Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Practical Industrial Internet of Things Security

You're reading from   Practical Industrial Internet of Things Security A practitioner's guide to securing connected industries

Arrow left icon
Product type Paperback
Published in Jul 2018
Publisher Packt
ISBN-13 9781788832687
Length 324 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Sravani Bhattacharjee Sravani Bhattacharjee
Author Profile Icon Sravani Bhattacharjee
Sravani Bhattacharjee
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. An Unprecedented Opportunity at Stake FREE CHAPTER 2. Industrial IoT Dataflow and Security Architecture 3. IIoT Identity and Access Management 4. Endpoint Security and Trustworthiness 5. Securing Connectivity and Communications 6. Securing IIoT Edge, Cloud, and Apps 7. Secure Processes and Governance 8. IIoT Security Using Emerging Technologies 9. Real-World Case Studies in IIoT Security 10. The Road Ahead 11. I
12. II 13. Other Books You May Enjoy

Industrial IoT deployment architecture

Although IIoT architectures have many use case-specific variations, in this section, we shall consider a basic example architecture to establish the context. Subsequent chapters present multiple IIoT reference architectures and architecture-based case studies.

Most IIoT deployments are brownfield, and involve both new and legacy technologies. In the following diagram, the main components of the architecture are:

  • Sensor networks (communicating over Wi-Fi/BLE)
  • A controller/aggregator
  • An edge gateway connecting the industrial systems to cloud-based platforms for analytics
  • Business applications used for data visualization and insights:
Figure 1.7: A typical IIoT deployment architecture
In this book, the terms greenfield and brownfield are used often. A greenfield refers to an IIoT use case that is developed from scratch rather than built on top of an existing deployment; the latter is referred to as a brownfield.

In the case of a brownfield deployment, as shown in the following diagram, the SCADA network is connected to the cloud via an edge gateway. Traffic needs to be securely controlled both at the ingress and at the egress of the edge device:

Figure 1.8: A brownfield IIoT architecture for an ICS/SCADA system

In the case of a large wind farm, several remote windmill units are controlled by the ICS/SCADA system. With the adoption of IIoT, the wind farm gets connected to a cloud-based IoT platform. Data from the wind turbines is sent up to a data center to do analytics and so on in the cloud. The turbine data has to go through an edge device, which can be a gateway, center hub, or edge controller. This edge device collects telemetry and diagnostics information from the wind farm sensors. In this edge device, a lot of protocol handshakes and translations occur, and as such, it provides a sweet spot for attackers to inject malware. The vulnerable edge device needs to be fortified with security counter measures. For example, deep inspection of packet flow to inspect both IT and OT protocols (MODBUS, TCP, and UDP) to detect anomalies is important.

Such deployments involving multiple vendors and technologies provide a favorable environment for mistakes, oversight, and misconfigurations. So, there must be enough visibility to see exactly what's happening in the OT network. In traditional OT networks, there is a serious lack of traffic visibility as compared to IT networks, in terms of traffic flows, source destination information, and so on. That's because historically, OT environments were considered immune to cyberattacks. Besides that, proprietary technologies and "security by obscurity" principles were erroneously deemed to be secure by design.

You have been reading a chapter from
Practical Industrial Internet of Things Security
Published in: Jul 2018
Publisher: Packt
ISBN-13: 9781788832687
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image