This is a sorely needed development. Many of the scariest scenarios involve industrial systems. Hence the urgent need for a framework that guides the way for security in our industrial IoT systems. This evolving need is summed up well in the following excerpt from the "motivation" section of the IISF report:
“Historically, security in trustworthy industrial systems relied on physical separation and network isolation of vulnerable components, and on the obscurity of the design and access rules for critical control systems. Security was, and still is, enforced through physical locks, alarm systems and in some cases armed guards. Designers and operators rarely considered that these systems might one day be exposed to a global network, remotely accessible by many, from legitimate users to rogue nation-states Systems that were originally designed to be isolated are now exposed to attacks of ever-increasing sophistication, and the design assumptions of existing operational technology systems no longer apply. A successful attack on an IIoT system has the potential to be as serious as the worst industrial accidents to date (e.g. Chernobyl and Bhopal), resulting in damage to the environment, injury or loss of human life.”
