Automation Platform as a Service: Hitachi, Mitsubishi Electric, Intel Asset Efficiency: Infosys, PTC, Bosch, Intel, GE, IBM, NI, Foghorn, KUKA Security Claims Evaluation: Xilinx, UL, Aicas, RTI, Infineon, GMO GlobalSign Smart Supply Chain: Manufacturing: TCS, Cisco, Siemens, Oracle, Infineon, Tego Manufacturing Quality Management: Huawei, Haier Group, China Telcom, CAICT Time Sensitive Networks: Cisco, Bosch, GE, KUKA, NI, TTTech, Intel, Schneider Electric, B&R, Innovasic Smart Water Management: Infosys, GE, EMC, Cisco

Edge Intelligence: HP, RTI High-Speed Network: GE Microgrid: TRI, NI, Cisco, IBM Industrial Digital Thread: Infosys, GE Precision Crop Management: Infosys Smart Factory Web: KETI, Fraunhofer IOSB Deep Learning Facility: Toshiba, Dell EMC

Approved for Public Release; Distribution Unlimited. Case Number 16-4794 © 2017 MITRE. All rights reserved, all other material used with permission. 6

Approved Testbed Portfolio

March 22, 2017 33

34



Security

Data

Framework



Enable & Accelerate

New Technologie

s

Open Standards

Usecases

Testbeds


The IIC has three primary areas of activity: Community Engagement, Technology & Security, and Testbeds


This image cannot currently be displayed.



Industrial Internet Reference Architecture - IIRA 1.8 Industrial Internet Security Framework - IISF 1.0 Business Strategy Innovation Framework - BSIF 1.0 Industrial Internet Connectivity Framework - IICF 1.0

Opportunities for National IoT/IIoT effort

alignment?

Germany, India, France, Japan, China, US,

Russia, Italy, EU, South Korea, Singapore, …

© 2017 MITRE. All rights reserved, all other material used with permission.

Industrial IoT

270+ Member

Organizations

the safe, secure and reliable industrial internet: a standards … · home. defense/ aerospace:...

Documents