An IIoT application typically includes many IIoT devices from many different vendors. Take, for example, a typical power plant—it may have a generator built by GE, but instrumentation equipment from Siemens, and so on, that function together to perform the intended operation—but having these diverse and highly critical components poses many security risks.
The goal of this phase is to access the security vulnerabilities of these devices by gaining a deeper understating of the device architecture, such as whether or not these devices use secure protocols, secure authentication, and authorization models. Also, a good understanding of the device software and network location needs to be ...