Cyber security of an industrial IoT gateway device - a threat model view and security aspects

The ever-growing cyber-attack vectors on the critical infrastructure demands that operation technology infrastructure providers design and build cyber-attack resilient systems. This calls for a need that the cyber security aspect of the overall system is considered from the design phase of the various components of the overall system. In this paper, a generic software architecture, and the security design aspects of an Industrial IoT Edge gateway (Also known as Edge) are discussed. This design aspects supports the critical infrastructure system asset owners and vendors to adhere to the Confidentiality, Integrity, and Availability (CIA) principles of the security. The manuscript focuses on the threat model following the STRIDE analysis, provides the potential attack surface analysis, and the corresponding threat mitigation techniques for the Edge device. The paper highlights various aspects of security footprint and security controls such as secure boot, secure communication, and secure patch update for the Edge gateway. The security concerns, risks and the mitigation solutions proposed can serve as a guide for various operation technology device manufacturers and vendors while building or integrating an Edge device that connects the operation technology industrial devices to the internet facing cloud-based data storage solutions or on-premises data storages. Such an Edge device serves as a key communication device (and a potential cyber-attack surface) that has a wide variety of applications such as a simple smart meter with limited functionality to a more complex Edge gateway that transmits large volume of telemetry data to the Cloud data stores. The ideas presented are not just limited to smart device ecosystems but also to similar devices in substation automation, distributed automation, and process automation products that act as a bridge between Operation Technology (OT) networks and Internet facing (IT network: Enterprise and Cloud) solutions. Identifying the potential cyber-threats and the attack surface and securing the device by design will save the various partners in the critical infrastructure industry in terms of the operational costs, reputation, and potential human loss.