The Industrial Internet Consortium (IIC) announces the Security Maturity Model (SMM) Practitioner’s Guide

February 25, 2019 – The Industrial Internet Consortium (IIC), incorporating OpenFog, announces the Security Maturity Model (SMM) Practitioner’s Guide, which provides detailed actionable guidance enabling IoT stakeholders to assess and manage the security maturity of IoT systems. Along with the publication of the SMM Practitioner’s Guide is an update to the IoT SMM: Description and Intended Use White Paper, which provides an introduction to the concepts and approach of the SMM. This white paper has been updated for consistency with the SMM Practitioner’s Guide, including revised diagrams and updated terminology.
As organizations connect their systems to the internet, they become vulnerable to new threats, and they are rightly concerned with security. The SMM helps by enabling a structured top-down approach toward setting goals as well as a means toward assessing the current security state, taking into account various specific practices.
Building on concepts identified in the IIC Industrial Internet Security Framework published in 2016, the SMM defines levels of security maturity for a company to achieve based on its security goals and objectives as well as its appetite for risk. Organizations may improve their security state by making continued security assessments and improvements over time, up to their required level.
The practitioner’s guide includes tables describing what must be done to reach a given security comprehensiveness for each security domain, subdomain and practice and can be extended to address specific industry or system scope needs. Following each table is an example using various industry use cases to demonstrate how an organization might use the table to pick a target state or to evaluate a current state.
One example is that of an automotive manufacturer considering the possible threats interfering with the operations of a vehicle key fob. The manufacturer sets its target maturity comprehensiveness level to “1” as it considers some IT threats, such as a Denial of Service attack that may prevent a driver from opening the car door using the key fob. Over time, as new threats emerge, the manufacturer realizes it needs additional threat modeling and enhanced practices so raises its target maturity comprehensiveness level to a higher level “2.”
The practitioner’s guide contains three case studies that show IoT stakeholders how to apply the process based on realistic assessments, showing how the SMM can be applied in practice. The case studies include a smarter data-driven bottling line, an automotive gateway supporting OTA updates and security cameras used in residential settings.
The IIC designed the SMM to be extended for industry and system specific requirements. The IIC is collaborating with various industry groups to develop industry profiles that extend the model.

Check out our free e-newsletters
to read more great articles.
MORE RESOURCES
-
Interact Analysis Report: Industrial robot market slows in 2019
Compared to 2017, where revenues associated with industrial robots increased by 20%, forecasted declines of 4.3 per cent in 2019 have caused some...
-
Industrial Internet Consortium and oneM2M release whitepaper on Advancing the Industrial Internet...
The joint whitepaper, “Advancing the Industrial Internet of Things,” written by the IIC and oneM2M, demonstrates how these two IoT...
-
Association for Advancing Automation Report: North American machine vision market down in 2019
Machine vision systems saw a decrease of 2% year over year, at $599.9 million. This category includes smart cameras and application specific...
-
ODVA announces enhancements to EtherNet/IP Specification
The published enhancements to The EtherNet/IP Specification outline integration of NAMUR NE 107 diagnostics for process automation into CIP...
-
IDTechEx Report: Autonomous cars could accout for 4 trillion miles of road travel by 2040
IDTechEx has recently seen competitors joining hands and forming some unlikely-sounding alliances to reduce the cost of autonomous driving...
RELATED
-
Verizon helps Virginia shipbuilding company implement 5G service
With 5G’s increased bandwidth and ultra-low latency, NNS will be equipped to meet network connectivity demands and will test new ways its...
-
Kinedyne announces John Seliga as Vice President of Finance
A certified public accountant, Seliga holds a master’s degree in business administration from Cleveland State University and a bachelor’s...
-
Senseye partners with ATS Global to accelerate smart factory strategies
ATS will support Senseye's clients with the design, implementation, or integration of automated machine data systems such as historians or...
-
ARC Advisory Group Report: ABB leads DCS market for 20th consecutive year
According to the report, ABB’s presence in many end-user industries was a major factor in this success. The DCS market saw its main growth in oil...
-
Litum IoT helps Ferrero Group enhance worker tracking
Ferrero needed a way to confirm that all its employees could be safely accounted when an emergency evacuation was underway.