From the document:
The purpose of this document, ‘Industrial Internet of Things, Volume G4: Security Framework’ (IISF) is to identify, explain and position security-related architectures, designs and technologies, as well as identify procedures relevant to trustworthy Industrial Internet of Things (IIoT) systems. It describes their security characteristics, technologies and techniques that should be applied, methods for addressing security, and how to gain assurance that the appropriate mix of issues have been addressed to meet stakeholders' expectations.This document is also a reference for the Industrial Internet Consortium’s testbeds that already span verticals such as smart grid, transportation, industrial maintenance and others. The security evaluations of these testbeds will provide continuous feedback that will be used to update the information here in subsequent revisions of this document.
This work is an expansion of the discussion on security in ‘Industrial Internet of Things, Volume G1: Reference Architecture’ (IIRA, [IIC-IIRA2016]). The reader should be familiar with that document, as many of the terms and concepts used here are defined there.This security framework identifies and explains how risks associated with security and privacy threats may be identified, evaluated and mitigated using technologies and processes. Privacy and other system characteristics are mentioned where it relates to specific security concerns within the document, but this document is not intended to be a tutorial on privacy, safety or other characteristics defined in the IIRA. This document is informational in nature and not a normative technical specification. It does not contain specifications for conformance or compliance. Implementations may use a variety of mechanisms to address the concerns noted in the document.
The audience for this document includes owners, operators, system integrators, business-decision makers, architects and any stakeholder with interest in security and related key system characteristics. Business decision makers can use this document to guide the development of interoperable technologies and solutions related to security, balancing it with other stakeholder requirements. Owner, operators and system integrators can use it as a common starting point of system conception and design related to security.