The Industrial Internet of Things (IIoT) - An Analysis Framework-Hugh Boyes-2018-12
The Industrial Internet of Things (IIoT) - An Analysis Framework-Hugh Boyes-2018-12
The Industrial Internet of Things (IIoT) - An Analysis Framework-Hugh Boyes-2018-12
Computers in Industry
journal homepage: www.elsevier.com/locate/compind
A R T I C LE I N FO A B S T R A C T
Keywords: Historically, Industrial Automation and Control Systems (IACS) were largely isolated from conventional digital
Industrial internet of things networks such as enterprise ICT environments. Where connectivity was required, a zoned architecture was
Cyber-physical systems adopted, with firewalls and/or demilitarized zones used to protect the core control system components. The
Industry 4.0 adoption and deployment of ‘Internet of Things’ (IoT) technologies is leading to architectural changes to IACS,
IIoT
including greater connectivity to industrial systems. This paper reviews what is meant by Industrial IoT (IIoT)
IACS
and relationships to concepts such as cyber-physical systems and Industry 4.0. The paper develops a definition of
IIoT and analyses related partial IoT taxonomies. It develops an analysis framework for IIoT that can be used to
enumerate and characterise IIoT devices when studying system architectures and analysing security threats and
vulnerabilities. The paper concludes by identifying some gaps in the literature.
⁎
Corresponding author.
E-mail address: [email protected] (H. Boyes).
https://doi.org/10.1016/j.compind.2018.04.015
Received 7 December 2017; Received in revised form 21 March 2018; Accepted 20 April 2018
Available online 05 June 2018
0166-3615/ © 2018 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY license
(http://creativecommons.org/licenses/BY/4.0/).
H. Boyes et al. Computers in Industry 101 (2018) 1–12
2.1. Industry 4.0 the components were not connected to IT networks or systems.
Widely available, low-cost Internet Protocol (IP) devices are now
The first three industrial revolutions are characterised as being replacing proprietary solutions” [13]; and
driven by mechanical production relying on water and steam power, • “Today ICS products are mostly based on standard embedded sys-
use of mass labour and electrical energy, and the use of electronic, tems platforms, applied in various devices, such as routers or cable
automated production respectively [3]. Whilst the supposed fourth in- modems, and they often use commercial off-the shelf software” and
dustrial revolution (‘Industry 4.0’) was first proposed in 2011 in the “command and control networks and systems designed to support
context of the goal of developing the German economy [4]. This re- industrial processes. The largest subgroup of ICS is SCADA” [14].
volution is characterised by its reliance on the use of CPS capable of
communication with one another and of making autonomous, de-cen- 2.4. Supervisory control and data acquisition (SCADA)
tralised decisions, with the aim of increasing industrial efficiency,
productivity, safety, and transparency. SCADA has been described as:
There is a considerable overlap between the concept of Industry 4.0
developed in Germany and the Industrial Internet concept (see 2.6), • A system that allows an operator, in a location central to a widely
which originated in the United States. The definition of the latter now distributed process, such as an oil or gas field, pipeline system, or
encompasses change for both business and individuals: hydroelectric generating complex, to make set point changes on
distant process controllers, to open or close valves or switches, to
“…the industrial internet is an internet of things, machines, com-
monitor alarms, and to gather measurement information [15];
•
puters and people enabling intelligent industrial operations using
Similar to a Distributed Control System with the exception of sub-
advanced data analytics for transformational business outcomes,
control systems being geographically dispersed over large areas and
and it is redefining the landscape for business and individuals alike”
accessed using Remote Terminal Servers [16]. Where a Distributed
[5].
Control System (DCS) is a supervisory control system typically
A definition of ‘Industrie 4.0′ a term which, in its English cognate, controls and monitors set points to sub-controllers distributed geo-
the authors treat as synonymous with IIoT, is: graphically throughout a factory [17]; and
“…we define Industrie 4.0 as follows: Industrie 4.0 is a collective • SCADA applications are made up of two elements: the process/
system/machinery you want to monitor and control, which can take
term for technologies and concepts of value chain organisation.
the form of a power plant, a water system, a network or a system of
Within the modular structured Smart Factories of Industrie 4.0, CPS
traffic lights; and a network of intelligent devices that interface with
monitor physical processes, create a virtual copy of the physical
the first system through sensors and control outputs. This network,
world and make decentralized decisions. Over the IoT, CPS com-
which is the platform system, provides the capability to measure and
municate and cooperate with each other and humans in real time.
control specific elements of the first system [18].
Via the IoS [Internet of Services], both internal and cross- organi-
zational services are offered and utilised by participants of the value
The nature of SCADA has led to conflicting views as to whether it
chain.” [6]
forms part of the IIoT ecosystem. For example, discussion of SCADA
system forensic analysis within IIoT [19] contrasts with a view that
2.2. Cyber-physical systems (CPS) SCADA is simply the predecessor to IIoT especially as SCADA systems
have evolved to connect to the internet but do not have the analytics
Whilst there are a number of definitions of CPS [7–11], this paper and level of connectivity that is found in IIoT [20].
uses: “A system comprising a set of interacting physical and digital
components, which may be centralised or distributed, that provides a 2.5. Industrial internet
combination of sensing, control, computation and networking func-
tions, to influence outcomes in the real world through physical pro- The concept of an Industrial Internet was first articulated by General
cesses.” [12] Electric (GE) [21], and described as:
What sets CPS apart from more conventional information and
“The definition of the Industrial Internet includes two key compo-
communications systems (IT or ICT) is the real-time character of their
nents: The connection of industrial machine sensors and actuators to
interactions with the physical world. Whilst both CPS and ICT systems
local processing and to the Internet; The onward connection to other
process data and/or information, the focus of CPS is on the control of
important industrial networks that can independently generate
physical processes. CPS use sensors to receive information about, in-
value. The main difference between the consumer/social Internets
cluding measurements of, physical parameters, and actuators to engage
and the Industrial Internet is in how and how much value is created.
in control over physical processes. CPS often involve a large degree of
For consumer/social Internets, the majority of value is created from
autonomy. For example, CPS often have the capacity to determine
advertisements” [22].
whether to change the state of an actuator or to draw a human op-
erator’s attention to some feature of the environment being sensed. This description clearly separates the Internet and the Industrial
Internet, although in both cases the function of the Internet is to pro-
2.3. Industrial automation & control systems (IACS) vide the wide area networking. More recently the Industrial Internet
has been defined as:
IACS or ICS is a collective term typically used to describe different
“… a source of both operational efficiency and innovation that is the
types of control systems and associated instrumentation, which include
outcome of a compelling recipe of technology developments [sic].
the devices, systems, networks, and controls used to operate and/or
The resulting sum of those parts gives you the Industrial
automate industrial processes. Descriptions of ICS from authoritative
Internet—the tight integration of the physical and digital worlds.
American and European organisations are respectively:
The Industrial Internet enables companies to use sensors, software,
• “Initially,
machine-to-machine learning and other technologies to gather and
ICS had little resemblance to traditional information
analyse data from physical objects or other large data streams—and
technology (IT) systems in that ICS were isolated systems running
then use those analyses to manage operations and in some cases to
proprietary control protocols using specialized hardware and soft-
offer new, value-added services” [23].
ware. Many ICS components were in physically secured areas and
2
H. Boyes et al. Computers in Industry 101 (2018) 1–12
From this definition, it is apparent that the authors consider a key in the industry-driven literature by, for example:
component of the Industrial Internet to be the ability to analyse data,
“The IIoT vision of the world is one where smart connected assets
which is corroborated by a statement later in their report, in which it is
(the things) operate as part of a larger system or systems of systems
stated that “⋯Big Data analytics is the foundation of the Industrial
that make up the smart manufacturing enterprise” [29].
Internet…”. This desire to collect and analyses data is a feature in
common with Industry 4.0. Since ‘smart manufacturing enterprise’ is essentially an industrial
enterprise that exemplifies the features of IIoT, this definition is also
3. Industrial internet of things (IIoT) uninformatively circular.
In seeking to formulate an improved conception of IIoT we searched
Whilst there are numerous IoT definitions, those of relevance to the contemporary academic and industry-driven literature for more
industrial application make explicit the kinds of smart components that informative definitions than those already cited. We found a few that
get embedded into ordinary objects so that those objects can count as improved on the simplistic and circular definitions already presented.
IoT devices, and form constituents of cyber-physical systems (CPS). A definition that improves incrementally over the simple definition
Three relevant definitions are: is:
“Industrial Internet or Industrial Internet of Things (IIoT) is built for
• A definition for the IoT would be a “group of infrastructures, in- bigger ‘things’ than smartphones and wireless devices. It aims at
terconnecting connected objects and allowing their management,
connecting industrial assets, like engines, power grids and sensor to
data mining and the access to data they generate” where connected
cloud over a network” [30].
objects are “sensor(s) and/or actuator(s) carrying out a specific
function that are able to communicate with other equipment” [24]; This definition goes beyond the simple conception by making it
• “The terms ‘Internet of Things’ and “IoT” refer broadly to the ex- explicit that it is industrial assets which are counted as connected in an
tension of network connectivity and computing capability to objects, IIoT setting, and it tells us a little about the nature of that connection:
devices, sensors, and items not ordinarily considered to be compu- that the relevant assets are connected to a cloud, over a network.
ters. These “smart objects” require minimal human intervention to A second definition which adds some further details is:
generate, exchange, and consume data; they often feature con-
“The Industrial Internet of Things (Industrial IoT) is made up of a
nectivity to remote data collection, analysis, and management cap-
multitude of devices connected by communications software. The
abilities” [25]; and
•
resulting systems, and even the individual devices that comprise it,
“The IoT represents a scenario in which every object or ‘thing’ is
can monitor, collect, exchange, analyse, and instantly act on in-
embedded with a sensor and is capable of automatically commu-
formation to intelligently change their behaviour or their environ-
nicating its state with other objects and automated systems within
ment – all without human intervention” [31]
the environment. Each object represents a node in a virtual network,
continuously transmitting a large volume of data about itself and its The central advantage of this still admittedly vague definition is that
surroundings…” [26]. it makes it clear what the function of IIoT devices is: to monitor, collect,
exchange, and analyse information so as to enable them to change their
On the basis of these, an initial definition of IIoT might be: the use of own behaviour, or else instruct other devices to do so, without human
certain IoT technologies – certain kinds of smart objects within cyber- intervention.
physical systems – in an industrial setting, for the promotion of goals A number of researchers writing in German, offer a cluster of defi-
distinctive to industry. Similar simple definitions were found in our nitions of IIoT that share a focus on the kinds of technologies which are
literature search, for example: put into operation in IIoT settings, and the ways they are put to use in
those settings. It is suggested that a central element of IIoT is its reliance
• “The Industrial Internet of Things (IIoT) is the use of Internet of [32], in an industrial setting, on objects, systems and machinery which
Things (IoT) technologies in manufacturing” [27]; and has been upgraded to the status of a CPS, so that products and services
• “Industrial Internet: A short-hand for the industrial applications of can be guided through the supply and value chains in an autonomous
IoT, also known as the Industrial Internet of Things, or IIoT” [28]. manner. Another perspective [33] is that IIoT relies not just on CPS, but
also on embedded systems, cloud computing, edge computing, the
Such a simple conception is not sufficient for our purposes in this generic technologies associated with the smart factory, and associated
paper, however. We need something substantive and a precise con- software. A further insight [34] relates to the aims and purposes of IIoT
ception to inform our proposed IIoT framework. The simple conception technologies, suggesting that they should not merely function to enable
does provide a template for a definition of IIoT, for it correctly attempts autonomous production, but enable real-time information to users,
to define IIoT by appeal to two essential features: (a) the kinds of consumers and other processes. The definition of Industrie 4.0 in Sec-
technologies that are used in an IIoT setting and (b) the distinctive aims tion 2.1 sheds light on the kinds of technological processes utilised as
and purposes to which those technologies are put. We need a definition part of IIoT, and how those processes are applied in promoting the
which has that structure, but which gives us a more substantial ex- values of the relevant industries whilst also making it explicit how IIoT
pansion of (a) and (b). technologies are connected to other features of the industrial techno-
An advantage of the simple conception is that because it makes it logical landscape, such as Smart Factories and the Internet of Services
clear that the relevant technologies are used for purposes distinctive to (i.e. a “thing” as a service, e.g. Power as a Service or Mobility as a
industry, it satisfies the basic criterion of enabling us to distinguish IoT Service).
devices from IIoT devices. For example, devices such as smart bike locks We are now able to provide our own working definition of IIoT. It
and smart kettles are not useful from the point of view of industry per se, has the same structure as the simple conception we started out with:
the simple conception correctly classifies those items as non-IIoT de- IIoT is defined by appeal to the kinds of technologies which compose it,
vices. Despite this advantage, the definition remains uninformative as well as by appeal to the distinctive uses to which those technologies
nevertheless. are put, but builds in more details that the simple conception:
A further pitfall to avoid when attempting to arrive at a definition of
Industrial Internet of Things: A system comprising networked smart
IIoT is defining IIoT in terms of some other notion, which is not ob-
objects, cyber-physical assets, associated generic information tech-
viously different from the notion of IIoT itself, which would render the
nologies and optional cloud or edge computing platforms, which
definition uninformatively circular. That sort of problem is exemplified
3
H. Boyes et al. Computers in Industry 101 (2018) 1–12
enable real-time, intelligent, and autonomous access, collection, (g) the domain or sector-based IoT taxonomies [42] – this is helpful in
analysis, communications, and exchange of process, product and/or addressing the business use to which a device is being put, however
service information, within the industrial environment, so as to this taxonomy does not address the technical or architectural as-
optimise overall production value. This value may include; im- pects of device design and deployment as it identifies the type of
proving product or service delivery, boosting productivity, reducing device but not its characteristics.
labour costs, reducing energy consumption, and reducing the build-
to-order cycle. Whilst none of the existing taxonomies meet our needs, as they are
either too high level or incomplete from a device characterisation
perspective, we can draw upon them and our own investigation of
4. IIoT: an analysis framework
current IIoT proposed and actual solutions to develop an analytical
framework for IIoT devices. We also considered the theoretical foun-
Before developing our analysis framework, we reviewed existing
dations of cyber manufacturing [43] and the work published by the
published material on industry-focused IoT taxonomies and a range of
CyPhERS project, for example [44]. However, neither of these pub-
industry material, in particular manufacturers’ white papers, case stu-
lications provide the framework we were seeking as a basis for ana-
dies and technical articles describing specific products or implementa-
lysing devices.
tions. We identified seven published IoT taxonomies in the academic
Given the limitations in the published literature we have developed
literature, which address the IoT as a whole and are not specifically
a framework for characterising IIoT devices. We have not sought to call
focused on IIoT.
it a taxonomy as it does not have a branching structure based on a
single root, nor is it an ontology, given inconsistent use of many of the
4.1. Review of existing IoT taxonomies
technology terms and the propensity for product marketers to create
new jargon to differentiate their products.
In undertaking this research our aim was to establish a framework
Our approach, which is described in more detail below is to char-
that allows us to analyse the nature of IIoT devices and their uses,
acterise devices based on six categories, with each category having a
which is to be used as part of a vulnerability and threat analysis process
number of sub-categories:
for these devices. None of the taxonomies outlined above provide suf-
ficient coverage of the characteristics of devices to support our objec-
• Industry sector;
• Device location;
tives. The specific limitations of the taxonomies can be summarised as
• Connectivity;
follows:
(a) the device-centric taxonomy [35] – this approach provides useful • Device characteristics;
• Device technology;
• User type.
characteristics at device level (e.g. energy, communication, func-
tional attributes, local interface, hardware and software resources),
but does provide information about the role of the device, its
Each of the remaining sub-sections sets out the rational for in-
physical or architectural locations, and the sector in which it is
cluding the category within our framework, providing a diagram that
being used;
illustrates its breakdown and a rational for the proposed structure. In
(b) the IoT stack-centric taxonomy [36] – whilst some of the char-
setting out our framework we provide examples of each category using
acteristics (e.g. service, data, interaction and thing) addressed in
a programmable logic controller (PLC) as the device.
this approach may be of value the stack does not relate to the
conventional IACS hierarchy that is described in the Purdue Model
4.2. Industry sector
[37]. We considered the concept of service in this taxonomy to be
flawed as a particular device may contribute to fulfilment of mul-
The industry sectors illustrated in Fig. 1 are relevant to the severity
tiple business objectives;
and nature of threats to an organisation and the IIoT devices deployed
(c) the IoT sensor taxonomy [38] – the characteristics (e.g. motion,
in the organisation’s operational systems [45]. All of the sectors make
position, environment, mass measurement and biosensor) used by
use of IACS to varying degrees, and there is likely to be increased use of
this approach are useful for devices that have a sensing capability,
IIoT based on industry trends reported by market research companies as
but this is only a subset of the range of IIoT devices;
referred to in Section 4.1. With the exception of retail, the sub-cate-
(d) the IoT-based smart environment taxonomy [39] – this is of limited
gories listed above are generally recognised as critical infrastructure of
utility from a security perspective as its emphasis is on classification
developed economies. Retail has been included to reflect the criticality
of the networking elements (e.g. communication enablers, network
of supply of essential supplies to citizens and to reflect the increasing
type, technologies, local area wireless standards, objectives and
technical complexity of many retail outlets, for example the building
characteristics), the technology elements are very broad and the
automation, management and security systems deployed in their pre-
objectives (e.g. cost reduction) are difficult to apportion at device
mises. The breakdown of the Manufacturing sector is adapted from the
rather than system level;
report on digital manufacturing commissioned by the UK government
(e) the IoT architecture taxonomy [40] – this combines a mixture of
[46].
business architecture and technical characteristics (e.g. applica-
Using this category the PLC might be described as:
tions, enabling technologies, business objectives, architectural re-
quirements, IoT platforms architecture types and network topolo-
gies), but given the use of only six classification elements is of
limited value for classifying devices;
(f) the Industrial Internet of Things taxonomy [41] – the approach is
4.3. Location
immature in terms of the classification criteria (e.g. reliability, real-
time, data item scale, module scale, runtime integration, distribu-
In Fig. 2, we propose a taxonomy that considers the location of the
tion focus and collection focus) with only single examples given for
IIoT device from a number of perspectives, which are relevant in terms
each criterion, and the six criteria would not provide us with suf-
of the device’s exposure to risks from both cyber and physical security
ficient granularity to compare and contrast the security profile of
perspectives.
individual devices;
Four sub-categories are proposed:
4
H. Boyes et al. Computers in Industry 101 (2018) 1–12
(a) Ecosystem – There are a number of models offered for IoT ecosys- in order to subdivide Enterprise and ICS networks into modules that
tems [47–50], but these are generic and not specifically related to function in a similar way.
IIoT implementations. An ecosystem model that does directly re- (c) Physical – this element seeks to characterise the environment that
lated to industrial applications [51] is illustrated in Fig. 3. The the device is installed, which therefore allows the level of physical
proposed classification scheme is adapted from this model but ex- security vulnerability to be considered. For example, devices that
tended to include the wider enterprise IT to accommodate the are located externally are likely to be much more susceptible to
convergence of information and operation technologies, and ad- physical damage, theft or being interfered with, as well as being
jacencies. In the Thing class we have included a sub-class “Monitor’ exposed to the elements and a variety of natural hazards.
to accommodate devices that provide a wider functionality than (d) Mobility – this element provides an indication of whether the de-
measurements, e.g. a CTV camera. vice is only used in a fixed location or may be moved around, on its
(b) Purdue Model – the Purdue Model for Control Hierarchy [52,53] is own or as part of a system. Mobile devices are likely to require a
a well-recognised model in the manufacturing industry that seg- wireless communications mechanism to convey data and permit
ments devices and equipment into hierarchical functions. This configuration and/or control, thus exposing the device to the threat
model has been used by international standards organisations of interference or jamming. In addition, there may be a need to
[54,55] to specify a zone and conduit model for IACS security and is track or geolocate the device so as to correctly interpret the data it
also used in a variety of security [56] and safety [57] guidance provides.
material. The model, illustrated in Fig. 4, uses the concept of zones
5
H. Boyes et al. Computers in Industry 101 (2018) 1–12
6
H. Boyes et al. Computers in Industry 101 (2018) 1–12
4.5. Device characteristics installed in, it is part of an environmental conditioning process and
it will be affected if a door or window is opened or left open in the
The focus of the proposed device characteristics, illustrated in space within which it is located.
Fig. 6, is on functionality of the device, specifically how important it is (d) Management interface – relates to how the device is configured,
to the system it is part of, the function the device provides, and how it is turned on/off or otherwise controlled.
managed.
The proposed sub-categories are justified as follows: Using this category, the PLC may be described as:
impact on the overall operational process and how easy it is to 4.6. Technology
repair or replace a faulty or malfunctioning device. The greater the
impact and the more difficult it is to replace or repair, the greater The proposed technology characteristics of the IIoT device are il-
the security risks arising from any attempts to attack or interfere lustrated in Fig. 7. These focus on technical features that may constrain
with the device. Safety critical devices clearly need to be en- or influence device design or the ability to address vulnerabilities once
gineered and designed to higher standards than those where the is the device has been deployed.
little impact and they are easy to replace. The power source, energy use and hardware characteristics are re-
(b) Function – this class is used to describe the principal function(s) of levant as they can constrain the processing capacity of the device,
the device. When considering a device with analytic functions, the which in turn affects the design of security mechanisms used to protect
nature of the algorithm(s) used is relevant. the connectivity and may limit the ability to patch or update the device
(c) Relationships – this class is intended to allow understanding of how once deployed. The operating system, software type and updatability
the device relates to other devices and the processes, systems or are relevant given the launch of IoT botnets, for example the Mirai
environment within which it operates. For example, a temperature botnet [58,59], as they represent a potential vulnerability and if not
sensor in a room may be linked to an aggregating or control device, updateable may limit the ability to respond to botnet malware. The
as its role is to measure the temperature in the space that it is identity of the device manufacturer and a unique identifier are
7
H. Boyes et al. Computers in Industry 101 (2018) 1–12
4.7. User systematic collection of information about IIoT devices. It was devel-
oped as part of a research initiative investigating IIoT security issues.
The proposed user characteristics, as illustrated in Fig. 8, are in- The data collection and analysis is ongoing, however the development
tended to allow identification of who or what the device is interacting of this framework potentially allows comparison of threats and vul-
with. The proposed user types are either a human or machine, for ex- nerabilities between different sectors ad application in much the same
ample where the device is sensing and providing machine-to-machine way as the MAEC approach discussed above.
communication for system control or monitoring purposes. With re- Having presented our analysis framework, during our research
gards to the user interface, a device may be: several observations were made which the authors believe to constitute
gaps that could be addressed by further research. These recommenda-
(a) headless, i.e. there is no indication of device status, measurements tions are not presented in any order of importance; we note that each is
or operation; critical to ensuring future understanding, resiliency and security within
(b) direct, either passive (e.g. a room thermostat displaying tempera- IIoT ecosystem, and therefore make no judgement as to their relative
ture but not allowing user control) or active (e.g. a device with an importance.
interactive touch-sensitive display that allows interrogation of the
8
H. Boyes et al. Computers in Industry 101 (2018) 1–12
5.1. Mapping the IIoT ecosystem and threat landscape better-informed assessment [68] of the security challenges faced in
securing IoT devices recognised some of the constraints:
There are a number of publications available that explore and
“These current security mechanisms, based on ‘traditional public-
analyse issues of security and privacy relating to IoT in general, there is
key infrastructures will almost certainly not scale to accommodate
little work specifically focusing on the IIoT ecosystem. We propose
the IoT’s amalgam of contexts and devices.’
using our taxonomy, to explore and better understand the IIoT eco-
system and associated threat landscape, so as to identify vulnerabilities In this assessment, the authors were taking into account the lim-
and potential security and/or privacy concerns. itations of IIoT devices, for example, sensors, actuators and RFID tags,
where there are processing, power and economic constraints limiting
the use of strong encryption.
5.2. Limited research on OT and ICT convergence In addition to these technical issues, there is also the mismatch
between the relative short lifespan of many ICT devices and the relative
Whilst there is some work, primarily analyst [65] or vendor [66], longevity of IACS devices, which are often expected to have a lifespan
driven, which directly states or implies that IIoT is the result of con- an order of magnitude longer than their ICT counterparts. We propose
vergence between Operational Technology (OT) and traditional in- to use our analysis framework as a basis for exploring the IT/OT con-
formation and communication technologies (ICT). For example, it is vergence issues.
suggested [67] that:
‘… merging IT and OT isn’t an easy task. Merging these two areas 5.3. Providing solutions to brownfield issues
requires well-defined, scalable standards that span from assets to
data centers and vice-versa. It’s also crucial that these standards are Legacy systems, i.e. a brownfield site, inject complexity into a wide
secure, otherwise critical and expensive operational assets can be range of cases. A compelling argument has been made [69] regarding
vulnerable. All these concerns can be tackled by following the the need for developers to considering the issue of brownfield IIoT:
concept of ‘Enterprise Architecture’.’ …how important in industrial IoT (IIoT), such as smart buildings,
The above approach is indicative of a lack of understanding of the bridges, roads, railways and all infrastructure that have been around
differences between conventional enterprise ICT systems and the cyber- for decades and will continue to be around for decades more.
physical systems that are found in industrial applications. In contrast, a
9
H. Boyes et al. Computers in Industry 101 (2018) 1–12
Further research is required to consider the implications of instal- creating new connectivity from systems to enterprise or cloud-based
ling IIoT devices in an operational architecture, where security has been systems, thus increasing the potential for safety and security related
implemented using the zones and conduits inherent in the Purdue breaches. There is a current lack of consistent approaches to the com-
Model. As with the topics of security and scalability of IIoT, circular bined assessment of safety and security risks inherent in deployment of
conversations are occurring, solutions are required that address both IIoT solutions. A combined framework has been proposed [74], but
greenfield and brownfield installations, and again the relative longevity further work is required to codify its use and test its applicability in
of IACS device needs to be taken into account. industrial plants.
Safety and security should be paramount in industrial systems to In conclusion, having laid out the background including an over-
prevent harm and minimise threat to personnel, assets and the en- view of related terms in section two, we provided a survey of existing
vironment. There is increasing industry recognition that safety and definitions of IIoT in section three and developed our own definition
security are related [70], for example that connectivity brings both which we hope improves on those. In section four we then provided an
opportunity and risk and that poor security threatens safety. This is also analysis framework for IIoT devices which provides a practical classi-
recognised in international functional safety standards [71,72]. With fication schema for those with an interest in security-related issues
traditional IACS systems, the application of the security principles in surrounding IIoT. The use of the schema has been illustrated by ex-
based on international standards [73], which advocate use of security amples at the end of each of the sections describing the six categories.
models aimed at delivering defence in depth, particularly with re- Finally, in section five, some gaps in the IIoT related literature were
ference to connections between different layers in the Purdue Model identified, which we propose should be addressed as part of our con-
and segregation of processes. tinuing research.
The adoption of IIoT undermines these established practices by
10
H. Boyes et al. Computers in Industry 101 (2018) 1–12
11
H. Boyes et al. Computers in Industry 101 (2018) 1–12
[18] Dpstele. com, What Is SCADA? Real-world Remote Monitoring Elements and Systems: a Preliminary Analysis, (2013) http://www.cyphers.eu/sites/default/
Applications. [online], (2017) Available at: http://www.dpstele.com/scada/what- files/D2.1.pdf . (Accessed 18 March 2018).
is.php (Accessed September 6 2017). [45] Beecham Research, M2 M Sector Map, (2014) Available: http://www.
[19] P. Eden, et al., SCADA system forensic analysis within IIoT, in: L. Thames, beechamresearch.com/download.aspx?id=18.
D. Schaefer (Eds.), Cybersecurity for Industry 4.0, Springer International [46] Department for Business, Energy & Industrial Strategy, Made Smarter Review,
Publishing, 2017, pp. 73–101, , http://dx.doi.org/10.1007/978-3-319-50660-9_4. (2017) Fig. 16. p51. Available: https://www.gov.uk/government/publications/
[20] M. Fahrion, Evolving from SCADA to IoT. Remote Monitoring and Control made-smarter-review.
Conference. [online], (2014) Available: http://www.remotemagazine.com/ [47] M.E. Porter, J.E. Heppelmann, How smart, connected products are transforming
conferences/wp-content/uploads/2014/11/BB-Electronics.pdf. competition: spotlight on managing the internet of things, Harv. Bus. Rev. 92 (11)
[21] J. Leber, General Electric’s San Ramon Software Center Takes Shape MIT (2014) 64–88.
Technology Review [online], (2012) Available: http://www.technologyreview. [48] E. Fleisch, M. Weinberger, F. Wortmann, Geschäftsmodelle im internet der dinge,
com/news/507831/general-electric-pitches-an-industrial-internet/ (Accessed Schmalenbachs Zeitschrift für betriebswirtschaftliche Forschung 67 (4) (2015)
September 8 2017). 444–465.
[22] D. Floyer, Defining and Sizing the Industrial Internet, Wikibon, June 27, 2013 [49] L. Püschel, M. Roeglinger, H. Schlott, What's in a smart thing? Development of a
[online], (2013) Available: http://wikibon.org/wiki/v/Defining_and_Sizing_the_ multi-layer taxonomy, in: P. Ågerfalk, N. Levina, S.S. Kien (Eds.), Proceedings of the
Industrial_Internet. International Conference on Information Systems – Digital Innovation at the
[23] ge.com, Industrial Internet Insights Report for 2015. [online], (2015) Available at: Crossroads, ICIS 2016, vol. 2016, Association for Information Systems, Dublin,
https://www.ge.com/digital/sites/default/files/industrial-internet-insights-report. Ireland, 2016December 11–14, 2016.
pdf (Accessed September 8 2017). [50] OWASP, IoT Framework Assessment, in Internet of Things (IoT) Project, (2018)
[24] B. Dorsemaine, et al., Internet of things: a definition and taxonomy, Proc. – Available: https://www.owasp.org/index.php/IoT_Framework_Assessment.
NGMAST 2015 9th Int. Conf. Next Gener. Mob. Appl. Serv. Technol. 2016 (2015) [51] T. Bradicich, The Intelligent Edge: What It Is, What It's Not, and Why It's Useful,
72–77, http://dx.doi.org/10.1109/NGMAST.2015.71. Hewlett Packard Enterprise, (2017) Available: https://www.hpe.com/us/en/
[25] K. Rose, S. Eldridge, L. Chapin, The internet of things: an overview, Internet Soc. insights/articles/the-intelligent-edge-what-it-is-what-its-not-and-why-its-useful-
(2015) 12. 1704.html.
[26] P. Satyavolu, et al., Designing for Manufacturing’s ‘Internet of Things’. Cognizant [52] T.J. Williams, The Purdue Enterprise Reference Architecture, International Society
Report. p.4 [online], (2014) Available: https://www.cognizant.com/ of Automation, Research Triangle Park, North Carolina, 1992 ISBN 1-55617-265-6.
InsightsWhitepapers/Designing-for-Manufacturings-Internet-of-Things.pdf. [53] T.J. Williams, The Purdue enterprise reference architecture, Comput. Ind. 24 (2–3)
[27] L. Aberle, A Comprehensive Guide to Enterprise IoT Project Success, IoT Agenda, (1994) 141–158.
2015, p. 1. Available: http://internetofthingsagenda.techtarget.com/ [54] ANSI/ISA 99.00. 01-2007, Security for Industrial Automation and Control Systems
essentialguide/A-comprehensive-guide-to-enterprise-IoT-project-success (Accessed Part 1: Terminology, Concepts, and Models, 2007.
10 September 2017). [55] IEC/TS 62443-1-1 ED. 1.0 EN:2009, Industrial communication networks – Network
[28] World Economic Forum, Industrial Internet of Things: Unleashing the Potential of and system security – Part 1-1: Terminology, concepts and models.
Connected Products and Services, World Economic Forum Industry Agenda, 2015 [56] L. Obregon, Secure Architecture for Industrial Control Systems, The SANS Institute,
(available at: http://www3.weforum.org/docs/WEFUSA_IndustrialInternet_ 2014 Available: https://www.sans.org/reading-room/whitepapers/ICS/secure-
Report2015.pdf (Accessed 11 October 2017). architecture-industrial-control-systems-36327.
[29] J. Conway, The Industrial Internet of Things: An Evolution to a Smart [57] Health, Safety Executive, Cyber Security for Industrial Automation and Control
Manufacturing Enterprise, Schneider Electric Whitepaper, 2015, p. 2. Systems (IACS), (2017) Bootle, Merseyside. Available: http://www.hse.gov.uk/foi/
[30] P. Helmiö, Open Source in Industrial Internet of Things: A Systematic Literature internalops/og/og-0086.pdf.
Review Master’s Thesis, School of Business and Management, Lappeenranta [58] C. Kolias, G. Kambourakis, A. Stavrou, J. Voas, DDoS in the IoT: mirai and other
University of Technology, 2018, p. 21. botnets, Computer 50 (7) (2017) 80–84.
[31] Real Time Innovations Inc, Industrial Internet of Things, RTI FAQ, 2015, p. 1 [59] M. Antonakakis, et al., Understanding the Mirai Botnet, (2017) Available: https://
(Available: https://info.rti.com/hubfs/docs/Industrial_IoT_FAQ.pdf . (Accessed 29/ www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/
September 2017). antonakakis.
[32] D. Spath, et al., Produktionsarbeit zer Zukunft –Industrie 4.0, Fraunhofer Verlag, [60] BSI, PAS 754 Software Trustworthiness –Governance and Management
Stuttgart, 2013. ?Specification, British Standards Institution, London, 2014.
[33] V. Emmrich, et al., Geschäftsmodell-Innovation durch Industrie 4.0: Chancen und [61] ISO, ISO/IEC/IEE 15288 Systems and Software Engineering –Systems Life Cycle
Risiken für den Maschinen- und Anlagenbau, Dr. Wieselhuber & Partner, and Processes, International Standards Organisation, Geneva, 2015.
Fraunhofer IPA, Munich and Stuttgart, 2015. [62] BSI, PAS 754 Software Trustworthiness –Governance and Management
[34] T. Kaufmann, Geschäftsmodelle in Industrie 4.0 und dem Internet der Dinge, Der ?Specification, British Standards Institution, London, 2014, p. 5.
Weg vom Anspruch in die Wirklichkeit (Essentials), Springer Vieweg, Wiesbaden, [63] Controllino Maxi Available: http://controllino.biz/controllino/maxi-automation/.
2015. [64] I. Kirillov, et al., Malware Attribute Enumeration and Characterization. MITRE
[35] B. Dorsemaine, J.P. Gaulier, J.P. Wary, N. Kheir, P. Urien, Internet of things: a [online], (2015) Available: http://maec.mitre.org.
definition and taxonomy, Proc. – NGMAST 2015 9th Int. Conf. Next Gener. Mob. [65] K. Steenstrup, et al., Predicts 2017: IT and OT convergence will create new chal-
Appl. Serv. Technol. (2016) 72–77, http://dx.doi.org/10.1109/NGMAST.2015.71. lenges and opportunities, Gartner (2016) Available: https://www.gartner.com/
[36] L. Püschel, M. Roeglinger, H. Schlott, What's in a smart thing? Development of a doc/3531817.
multi-layer taxonomy, in: P. Ågerfalk, N. Levina, S.S. Kien (Eds.), Proceedings of the [66] C. Hertzog, Smart Grid Trends to Watch: ICT Innovations and New Entrants, (2012)
International Conference on Information Systems – Digital Innovation at the Available: https://www.smartgridlibrary.com/tag/ictot-convergence/.
Crossroads, ICIS 2016, 2016 Association for Information Systems, Dublin, Ireland, [67] N. Shah, IT and OT Convergence –The Inevitable Evolution of Industry, Iotforall,
2016December 11–14, 2016. (2017) Available: https://www.iotforall.com/it-and-ot-convergence/.
[37] CISCO Systems, Converged Plantwide Ethernet (CPwE) Design and Implementation [68] R. Roman, P. Najera, J. Lopez, Securing the internet of things, IEEE Comput. 44
Guide, (2013) Available: https://www.cisco.com/c/en/us/td/docs/solutions/ (2011) 51–58, http://dx.doi.org/10.1109/MC.2011.291.
Verticals/CPwE/CPwE_DIG.html . (Accessed 5 October 2017). [69] B. Dickson, What Is the Difference Between Greenfield and Brownfield IoT
[38] V. Rozsa, et al., An Application Domain-Based Taxonomy for IoT Sensors, In ISPE Development? (2016) Available: https://bdtechtalks.com/2016/09/22/what-is-
TE, 2016, pp. 249–258. the-difference-between-greenfield-and-brownfield-iot-development/.
[39] E. Ahmed, et al., Internet-of-things-based smart environments: state of the art, [70] Rockwell Automation, Safety Through Security. [online], (2016) Available: http://
taxonomy, and open research challenges, IEEE Wireless Commun. 23 (5) (2016) literature.rockwellautomation.com/idc/groups/literature/documents/wp/safety-
10–16. wp035_-en-p.pdf.
[40] I. Yaqoob, et al., Internet of things architecture: recent advances, taxonomy, re- [71] BSI, BS EN 61508-1 Functional Safety of Electrical/electronic/programmable
quirements, and open challenges, IEEE Wireless Commun. 24 (3) (2017) 10–16. Electronic Safety-related Systems. Part 1: General Requirements, British Standards
[41] S. Schneider, The industrial internet of things (IIoT), in: H. Geng (Ed.), Internet of Institution, London, 2010 Clause 7.4.2.3. p.27.
Things and Data Analytics Handbook, John Wiley & Sons, Inc., Hoboken, NJ, USA, [72] IEC, IEC 61511-1:2016 Functional Safety – Safety Instrumented Systems for the
2017, , http://dx.doi.org/10.1002/9781119173601.ch3. Process Industry Sector – Part 1: Framework, Definitions, System, Hardware and
[42] Beecham Research, M2 M Sector Map, (2014) Available: http://www. Application Programming Requirements, International Electrotechnical
beechamresearch.com/download.aspx?id=18. Commission, Geneva, 2016.
[43] S. Jeschke, C. Brecher, T. Meisen, D. Özdemir, T. Eschert, Industrial internet of [73] IEC, 62443 – Industrial Communication Networks – Network and System Security.
things and cyber manufacturing systems, Industrial Internet of Things, Springer, Suite of Standards, International Electrotechnical Commission, Geneva, 2018.
Cham, 2017, 2018, pp. 3–19, http://dx.doi.org/10.1007/978-3-319-42559-7_1. [74] H. Boyes, A security framework for cyber-physical systems, WMG CSC Working
[44] CyPhERS, Characteristics, Capabilities, Potential Applications of Cyber-physical Paper, Coventry, University of Warwick, 2017.
12