The CIO Strategy Council is inviting comments from the public on a proposed National Standard of Canada for the cyber security of Industrial Internet of Things (IIoT) devices. The draft is available for public review until April 25, 2022.
IIoT devices include a broad range of smart devices that are geographically distributed and serve a function in critical infrastructure, from sensors and actuators to controllers and edge computers. These IIoT devices have a level of inherent connectivity and processing capability that require a broad complex supply chain inclusive of hardware components, software stacks, and communication services providers.
Considering the nature of their connectivity, potential impact and associated attack, IIoT devices deployed in critical infrastructure environments have specific cybersecurity risks not inherent in traditional Industrial Control System (ICS) or IoT (applications). The increase in geographic dispersion increases the connectivity attack surface while the critical nature of the applications draws attention to potential attackers.
The proposed national standard specifies cyber security controls for the design and operation of IIoT devices to meet requirements for security, safety, confidentiality, integrity, and availability. The proposed standard is intended for organizations planning to acquire new IIoT devices or equipment embedding IIoT devices and provides a consolidated overview of key security features and practices to meet industry recommended standards and best practices.
The proposed national standard is funded in part by the Government of Canada through National Resources Canada’s Cyber Security and Critical Infrastructure Program.
About CIO Strategy Council
The CIO Strategy Council is Canada’s only national forum bringing together the country’s most forward-thinking chief information officers and executive technology leader to collectively mobilize on common digital priorities. Cutting across major sectors of the Canadian economy – public, private and not-for-profit – the Council harnesses the collective expertise and action of Canada’s CIOs to propel Canada as a digital-first nation. With a strategic, coordinated approach, our members are helping to inform the design of disruptive technologies and accelerating their adoption across all industries, resulting in a safer, more prosperous ICT ecosystem for Canada.
About National Resources Canada
Natural Resources Canada develops policies and programs that enhance the contribution of the natural resources sector to the economy, improve the quality of life for all Canadians and conduct innovative science in facilities across Canada to generate ideas and transfer technologies. Its Cyber Security and Critical Energy Infrastructure Program (CCEIP) received $2.42 million over 5 years to enhance the cyber security and resilience of domestic and cross-border energy infrastructure, in support of Canada’s National Cyber Security Strategy.
For more information about CCEIP, please contact nrcan.cceip-pciee.rncan@canada.ca.