@@ -245,26 +245,63 @@ The affected Service Requesting Users base is small like in:
**Figure 4.4.1.1-1: IoT network with monitoring data collection**
An IoT network is a network of devices, each of which almost always has limited computational capabilities and consumes a low amount of power. The exact purpose of these device varies, but they are all connected to an NMS, and often to each other and to an IoT buisness logic, which may be a RDPS. The main focus of an IoT network is almost always data collection, and the NMS in this use case usually visualises the collected data metrics and provides them to the end-user. The NMS-analysis of the data metrics can be automated, including triggering warnings, alarms, or even taking actions based on discovered abnormal events.
An IoT network is a network of devices, each of which almost always has limited computational capabilities and consumes a lower amount of power. The exact purpose of these device varies, but they are all connected to a NMS, and often to each other and to an IoT business logic, which may be a RDPS.
It is not uncommon that the business logic and the NMS for the purpose of this document is offered as an ecosystem.
The main focus of an IoT network can be, but is not limited to, data collection.
The NMS in this use case usually visualises the collected data metrics and provides them to the end-user and provides a way to make actions based on the data.
The NMS analysis of the collected metrics can be automated, including triggering warnings, alarms, or even taking actions based on discovered abnormal events.
The NMS controls the configuration of the connected devices, and has a two minimum functions:
1. Establishes and maintains a trust-based relation between itself and the devices.
1. Establishes trust between the system and the devices.
2. Maintain an inventory of devices that are part of the managed network.
##### Trust initialisation
To initialize a trust between actors in this type of NMS and connected devices multiple different methods can be used like: stored credentials, usually in the form of pre-installed keys, identity confirming certificates, or unique serial numbers for example.
These credentials are used during initialisation to create the trust between the NMS, the devices and, if present, with the IoT device business logic.
Credential or key initialisation, and key enrollement or establishment limit the NMS's ability to establish a trust between the intended devices, an ability is further limited if these methods require physical access or close proximity to the IoT device.
For example, an IoT device user can pair the IoT device and establish a trust with the NMS through Bluetooth (tm) pairing mechanisms or with a physical cable connection.
Alternatively to preconfigured devices, the manufacturer may install only a single DNS address, that is queried for configuration on the device startup launching a chain of events, that registers the device to a correct network.
How this new device enrolment is excuted, maintained and how the system responds to changes, is a key aspect of the the product.
Once the trust has been established, the NMS can provide cryptographically protected configuration and update services to the devices at the runtime.
Depending on the NMS architectural design and managed element configurations, the device can either request its configuration from the NMS, or the NMS can push the configuration to the device.
The established trust may be used for secured identification, authentication, and communication with other applications on a device.
The IoT NMS collects the meta traffic data and management related data from networked devices, or forwards it to other systems for processing and storage.
Independent of any of the host system's capabilities, the NMS can also be remotely accessible.
##### Inventory management
The second function of an IoT network NMS is to generate, keep, and maintain the inventory of the network.
This inventory holds information about the connectivity capabilities for each networked device.
When new devices are added and a trust is established, the new device extends the network and the inventory is amended.
To initialize a trust-based relationship between this type of network managment system and connected devices, both of which store credentials, usually in the form of pre-installed keys, identity confirming certificates, or unique serial numbers. These credentials are used during initialisation to create the trusted relationship between the NMS, the devices and, if present, with the IoT device business logic. Credential or key initialisation, and key enrollement or establishment limit the NMS's ability to establish a trusted relationship to the intended devices, an ability further limited as these methods require physical access or close proximity to the IoT device. For example, an IoT devicve user can pair the IoT device and establish a trust-based relationship with the NMS through Bluetooth (tm) mechanisms or with a physical cable connection.
Similar care needs to be administered, when a device needs to be taken out of the network.
When a rogue device is identified, it is important to be able to isolate the device, and mitigate the potential impact of its actions.
Once the trust-based relationship has been established, the NMS can provide cryptographically protected configuration and update services to the devices at runtime. Depending on the initial NMS and managed element configurations, the device can either request its configuration from the NMS, or the NMS can push the configuration to the device. The trust-based relationship can also provide for secured identification, authentication, and communication with other applications on a device.
##### Device management
The IoT network NMS collects the meta traffic data and management related data from networked devices, or forwards it to other systems for data collection and storage. All data transmitted from the devices to the NMS and all data transmitted from the NMS to the devices is cryptographically protected with authentication of the endpoints, and with integrity and confidentiality protection. Independent of any of the host system's capabilities, the NMS can also be remotely accessible.
The IoT device design can be very simplistic, where the device relies on the system the push for configurations and even update the device firmware.
In the other end of the spectrum, the device can be designed to operate as autonomous agent, that requires little or no input from the NMS to be able to manage its functions and the running software.
The advancements in the microcontroller features and adjacent platforms used to build IoT devices blurs the line between a simple device and a complex computation node, the IoT remains to be a branding decission from the manufacturer.
2. Generates and maintains an inventory of devices that are part of the managed network,
What is the role of the NMS in the IoT network is important to understand when the device expects to be managed.
The devices are outside of this document, but how the provided API's are designed, and how the trust is established in the connected network needs to be evaluated within limits of this document.
The second primary function of an IoT network NMS is to generate, keep, and maintain a network inventory. This inventory holds information about the connectivity capabilities for each connected device. When new devices are added and a trust-based relationship is established with them, they extend the network and the inventory is amended.
##### Risk management
Users of the IoT device business logic or of managed elements are protected from unauthorised access when interacting with each other or with the NMS. Malicious impact on these communication channels, such as interception, interruption, or inducing data packets is detected and the system creates an event that is recorded, and if applicable, reported.
Key areas to understand how an IoT network management system can affect the customers operations comes from the understanding how the enrollment works, how isolated the control systems are, how large pools of devices are managed, and what the device is designed to do.
The above given example architecture of figure 3 can serve as explanation help during the conformity assessment to meet CRA [\[i.1\]](#_ref_i.1) Annex I part 1.
A home garden greenhouse monitoring system does not necessarily require as high-available operation as the freezers at a large scale meat storage facility.
> NOTE: This use case seems to focus on two security functions of IoT products, but make sno distinctions btween large and small IoT networks (with corresponding botnet risks) or products designed for higher risk environments (e.g. home "convienance" devices such as a set of speakers < home essential devices such as lighting < enterprise and industrial deployments such as warehouse or factory lighting and < hiogh risk infrastructural device/environments such as freezer units at a large scale meat storage facitility.) To me these levels of risk reprsent sub use cases and maybe lesser requirements/mitigations for low risk/impace devices? Additionally the degree of remote sertvice involved in the NMS may also create sub clasess (or potentially it could be modelled as a risk factor?)
The RDPS outages can be mitigated by storing the collected data locally for longer, so the centralised system can respond to the historical events later, when the connectivity resumes.
It might be adecuate for a critical facility to deploy the controllers closer to the facility under surveilance, if the highest reliability and operation quality is to be assumed.
