资源描述
Center for the Fourth Industrial Revolution Protocol Design Networks Industrial Internet of Things Safety and Security Protocol April 2018This work is licensed under Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0). To review a copy of this license, visit creativecommons/licenses/by-nc/4.0/ The views expressed are those of certain participants in the discussion, and do not necessarily reflect the views of all participants or of the World Economic Forum. REF 160418 Contents 3 Executive Summary 4 Background 5 Requirements and Opportunities for the Network 7 Protocol Objective and Key Drivers for Impact 9 IIoT Safety and Security Protocol A. Line of Business IIoT Device Safeguards B. Internal Governance and Risk Management C. Record-Keeping and Metrics 12 Implementation of Protocol 13 Appendices A. Network of Experts B. Incident Exposures and Insurance Types C. Relevant Definitions D. Responsibility Assignment Matrix E. Indicative Chart of IIoT Resources Protocols are defined as informal norm-setting frameworks that are accompanied over time by (1) detailed specifications, (2) operational processes, (3) implementation guidelines, (4) verification instruments, (5) maintenance procedures, and/or (6) conflict/dispute resolution mechanisms. The implementation and success of this Protocol will require the active participation of key stakeholders across the IIoT ecosystem.3 Industrial Internet of Things Executive Summary The World Economic Forum has convened a network of experts to support the growth of a secure and reliable industrial internet of things (IIoT). These experts (the Network) are drawn from the business strategy, critical infrastructure, insurance, manufacturing, policy, security research and the technology communities. The Network recognizes that the vulnerable state of safety and security within this exponentially growing sector is untenable and has identified a number of challenges in the development of an optimally secure IIoT. It has focused on actionable solutions to those challenges. The Network has developed a protocol framework through which actors can be aligned on the shared responsibility that ensures the security of IIoT products, practices and infrastructure. The IIoT ecosystem is not controlled by any particular stakeholder, neither is there a single discernible category of actors encharged with primary responsibility for its governance. When the risk of harm is so widely spread, public safety and preventive security can only be meaningfully addressed with a collective commitment to the mutual obligations of confronting the challenges of a complex interconnected environment. The IIoT Safety and Security Protocol (the Protocol) generates an understanding of how insurance, which plays an integral part in the incentive structures of cybersecurity norm-setting and governance, can facilitate the improvement of IIoT security design, implementation and maintenance practices. The framework is intended to strengthen security IIoT services using active hardening processes that can be validated through proven penetration, configuration and compliance techniques.4 Industrial Internet of Things programmability, latency levels, reliability, resilience, automation and serviceability. As IIoT transforms previously isolated systems to a connected network that is intertwined with our day-to-day lives and businesses, it creates new critical dependencies on the robust functionality of that infrastructure. IIoT brings the familiar and ever-increasing digital risks associated with cybersecurity into physical spaces, creating a vast array of new vulnerabilities including threats to public safety, physical harm and catastrophic systemic attacks on commonly shared public infrastructure. Known IoT security vulnerabilities are widespread, spanning from low-end consumer devices to large-scale industrial systems. The attack surface for bad actors willing to exploit the digitally networked environment now penetrates not only the home with the popularity of consumer devices but also spreads across the transport and other municipal systems of our smart cities and permeates the increasingly connected manufacturing floor in core production processes. The potential impact of an attack on critical infrastructure would be far-reaching, extending deeper into more and more vital aspects of our economy, health, safety, public services and national security. Security, therefore, looms as the critical challenge for the products, systems and services that are dependent on IIoT, if not the viability of IIoT itself. The time when decisions about cybersecurity risk exposure can be postponed has already passed. The Mirai botnet virus, which targeted “zombie” legacy IoT devices which were not being updated regularly, enabled the mounting of massive distributed denial of service (DDoS) attacks using an army of IoT devices to take down internet access across multiple ISPs and websites. The potential risk of harm, which now extends beyond information interruption to cyber-physical critical infrastructure, has already demonstrated the exponential impact on mass populations in multiple cyberattacks over the past several years in Ukraine. In the summer of 2017, a cyberattack that started on Ukrainian government and business computer systems, utilizing ransomware for owners to regain access to their computers, cascaded on to impact energy companies, gas stations, railroads, the airport and other critical infrastructure. Previously, in late December 2015, a multipronged attack on the Ukrainian electrical utility control system brought down the power grid in three provinces in Ukraine, resulting in power outages that lasted up to six hours and affected 225,00 customers. The exposure to liability for the private sector for the insecurity of IoT devices is also now evident, as suggested by the lawsuit filed by the Federal Trade Commission (FTC) against D-Link Corporation for the misleading advertising of its security and the companys failure to address security flaws. Government agencies, IoT companies, and security- focused interest groups including the Network are all working to identify the full breadth of IoT security challenges and define frameworks and principles to address them. Background The internet of things (IoT) presents new opportunities for societal transformation through technology, especially for enterprises that harness the promise of IoT to improve business processes and for governments that look to IoT to improve infrastructure and the provision of vital services. Indeed, IoT has been heralded as the harbinger of the Fourth Industrial Revolution (a digital revolution characterized by the fusion of technologies, blurring the lines between the physical, digital and biological spheres), with the potential to impact industries at a scale equal to prior advancements in steam, electrical, nuclear and computing power. The impressive growth of connected devices and IoT operates within a continuously evolving cyber-physical environment, with innovators and entrepreneurs pushing the boundaries of IoTs potential. This dynamic rate of change, however, also emboldens malicious actors to develop new and increasingly sophisticated mechanisms to exploit vulnerabilities that are both unique to IoT systems, or are imported with the vulnerable components, devices, or systems that are used as part of IoT services. The sheer scale and inextricable interconnectedness of IoT further compound the safety and security risks into actual physical threats, exposing the potential for catastrophic harm. The industrial internet represents one of the most promising and transformative applications of IoT. The Industrial Internet Consortium defines the industrial internet as an “internet of things, machines, computers and people, enabling intelligent industrial operations using advanced data analytics for transformational business outcomes.” IIoT is broad in focus but can perhaps most easily be understood as the application of IoT technologies in an industrial or business environment, as opposed to individual consumer setting. As documented in the Forums publication, Industrial Internet of Things: Unleashing the Potential of Connected Products and Services, IIoT is expected to dramatically alter manufacturing, energy, agriculture, transport and other industrial sectors of the economy which, together, account for nearly two-thirds of the global gross domestic product (GDP). Whereas IIoT shares many characteristics with consumer IoT, it is notable both in its potential for economic impact as well as in its inherent complexity and system design across the supply chain. Accenture estimates that IIoT could add $14.2 trillion to the global economy by 2030, arguably making IIoT one of the biggest drivers of productivity and growth in the next decade. Unlike consumer IoT solutions, such as a wearable fitness tracker, which may be purchased by an individual with a single purpose (e.g., recording and encouraging healthy activity), IIoT solutions tend to be integrated into larger operational systems, creating significant interdependencies among various IIoT components. As a result, IIoT solutions can require additional planning and awareness to ensure adequate interoperability, scalability, precision and accuracy, 5 Industrial Internet of Things Network members were recruited from across industry, international organizations, civil society and academia to review and investigate the governance structure, IIoT security gaps and incentives/penalties/regulation that would drive improved IIoT security practices. The Protocol outlined in this document follows the agile governance model of policy development enabled by this type of multistakeholder collaboration. A list of Network members and contributors can be found in the appendix to this document. To maximize the success and impact of ongoing work, the Network will be guided by the following requirements and opportunities: 1. The Network should have broad stakeholder representation. Discussions about IIoT security typically involve technology companies and recognized academics. Only with recent, highly publicized IIoT security breaches have public policy experts joined the discussion and become aware of the depth and scope of the problem. The IIoT user community is much less well informed; it comprises organizations and individuals that lack expertise or even awareness about IIoT security and/or experience in implementing policy guidelines established for the public interest. Addressing IIoT security issues requires informed decision making by all of these constituencies. 2. The Network should increase awareness about IIoT security concerns and their consequences. User awareness about IIoT security issues, and even less so expertise in remediating IIoT security gaps, is low across all user communities and across vertical markets from small business start-ups to sophisticated enterprise technologists. There is particular concern about security awareness at the IIoT device level, where connected devices and sensors typically lack security capabilities that are de rigueur in information technology systems; e.g., password change functionality and over-the- air updates. In addition to low awareness, entities deploying IIoT systems tend to attribute less weight to the future consequences of security breaches than would be expected based on standard models of time discounting. Without countervailing stakeholders that are biased towards future consequences, the direct and collateral damage to third parties would constitute a significant market failure. The insurance industry constitutes such a stakeholder and its engagement will propel behavioural changes by entities deploying IIoT systems, to whom underwriting services could be impacted by non-compliance with security standards. 3. The Network should help entities deploying IIoT services to understand security issues. Cybersecurity expertise is not typically the province of either vendors or users of IIoT systems. Many of the companies increasingly deploying and implementing IIoT have neither the capacity nor the long-term business strategy motivation to systematically address their cybersecurity vulnerabilities. Akin to the cognitive limitations that consumers experience with the consequence of major financial decisions, entities deploying IIoT services may be incapable of reconciling the asymmetry between multi-variable system design implementation decisions and the associated repercussions. Offsetting this asymmetry using mandatory information disclosure as a policy tool will have limited usefulness if the disclosure itself cannot be comprehended or easily implemented. Supplementing mandatory disclosure with a financial incentive to act efficaciously, and a financial disincentive to do otherwise whether as a policy tool or by interested parties in the private sector will lead to far higher levels of compliance than would the policy tool alone. 4. The Network should help establish new incentive structures for IIoT security. Achieving IIoT security requires a broad education outreach about IIoT security risks, definition of steps necessary to address security gaps and incentives/penalties to facilitate corrected behaviour. IIoT security has to be designed into products, systems and solutions during the design and implementation stages. Today, there are no governance structures in place to adequately incentivize IIoT security best practices. Market forces alone are insufficient to drive security best practices todays economy incentivizes time-to-market and profitability and does not disincentivize bad behaviour since the consequences of a security breach often impact a diffuse group of third parties. The Network has identified a critical need to address IIoT user behaviour, product design and system implementation. Key elements include: Education and awareness Use of secure design principles Insurance and risk mitigation Data security Legacy IIoT devices and implementations Vertical market-specific extensions for highly regulated industries that also handle personally identifiable information; e.g., healthcare, finance, banking Minimizing citizen impact of both IIoT security solutions and the consequences of security breaches Agile regulatory structures Requirements and Opportunities for the Network6 Industrial Internet of Things 5. The Network should encourage national governments to engage in public-private partnerships. Taking into account the potential risk of terrorist attacks on critical infrastructure, including through the use of communications technologies, the UN Security Council has endorsed resolution 2341. Under this resolution, member st
展开阅读全文