Distinguishing features of IAM in IIoT
In Chapter 1, An Unprecedented Opportunity at Stake, we analyzed the divergent nature of IT and OT security priorities. While designing and implementing identity and access control mechanisms for IIoT systems, the unique characteristics of cyber-physical systems need to be factored in.
The protocols developed in the early days of IT—such as Telnet and TFTP—had very few security and cryptographic controls built in, as security was not a top concern back then. Besides, for IT software developers, getting "something to work" has historically been more important than integrating adequate security. So, in the IT world cybersecurity ended up being an incessant cat-and-mouse game where security is bolted on after compromises have already happened. This "patchwork" is not practical in OT domains. In fact, to satisfy the safety, reliability, and resilience standards of cyber-physical systems, bolting on security is simply not going to work.
In this section, the...