A Risk-Assessment of Cyber Attacks and Defense Strategies in Industry 4.0 Ecosystem
Автор: Ahmet Ali Süzen
Журнал: International Journal of Computer Network and Information Security @ijcnis
Статья в выпуске: 1 vol.12, 2020 года.
Бесплатный доступ
The development of technology and uses increases the interconnected digital ecosystem. This is accompanied by dense data usage. Wherever digital data is available, cyber-attacks are threatened and increase the need for cybersecurity prevention. The fact that Industry 4.0 basic fuel is data indicates that the risk of cyber-attack will continue to increase in Industry 4.0. In this study, the sources of cybersecurity threats in the Industry 4.0 ecosystem are examined in the corporate and end-user dimensions. The cybersecurity vulnerabilities most evident in Industry 4.0 systems have been determined to consist of vulnerabilities in control systems protocols, unprotected thing connections, neglect of periodic infiltration tests, inability to manage network devices effectively and untrained personnel. The cyber defense strategies and requirements for these vulnerabilities have been determined. At the same time, corporates and end-users have been told how to implement these preventions. As a result, it is not possible to completely prevent cyber-attacks within the Industry 4.0 ecosystem. Preventing the vulnerabilities identified in the study will ensure that the damage is minimal in attacks.
Cyber Security, Cyber Attack, Defense Strategies, Risk-Assessment, Industry 4.0
Короткий адрес: https://sciup.org/15017010
IDR: 15017010 | DOI: 10.5815/ijcnis.2020.01.01
Список литературы A Risk-Assessment of Cyber Attacks and Defense Strategies in Industry 4.0 Ecosystem
- Lasi, H., Fettke, P., Kemper, H. G., Feld, T., & Hoffmann, M. (2014). Industry 4.0. Business & Information Systems Engineering, 6(4), 239-242.
- Lee, J., Bagheri, B., & Kao, H. A. (2015). A Cyber-Physical systems architecture for industry 4.0-based manufacturing systems. Manufacturing Letters, 3, 18-23.
- Lu, Y. (2017). Industry 4.0: A survey on technologies, applications and open research issues. Journal of Industrial Information Integration, 6, 1-10.
- Gorecky, D., Schmitt, M., Loskyll, M., & Zühlke, D. (2014, July). Human-machine-interaction in the industry 4.0 era. In Industrial Informatics (INDIN), 2014 12th IEEE International Conference (pp. 289-294). IEEE.
- Almada-Lobo, F. (2016). The Industry 4.0 revolution and the future of manufacturing execution systems (MES). Journal of innovation management, 3(4), 16-21.
- Zhou, K., Liu, T., & Zhou, L. (2015, August). Industry 4.0: Towards future industrial opportunities and challenges. In Fuzzy Systems and Knowledge Discovery (FSKD), 2015 12th International Conference on (pp. 2147-2152). IEEE.
- Jazdi, N. (2014, May). Cyber physical systems in the context of Industry 4.0. In Automation, Quality and Testing, Robotics, 2014 IEEE International Conference on (pp. 1-4). IEEE.
- Lee, J., Bagheri, B., & Jin, C. (2016). Introduction to cyber manufacturing. Manufacturing Letters, 8, 11-15.
- Lu, Y., & Da Xu, L. (2018). Internet of things (iot) cybersecurity research: A review of current research topics. IEEE Internet of Things Journal, 6(2), 2103-2115.
- Hsu, D. F., Marinucci, D., & Voas, J. M. (2015). Cybersecurity: Toward a secure and sustainable cyber ecosystem. Computer, (4), 12-14.
- Wells, L. J., Camelio, J. A., Williams, C. B., & White, J. (2014). Cyber-physical security challenges in manufacturing systems. Manufacturing Letters, 2(2), 74-77.
- Gupta, G. P., & Kulariya, M. (2016). A framework for fast and efficient cyber security network intrusion detection using apache spark. Procedia Computer Science, 93, 824-831.
- Lezzi, M., Lazoi, M., & Corallo, A. (2018). Cybersecurity for Industry 4.0 in the current literature: A reference framework. Computers in Industry, 103, 97-110.
- Kogiso, K., & Fujita, T. (2015, December). Cyber-security enhancement of networked control systems using homomorphic encryption. In 2015 54th IEEE Conference on Decision and Control (CDC) (pp. 6836-6843). IEEE.
- Semerci, M., Cemgil, A. T., & Sankur, B. (2018). An intelligent cyber security system against DDoS attacks in SIP networks. Computer Networks, 136, 137-154.
- Liu, J., Xiao, Y., Li, S., Liang, W., & Chen, C. P. (2012). Cyber security and privacy issues in smart grids. IEEE Communications Surveys & Tutorials, 14(4), 981-997.
- Bahrin, M. A. K., Othman, M. F., Azli, N. N., & Talib, M. F. (2016). Industry 4.0: A review on industrial automation and robotic. Jurnal Teknologi, 78(6-13), 137-143.
- Zheng, P., Sang, Z., Zhong, R. Y., Liu, Y., Liu, C., Mubarok, K., Xu, X. (2018). Smart manufacturing systems for Industry 4.0: Conceptual framework, scenarios, and future perspectives. Frontiers of Mechanical Engineering, 1-14.
- Zhong, R. Y., Xu, X., Klotz, E., & Newman, S. T. (2017). Intelligent manufacturing in the context of industry 4.0: a review. Engineering, 3(5), 616-630.
- Petrasch, R., & Hentschke, R. (2016, July). Process modeling for Industry 4.0 applications: Towards an Industry 4.0 process modeling language and method. In Computer Science and Software Engineering (JCSSE), 2016 13th International Joint Conference on (pp. 1-5). IEEE.
- Aksoy, B , Uğuz, S , Oral, O . (2019). Comparison of The Data Matching Performances of String Similarity Algorithms in Big Data. Journal of Engineering Sciences and Design, 7 (3), 608-618. DOI: 10.21923/jesd.467036
- Wang, E. K., Ye, Y., Xu, X., Yiu, S. M., Hui, L. C. K., & Chow, K. P. (2010). Security issues and challenges for cyber physical system. In Proceedings of the 2010 IEEE/ACM International Conference on Green Computing and Communications & International References Conference on Cyber, Physical and Social Computing (pp. 733-738). IEEE Computer Society
- He, K., & Jin, M., (2016). Cyber-Physical System for maintenance in industry 4.0, Jönköping University School of Enginering, 64p.
- Bagheri, B., Yang, S., Kao, H., Lee, J., (2015). Cyber-Physical Systems Architecture for Self-Aware Machines in Industry 4.0 Environment, IFAC-Papers Online, 48-3 1622–1627.
- Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future generation computer systems, 29(7), 1645-1660.
- Lee, I., & Lee, K. (2015). The Internet of Things (IoT): Applications, investments, and challenges for enterprises. Business Horizons, 58(4), 431-440.
- Madakam, S., Ramaswamy, R., & Tripathi, S. (2015). Internet of Things (IoT): A literature review. Journal of Computer and Communications, 3(05), 164.
- Barnaghi, P., & Sheth, A. (2016). On searching the internet of things: Requirements and challenges. IEEE Intelligent Systems, 31(6), 71-75.
- Pancaroğlu, D., (2018). An Analysis on the Current State of Security in the Internet of Things, International Conference on Cyber Security and Computer Science (ICONCS’18), Safranbolu, Turkey.
- Von Solms, R., & Van N., J. (2013). From information security to cyber security. computers & security, 38, 97-102.
- Akin, M , Sağiroğlu, Ş . (2017). Gelişmiş Sürekli Tehditler. Türkiye Bilişim Vakfı Bilgisayar Bilimleri ve Mühendisliği Dergisi , 10 (1) , 1-10 .
- Xie, P., Li, J. H., Ou, X., Liu, P., & Levy, R. (2010, June). Using Bayesian networks for cyber security analysis. In Dependable Systems and Networks (DSN), 2010 IEEE/IFIP international conference on (pp. 211-220). IEEE.
- Arkin, B., Stender, S., & McGraw, G. (2005). Software penetration testing. IEEE Security & Privacy, 3(1), 84-87.
- STM, (2018), Siber Tehdit Durum Raporu, Access Date: 10.02.2019, Access Link: https://thinktech.stm.com.tr/uploads/raporlar/pdf/2072018175818369_stm_siber_tehdit_durum_
- raporu.pdf
- Baheti, R., & Gill, H. (2011). Cyber-Physical systems. The impact of control technology, 12(1), 161-166.
- Yampolskiy, M., Horvath, P., Koutsoukos, X. D., Xue, Y., & Sztipanovits, J. (2012, August). Systematic analysis of cyber-attacks on CPS-evaluating applicability of DFD-based approach. In Resilient Control Systems (ISRCS), 2012 5th International Symposium on (pp. 55-62). IEEE.
- Chen, C. K., Zhang, Z. K., Lee, S. H., & Shieh, S. (2018). Penetration Testing in the IoT Age. Computer, 51(4), 82-85.
- Dürrwang, J., Braun, J., Rumez, M., Kriesten, R., & Pretschner, A. (2018). Enhancement of Automotive Penetration Testing with Threat Analyses Results. SAE International Journal of Transportation Cybersecurity and Privacy, 1(11-01-02-0005), 91-112.
- Çakır, H , Yaşar, H . (2015). Kurumsal Siber Güvenliğe Yönelik Tehditler ve Önlemleri. Düzce Üniversitesi Bilim ve Teknoloji Dergisi, 3 (2), 488-507.
- Arslan, H., Aslan, H., Karkı, H. D., & Yüksel, A. G. (2018, September). Blockchain and Security in the IoT Environments: Literature Review. In 2018 3rd International Conference on Computer Science and Engineering (UBMK) (pp. 254-257). IEEE.
- Han, K. H., & Lee, S. H. (2016). A Study on the Security Threats of IoT Devices Exposed n Search Engine. The transactions of The Korean Institute of Electrical Engineers, 65(1), 128-134.
- Micro, T. (2016). Addressing the SANS TOP 20 critical security controls for effective cyber defense. A trend Micro Whitepaper.
- TSE ISO/IEC 27001 Information Technology, Security Techniques, Code of Practice for Information Security Management, Access Date : 10.01.2019, Erişim Link : https://www.tse.org.tr/IcerikDetay?ID=2311&ParentID=6890
- Igure, V. M., Laughter, S. A., & Williams, R. D. (2006). Security issues in SCADA networks. Computers & Security, 25(7), 498-506.
- Erkek, İ., (2018). Modbus Temelli Scada Sistemlerinin Siber Güvenliği İçin Yeni Bir Yaklaşım, Yüksek Lisans Tezi, Gazi Üniversitesi,133p.
- SANS / CIS, CIS Critical Security Controls, Access Date: 01.01.2019, Access Link: https://www.sans.org/critical-security-controls
- ÇözümPark, Siber Güvenlik İçin 20 Önemli Madde, Access Date: 01.01.2019, Erişim Link: http://www.cozumpark.com/blogs/gvenlik/archive/2017/05/28/siber-guvenlik-in-20-onemli-madde.aspx
- AV-Comparatives, Business Security Test 2019, Access Date: 10.10.2019, Access Link: https://www.av-comparatives.org/tests/business-security-test-2019-march-june/
- Al-rimy, B. A. S., Maarof, M. A., & Shaid, S. Z. M. (2018). Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Computers & Security, 74, 144-166.
- Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack 2017. International Journal of Advanced Research in Computer Science, 8(5).
- Hickman, K., & Elgamal, T. (1995). The SSL protocol. Netscape communications corp, 501.
- Demir, F. (2010). Güvenli Veri İletiminde Kullanılan VPN Tiplerinin Uygulaması ve Performans Analizi (Doctoral dissertation, Fen Bilimleri Enstitüsü).
- Herley, C., & Van Oorschot, P. (2012). A research agenda acknowledging the persistence of passwords. IEEE Security & privacy, 10(1), 28-36.
- Süzen, A., A., Şimşek, M., A., Kayaalp, K., Gürfidan, R., (2019). The Attack Methodology to Wireless Domains of Things in Industry 4.0. Nevşehir Bilim ve Teknoloji Dergisi, 8, 143-151. DOI: 10.17100/nevbiltek.557886
- B., Kelley, P. G., Komanduri, S., Lee, J., Maass, M., Mazurek, M. L, & Christin, N. (2012). How does your password measure up? the effect of strength meters on password creation. In Presented as part of the 21st Security Symposium Security 12) (pp. 65-80).
- Hong, J. (2012). The state of phishing attacks. Commun. ACM, 55(1), 74-81.
- Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2015). Advanced social engineering attacks. Journal of Information Security and applications, 22, 113-122.
- AV-Comparatives, Real-World Protection Test 2019, Access Date: 15.10.2019, Access Link: https://www.av-comparatives.org/tests/real-world-protection-test-jul-aug-2019-factsheet/