Vulnerability Management in IIoT-Based Systems: What, Why and How

Abstract

AbstractIndustrial Control Systems (ICS) are characterized by large numbers of tightly integrated, interdependent, and heterogeneous components in a network. They act as a base system for safety and mission-critical Industrial Internet of Things (IIoT) applications such as smart grids, nuclear power plants, process control systems and robotics systems. The complex ICS, e.g., Supervisory Control and Data Acquisition (SCADA), consists of many interdependent subsystems. Modern SCADA systems are an amalgam of IIoT and legacy systems. IIoT is essentially a realization of advances in the connectivity of hardware and data networks that SCADA provides. Therefore, modern SCADA has evolved as a use case of IIoT, wherein IIoT improves industrial productivity by analyzing data generated by SCADA systems. The modernization of the SCADA system, standardization of communication protocols and almost ubiquitous interconnectivity courtesy for IIoT has drastically increased the attack surface of the SCADA system. Systematic Vulnerability Management (VM) of these attack surfaces minimizes risks and impacts associated with vulnerability exploitation. In this chapter, we first find the correlation between the IIoT and SCADA systems, followed by security challenges faced by IIoT-based systems. Then we highlight the role of VM in securing the critical systems, followed by the study of the state-of-art approaches for VM. After that, we discuss some future research directions for developing techniques for efficient VM. The chapter underscores the design challenges and research opportunities for efficiently managing the increasing vulnerabilities.