Bhattacharjee - Practical industrial Internet of Things security: a practitioners guide for securing connected industries

Copyright 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Gebin George
Acquisition Editor: Prachi Bisht
Content Development Editor: Dattatraya More
Technical Editor: Sayali Thanekar
Copy Editor: Safis Editing
Project Coordinator: Shweta H Birwatkar
Proofreader: Safis Editing
Indexer: Priyanka Dhadke
Graphics: Jisha Chirayil
Production Coordinator: Arvindkumar Gupta

First published: July 2018

Production reference: 1260718

Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.

ISBN 978-1-78883-268-7

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

• Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

• Improve your learning with Skill Plans built especially for you

• Get a free eBook or video every month

• Mapt is fully searchable

• Copy and paste, print, and bookmark content

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.

At www.PacktPub.com , you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

When the internet was invented almost 40 years ago, security was not on anyone's radar. No one considered it at all. There was no needthe application in mind was to share documents across labs at CERN, and those documents were not secret. The internet was person-to-person, and these were persons who wanted to share.

The critical invention, the URL, is now used in a person-to-business manner. We can bank online, book flights and hotel rooms, and provide our credit card details over the internet. Since the internet is no longer a simple document-sharing scheme, security is now a major concern. Moreover, health records are often online and we (sometimes unwittingly) provide huge amounts of personal data via social media and sites that provide specific services, such as dating. We want that data to be kept private. Privacy is now definitely a major concern.

We are now connecting things to the internet. We can control physical devices in the real world; the internet is business-to-thing. Consequently, safety is a concern. Moreover, autonomous vehicles, for example, must not only be safe in the "airbag" sense, but they also need to be resilient and reliable in terms of their autonomous technology so that they don't break down at 65 miles an hour; they need to be resilient so that when they do break down, they degrade gracefully.

This Industrial Internet of Things (IIoT) is an internet of things, machines, computers, and people that will transform economies and societies. But only if it is trustworthy.

Trustworthiness is a combination of security (it's not just cyber- any more!), privacy, safety, reliability, and resilience across both the Information Technology (IT) and Operational Technology (OT) domains. This convergence involves people from many different areas with different vocabularies ("security" means different things to an IT specialist and a plant manager) and different timelines (IT is updating my phone as we speak, while a chemical plant requires many compliance checks). It requires careful thought and reconciliation of culture, processes, values, and emphasis.

Trustworthiness is therefore a complex, expansive subject that encompasses multiple dimensions and disciplines. It requires comprehensive groundwork to promote awareness, expertise, and practical actions. It ties directly to safety, environmental damage, and ethicsthe entire economy and society worldwide. Yet there's a lack of comprehensive understanding of trustworthiness among business stakeholders and technical professionals, including system developers, integrators, and manufacturers. Industrial users looking to adopt IIoT need comprehensive guidance.

This book, Practical Industrial IoT Security, takes the IIC's work, existing standards, and best practices and combines them into a security practitioner's handbook. It is widely applicable across verticals, targeting solutions architects and anyone else responsible for IIoT security, allowing them to digest a single volume to consume the breadth of the security issues in IIoT. The book seamlessly aligns with these frameworks and demonstrates their practical applicability to various IIoT uses cases.

The industry today is much in need of such a resource. This book fills the gap between conceptual frameworks and practice. It addresses the security roles and responsibilities across the life cycle, from business case and requirements definition, development, and integration, right the way to deployment and live operations. In addition to IIC resources, readers will also find several useful industry references, including works done by the IEEE, IEC, OMG, Cloud Security Alliance, NIST, research organizations, and academics. As such, this book is very closely tied with the IIC's vision and initiatives.

This book is not the conclusion for IIoT security, but rather the start of a journey to realize a digitally connected world, enabling it to evolve to meet the security challenges of the foreseeable future.