11:56 AM
Dark Reading
Dark Reading
Products and Releases

The Industrial Internet Consortium Releases the Endpoint Security Best Practices White Paper

Simplifies Guidance for Improving IIoT Endpoint Security

NEEDHAM, MA – MARCH 12, 2018 The Industrial Internet Consortium® (IIC™), the world’s leading organization transforming business and society by accelerating the Industrial Internet of Things (IIoT), announced the publication of the Endpoint Security Best Practiceswhite paper. It is a concise document that equipment manufacturers, critical infrastructure operators, integrators and others can reference to implement the countermeasures and controls they need to ensure the safety, security and reliability of IoT endpoint devices. Endpoints include edge devices such as sensors, actuators, pumps, flow meters, controllers and drives in industrial systems, embedded medical devices, electronic control units vehicle controls systems, as well as communications infrastructure and gateways.

“The number of attacks on industrial endpoints has grown rapidly in the last few years and has severe effects. Unreliable equipment can cause safety problems, customer dissatisfaction, liability and reduced profits,” said Steve Hanna, IIC white paper co-author, and Senior Principal, Infineon Technologies. “The Endpoint Security Best Practices white paper moves beyond general guidelines, providing specific recommendations by security level. Thus, equipment manufacturers, owners, operators and integrators are educated on how to apply existing best practices to achieve the needed security levels for their endpoints.”

The paper explores one of the six functional building blocks from the IIC Industrial Internet Security Framework (IISF): Endpoint Protection. The 13-page white paper distills key information about endpoint device security from industrial guidance and compliance frameworks, such as IEC 62443, NIST SP 800-53, and the IIC IISF.

Equipment manufacturers, industrial operators and integrators can use the Endpoint Security Best Practices document to understand how countermeasures or controls can be applied to achieve a particular security level (basic, enhanced, or critical) when building or upgrading industrial IoT endpoint systems, which they can determine through risk modeling and threat analysis.

“By describing best practices for implementing industrial security that are appropriate for agreed-upon security levels, we’re empowering industrial ecosystem participants to define and request the security they need,” said Dean Weber, IIC white paper co-author, and CTO, Mocana. “Integrators can build systems that meet customer security needs and equipment manufacturers can build products that provide necessary security features efficiently.”

While the white paper is primarily targeted at improving the security of new endpoints, the concepts can be used with legacy endpoints by employing gateways, network security, and security monitoring.

The full Endpoint Security Best Practices white paper and a list of IIC members who contributed can be found on the IIC website at http://www.iiconsortium.org/pdf/Endpoint_Security_Best_Practices_Final_Mar_2018.pdf.


About the Industrial Internet Consortium

The Industrial Internet Consortium is the world’s leading membership program transforming business and society by accelerating the Industrial Internet of Things (IIoT). The IIC delivers a trustworthy IIoT in which the world’s systems and devices are securely connected and controlled to deliver transformational outcomes. The Industrial Internet Consortium is a program of the Object Management Group (OMG). For more information, visit www.iiconsortium.org.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
The Case for Integrating Physical Security & Cybersecurity
Paul Kurtz, CEO & Cofounder, TruSTAR Technology,  3/20/2018
A Look at Cybercrime's Banal Nature
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/20/2018
City of Atlanta Hit with Ransomware Attack
Dark Reading Staff 3/23/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.