Cyber security for industrial Internet platforms

The convergence of digital technologies, cloud computing and the industrial Internet of Things (IIoT) has transformed industrial processes. Nowadays, industrial Internet platforms (IIPs) play an essential role in orchestrating the collection, analysis and utilization of vast amounts of data from industrial machinery.

IIPs are being used in manufacturing, for example, to improve quality control, optimize production and reduce waste. The energy sector is leveraging IIPs to improve grid efficiency, reduce outages and monitor environmental impact. In the transport industry, IIPs are being used to improve safety, optimize traffic flow and reduce emissions. The gains come at a price, however, as increased connectivity creates a bigger attack surface for threat actors.

It is critically important to protect the confidentiality, integrity and availability of the data that IIPs collect and manage, including proprietary manufacturing information, customer data, financial records and operational details. It is equally essential to protect the devices that are connected to the IIP from unauthorized access, tampering, theft or destruction. Any breach or compromise could have disastrous consequences not only for the organization but also for public safety and the economy. A new ISO/IEC Standard addresses these challenges.

New ISO/IEC 24392 guidelines

ISO/IEC 24392:2023 is tailor-made for the industrial landscape. It identifies and addresses threats arising from the integration of cyber-physical systems, IIoT devices and cloud technologies. ISO/IEC 24392 provides guidance on appropriate security controls based on existing international standards, including ISO/IEC 27001 and parts of IEC 62443 and IEC 62351. It recommends a risk-based and threat-informed cybersecurity strategy that identifies and prioritizes the most critical assets, processes and data in the IIP and applies appropriate security measures to protect them.

It is a holistic and collaborative approach to cybersecurity that involves all the stakeholders in the IIP ecosystem. Implementing the standard instils trust by fostering a secure environment for manufacturers, suppliers and service providers to collaborate knowing that their data and operations are protected. The standard is for organizations that develop, operate, or use any components of IIPs, including third parties who provide services to the relevant stakeholders. It provides recommendations for users on how to protect IIPs against IIP-specific threats.

The new standard is the work of the joint ISO and IEC technical committee SC 27. SC 27 is responsible for developing international management and technical standards for information security and privacy protection and related topics. The committee's scope includes developing standards for the security and privacy protection of systems, information technologies, processes and services.

All of these information security standards can be found in our e-shop.