As we saw in the previous section, any discussion of IIoT security needs to factor in the pillars of information assurance (IA), in addition to physical safety and resiliency. In IIoT, the confidentiality and integrity of data is as relevant as the resiliency of controls and the safety of physical assets and people. In this context, let's define the pillars of IIoT security as follows:

• Confidentiality: Protecting sensitive information from disclosure and maintaining data privacy
• Integrity: Information is not modified, accidentally or purposefully, without being detected
• Authentication: Data is accessed by known entities, while making sure that that data belongs to a known identity or endpoint (this generally follows identification)
• Non-repudiation: Ensuring that an individual or system cannot later deny having performed an action
• Availability: Ensuring that information is available when needed

In addition to these pillars, the disciplines of resiliency and safety are defined as:

• Resilience: Ensuring the industrial control system maintains state awareness and an accepted level of operational normalcy in response to disturbances, including threats of an unexpected and malicious nature
• Safety: Ensuing in the event of an attack that the affected system does not cause injury, harm, or damage to the environment or people

In the foundation of these tenets of IIOT security, let's examine the typical threats, vulnerabilities, and risk factors that are pertinent to connected industrial systems.