Abstract

The Industrial Internet of Things (IIoT), enabled by sensor driven computing, industrial analytics and intelligent machine applications, is driving new growth opportunities and operational efficiency for enterprises across a range of commercial sectors. Increasing interconnectivity of industrial infrastructure, however, has expanded the attack surface and made it a prominent target of cyber attacks. Recent cyber attack campaigns against Industrial Control Systems (ICS), such as Stuxnet and Night Dragon, have shown the rise in level of sophistication of such attacks and the need to rethink ICS security. Although there is merit in applying security controls designed for enterprise/IT infrastructures to IIoT, this by itself is insufficient. In this paper we argue the need to rethink how security controls are applied to IIoT, and account for the unique nuances of its architecture stack and operational processes. We also propose a new framework for analyzing effectiveness of security controls in IIoT environments, and show how it can be used by security architects to design and deploy new systems.