Industrial IOT Consortium Publishes Security Maturity Model for Digital Twins, Map Out Responsibilities
Industrial IOT Consortium issues IoT SMM 62443 Mappings for Asset Owners, Product Suppliers and Service Providers
View or stream online
Industrial IOT Consortium Publishes Security Maturity Model for Digital Twins, Map Out Responsibilities Duration
Latest podcast episodes
August 24, 2022
Last week, the Industrial IOT Consortium and International Society of Automation published the IoT Security Maturity Model (SMM) 62443 Mappings for asset owners, product suppliers, and service providers.
“Achieving security maturity targets can be difficult to put into practice without concrete guidance,” said Frederick Hirsch, cochair of the IIC ISA/IIC Contributing Group. “These 62443 mappings enable practitioners to better achieve security maturity by relating IIC IoT SMM practice comprehensiveness levels to ISA/IEC 62443 requirements. In this way, IACS asset owners and product suppliers can achieve appropriate maturity targets more easily.”
Maturity, as defined in this model, is not expertise or readiness to adopt the technology, Hirsh explains. “Maturity to us means a good fit between what you're trying to do, and how you're doing it. For example, if you have data that doesn't need to be protected, there's no reason to encrypt it. So even though you're not using an encryption, you're still at a high maturity level.”
With the use of digital twins picking up momentum, Hirsch believes, in many cases, a security threat to the digital model can pose a real threat to the physical asset itself. “So for example, with predictive maintenance, you might have an aircraft engine and you have a digital model of that aircraft engine ... Well, if I attack the model, that can affect your predictive maintenance, whether I attack the data or the artificial intelligence, or the analytics, and that could cause you not to do the maintenance you need to do, which could cause an engine failure,” he says.
Security encompass a range of measures, from temper-proof housing on the physical asset to using rigorous encryption and identity management techniques. But the key is to identify the areas relevant to your operations, “to figure out what your targets are and what matters to you,” Hirsch says.
For more, listen to the podcast interview with Hirsch.