Options
2019
Conference Paper
Titel
Deriving Impact-driven Security Requirements and Monitoring Measures for Industrial IoT
Abstract
The emerging Industrial Internet of Things (IIoT) is characterized by heterogeneous systems, loose topologies, cross-company data flows, changing entities, and high cybersecurity requirements. This development makes a sound security architecture an even more pressing matter than before. The design of a valid security architecture should always reflect the protection needs, enable the derivation of security requirements, and ways to validate their effectiveness. While access management at the application layer is well established, securing the underlying network layers of an increasing number of communication links remains an open question. Currently, adapting to the dynamics of rapid technology changes requires reiterating time- and resource-intensive threat and risk analyses. Therefore, we introduce and apply a lightweight, graph-based process to create easy-to-build and machine-readable models of the reviewed IIoT systems, highlighting the assets they contain. Such a model allows us to derive abstract security requirements in a semi-automatic way. We use these requirements to propose appropriate protection and advanced monitoring measures as well as methods to validate their effective implementation. The catalog provided in this paper represents a security toolbox for these two security layers, tailored for the IIoT domain. Finally, it allows for deriving rules for current anomaly detection solutions. Thus, we support the often-laborious definition and prioritization of monitoring rules by an impact-based automated approach. By connecting the catalog with the lightweight impact analysis, we provide a framework that dynamically derives recommendations and requirements from a variety of monitoring measures and techniques. Thereby we provide a general methodology that helps operators to strengthen the overall security of their IIoT systems.