What is the Gartner IIoT Framework?
When it comes to the Industrial Internet of Things (IIoT), the legacy Purdue model no longer provides adequate levels of security projection – as newer IIoT devices are added to the model.
IIoT gateways, connections to external cloud analytics platforms, and 5G network connectivity extend more unique capabilities while possibly more exposure to cyber criminals and hackers. A more recent approach to IIoT architecture, called the Gartner model, has grown in popularity and makes up for much of what the Purdue model lacks.
In this blog post, we’ll explore the different risks to IIoT architecture, how the Gartner model can be applied, and how organizations can automate vulnerability patching within the Gartner framework to minimize risk.
IIoT Cybersecurity Challenges
Most operational technology (OT) and industrial control systems (ICS) architectures are flat networks with exposed areas from a security standpoint. The attack space covers the entire range of potential attacks against an IIoT platform. These include both internal and external attacks.
Internal attacks may come from insiders who have access to the technology, such as employees, contractors, partners, and customers. External attacks may come from rogue connected devices and outside sources, including hackers, criminals, terrorists, and nation-states. Besides these two categories, there are also physical attacks involving equipment or facilities damage.
Adoption of the Gartner IIoT Reference Architecture
The Gartner model incorporates several integrated security controls built into each layer:
Edge: The edge extends to the location of the IIoT devices, sensors, cars, windmills, valves, etc. The IoT gateway will execute connectivity between the edge layer and the platform.
Platform: The platform layer accepts connections from the edge layer through a series of edge device authentication security functions. The platform includes patch management, edge device management, orchestration, automation, and data analytics within the platform layer. Data, device, and host security is critical in this layer.
Enterprise: The platform layer communicates through the API gateway into the enterprise segment. Within the enterprise layer, you’ll find classic and next-generation IT applications, data warehousing, data lakes, and business automation.
Managing Risk with the Gartner IIoT Model
An organization perceives the risk management team and the operational technology team differently. Balanced considerations are essential to ensuring the reliability of IIoT systems. The controls and flow of information may cross multiple intermediaries. Trust must also permeate the entire system production process lifecycle, including actors and functional entities.
From a technical perspective, the Gartner IIoT model focuses on analyzing and evaluating technical aspects of an IIoT system, including its benefits, risks, and costs. It then maps these technical considerations to the underlying system capabilities.
Importance of Security Governance and Automation for Risk Reduction
The Gartner IIoT framework is a comprehensive model for better security for IIoT deployments, introducing the criticality of continuous monitoring, patching, and remediating the various systems to maintain the highest state of readiness, safety, and availability.
Patching live systems without taking them out of production is essential to maintaining the continuous uptime of these components with the Gartner framework. While the framework promotes resilience, each element’s reliability is critical to maintaining the expected security posture.
How TuxCare’s Live Patching, ELS, and Library Updates Align with the Gartner IIoT Security Framework
TuxCare, a global leader in live patching critical components and overall security patching for end-of-life distributions and languages, aligns with several of the domains within the Gartner IIoT security model:
Operations domain – TuxCare live patches Linux OS kernels, libraries, and other critical components across all three layers without needing to reboot or schedule downtime.
Application domain – TuxCare live patching extends into this domain by automatically patching vulnerabilities in several Linux distros and providing ongoing security updates for end-of-life versions of Python and PHP applications.
Business domain – TuxCare live patching extends into many Linux hosts, along with application support for open support databases (MySQL, Maria, PostgreSQL, etc.) and Python and PHP-based applications deployed within this domain.
Control domain – KernelCare for IoT is a solution for updating critical hosts and IoT devices within the edge, platform, enterprise layers, and control domain. TuxCare live patching extends into IIoT-specific devices supporting Raspberry Pi, Yocto, Ubuntu Core, AlmaLinux, and ARM64.
TuxCare Patching Automation Capabilities for Risk Reduction
Particularly in IIoT environments, waiting to apply security patches until you’re ready to restart systems and devices leaves your organization vulnerable and risks your compliance posture. TuxCare’s live patching solutions protect your Linux systems by rapidly eliminating vulnerabilities without waiting for maintenance windows or downtime. With TuxCare, IT teams can automate taking new patches through staging, testing, and production on all popular Linux distributions.
TuxCare features flawless interoperability with vulnerability scanners, security sensors, automation and reporting tools, and our ePortal management platform. This dedicated private patch server runs inside your firewall on-premises or in the cloud. TuxCare is the only provider that can live patch virtually all vulnerabilities in kernels, shared libraries, virtualization platforms, and open-source databases across all popular distributions.