A Zero-Trust Framework for Industrial Internet of Things

Abstract

Interactions between different types of systems from various environments are increasing continuously due to the nature of business and commercial requirements. All of these interactions require a level of trust given for each system in order to enable essential operations and functions. Traditional trust models and frameworks implemented in different environments define static levels of trust given to users and systems. This includes the Defence-in-depth security model that is typically implemented in industrial control systems (ICS) environments. While this model and other security models provide an outstanding level of restriction and security if implemented correctly, they can still allow unauthorised access to sensitive data through compromised trust devices. Industrial Internet of Things (IIoT) solutions are actively being deployed in different sectors. Despite the criticality of the environments IIoT solutions serve, these solutions require more integrated connectivity that ICS environment due to cloud connectivity. This research paper proposes a zero-trust framework for IIoT and explores how this framework could mitigate the existing risks within IIoT solutions. Moreover, this research paper proposes a zero-trust anatomy for IIoT and explores the potential performance and/or complexity overhead resulted from the use of this model.