Security objectives and constraints

A cyberimmune information system is a system that guarantees the fulfillment of specific security objectives in all possible scenarios of system usage as stipulated by the developers.

One prerequisite when developing a cyberimmune information system is to identify its security objectives and the security constraints under which the system will operate.

Security objectives are the particular requirements imposed on a cyberimmune information system that must be fulfilled to ensure that the system operates securely in any possible usage scenario with consideration of the necessary security constraints.

Security constraints are the additional restrictions placed upon the system operating conditions that either simplify or complicate the fulfillment of security objectives.

Security objectives

Kaspersky IoT Secure Gateway 100 has the following security objectives:

• Kaspersky IoT Secure Gateway 100 ensures secure, unidirectional transfer of data from industrial equipment residing within an internal enterprise network to the Siemens MindSphere cloud platform while eliminating the possibility of the cloud system having any impact on internal resources of the enterprise.
• Kaspersky IoT Secure Gateway 100 ensures the integrity of data transmitted to the Siemens MindSphere cloud platform.

The following are not security objectives of Kaspersky IoT Secure Gateway 100:

• Accessibility of Kaspersky IoT Secure Gateway 100
• Confidentiality of data transmitted from Kaspersky IoT Secure Gateway 100 to the cloud platform

Security constraints

Kaspersky IoT Secure Gateway 100 has the following security constraints:

• Kaspersky IoT Secure Gateway 100 can receive data from equipment residing within an internal enterprise network only over the OPC UA protocol.
• Physical access to Kaspersky IoT Secure Gateway 100 is restricted by organizational measures implemented by the specific enterprise (room access and equipment access regulations) to prevent unauthorized access to Kaspersky IoT Secure Gateway 100.
• Kaspersky IoT Secure Gateway 100 does not have internal administration resources. The software portion of Kaspersky IoT Secure Gateway 100 and configuration files are stored on an extractable SD card that can be accessed only by the administrator.
• While Kaspersky IoT Secure Gateway 100 is running, the settings, certificates and encryption keys stored on the SD card are read-only.
• A medium level of threat (basic elevated) from the external network is assumed.
• A low level of threat (basic) from the internal network is assumed.

  For more detailed information on assessing the information security threat level, please refer to the website of the relevant government agency with jurisdiction over technical and export regulations.

Kaspersky IoT Secure Gateway 100 cannot guarantee the integrity of data transmitted within the internal network from equipment to Kaspersky IoT Secure Gateway 100.

Kaspersky IoT Secure Gateway 100 cannot ensure that devices connected to Kaspersky IoT Secure Gateway 100 will be protected against attacks launched from within the internal network.

Threats associated with a vulnerability of the hardware platform are not considered.

The following threats associated with breached availability of the infrastructure are not considered:

• Communication channels between the sides of network interaction
• Siemens MindSphere cloud platform

Page top