Software in the Manufacturing Industry: Emerging Security Challenge Areas for IIoT Platforms
Pages 118 - 121
Abstract
Industrial Internet of Things (IIoT) platforms connect services and computation resources to industrial devices. They increase flexibility, scalability, and provide a wider application portfolio for automated production. However, in a growing ecosystem of software suppliers, manufacturing companies are concerned whether the security of third-party software meets the requirements of the industry. In this paper, we analyse IIoT reference architecture components and corresponding stakeholders to draw implications on security. In particular, we identify four security challenge areas of IIoT platforms, show relations to existing research, and highlight directions for future work.
References
[1]
Carolina Adaros Boye, Paul Kearney, and Mark Josephs. 2018. Cyber-Risks in the Industrial Internet of Things (IIoT): Towards a Method for Continuous Assessment. In Developments in Language Theory, Mizuho Hoshi and Shinnosuke Seki (Eds.). Vol. 11088. Springer International Publishing, Cham, 502--519.
[2]
V. Alcácer and V. Cruz-Machado. 2019. Scanning the Industry 4.0: A Literature Review on Technologies for Manufacturing Systems. Engineering Science and Technology, an International Journal 22, 3 (June 2019), 899--919.
[3]
Laurin Arnold, Jan Jöhnk, Florian Vogt, and Nils Urbach. 2022. IIoT Platforms' Architectural Features - a Taxonomy and Five Prevalent Archetypes. Electronic Markets 32, 2 (June 2022), 927--944.
[4]
Lotfi Ben Othmane and Azmat Ali. 2016. Towards Effective Security Assurance for Incremental Software Development the Case of Zen Cart Application. In 2016 11th International Conference on Availability, Reliability and Security (ARES). IEEE, Salzburg, Austria, 564--571.
[5]
Ani Bicaku, Markus Tauber, and Jerker Delsing. 2020. Security Standard Compliance and Continuous Verification for Industrial Internet of Things. International Journal of Distributed Sensor Networks 16, 6 (June 2020), 155014772092273.
[6]
Peter Bishop and Robin Bloomfield. 2000. A Methodology for Safety Case Development. In Safety and Reliability, Vol. 20. Taylor & Francis, 34--42.
[7]
Hugh Boyes, Bil Hallaq, Joe Cunningham, and Tim Watson. 2018. The Industrial Internet of Things (IIoT): An Analysis Framework. Computers in Industry 101 (Oct. 2018), 1--12.
[8]
Nicola Dragoni, Saverio Giallorenzo, Alberto Lluch Lafuente, Manuel Mazzara, Fabrizio Montesi, Ruslan Mustafin, and Larisa Safina. 2017. Microservices: Yesterday, Today, and Tomorrow. Present and ulterior software engineering (2017), 195--216.
[9]
William Enck and Laurie Williams. 2022. Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations. IEEE Security & Privacy 20, 2 (March 2022), 96--100.
[10]
Tobias Moritz Guggenberger, Fabian Hunke, Frederik Möller, Anne-Cathrine Eimer, Gerhard Satzger, and Boris Otto. 2021. How to Design IIoT-Platforms Your Partners Are Eager to Join: Learnings from an Emerging Ecosystem. In Innovation Through Information Systems: Volume III: A Collection of Latest Research on Management Issues. Springer, 489--504.
[11]
Martin Hankel and Bosch Rexroth. 2015. The Reference Architectural Model Industrie 4.0 (Rami 4.0). Zvei 2, 2 (2015), 4--9.
[12]
Hicham Lalaoui Hassani, Ayoub Bahnasse, Eric Martin, Christian Roland, Omar Bouattane, and Mohammed El Mehdi Diouri. 2021. Vulnerability and Security Risk Assessment in a IIoT Environment in Compliance with Standard IEC 62443. Procedia Computer Science 191 (2021), 33--40.
[13]
Sharmin Jahan, Allen Marshall, and Rose Gamble. 2018. Self-Adaptation Strategies to Maintain Security Assurance Cases. In 2018 IEEE 12th International Conference on Self-Adaptive and Self-Organizing Systems (SASO). IEEE, Trento, Italy, 180--185.
[14]
Juergen Jasperneite, Thilo Sauter, and Martin Wollschlaeger. 2020. Why We Need Automation Models: Handling Complexity in Industry 4.0 and the Internet of Things. IEEE Industrial Electronics Magazine 14, 1 (March 2020), 29--40.
[15]
Vojdan Kjorveziroski, Cristina Bernad Canto, Pedro Juan Roig, Katja Gilly, Anastas Mishev, Vladimir Trajkovik, and Sonja Filiposka. 2021. IoT Serverless Computing at the Edge: Open Issues and Research Direction. Transactions on Networks and Communications 9, 4 (Dec. 2021), 1--33.
[16]
Yannick Landeck, Dian Balta, Martin Wimmer, and Christian Knierim. 2023. Software in the Manufacturing Industry: A Review of Security Challenges and Implications. In 18th International Conference on Wirtschaftsinformatik.
[17]
Björn Leander, Aida Čaušević, and Hans Hansson. 2019. Applicability of the IEC 62443 Standard in Industry 4.0 / IIoT. In Proceedings of the 14th International Conference on Availability, Reliability and Security. ACM, Canterbury CA United Kingdom, 1--8.
[18]
Shan Li, Muddesar Iqbal, and Neetesh Saxena. 2022. Future Industry Internet of Things with Zero-trust Security. Information Systems Frontiers (March 2022).
[19]
Ralf Luis De Moura, Tiago Monteiro Brasil, Luciana De Landa Ceotto, Alexandre Gonzalez, Luiz Paulo Barreto, and Ludmilla Bassini Werner. 2019. Industrial Internet of Things: Device Management Architecture Proposal. In 2019 International Conference on Computational Science and Computational Intelligence (CSCI). IEEE, Las Vegas, NV, USA, 1174--1178.
[20]
Kelvin Ly and Yier Jin. 2016. Security Challenges in CPS and IoT: From End-Node to the System. In 2016 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). IEEE, Pittsburgh, PA, USA, 63--68.
[21]
Georg Macher, Eric Armengaud, Eugen Brenner, and Christian Kreiner. 2016. Threat and Risk Assessment Methodologies in the Automotive Domain. Procedia Computer Science 83 (2016), 1288--1294.
[22]
Ralf Moura, Luciana Ceotto, Alexandre Gonzalez, and Ricardo Toledo. 2018. Industrial Internet of Things (IIoT) Platforms - An Evaluation Model. In 2018 International Conference on Computational Science and Computational Intelligence (CSCI). IEEE, Las Vegas, NV, USA, 1002--1009.
[23]
Emilio Tissato Nakamura and Sergio Luis Ribeiro. 2018. A Privacy, Security, Safety, Resilience and Reliability Focused Risk Assessment Methodology for IIoT Systems Steps to Build and Use Secure IIoT Systems. In 2018 Global Internet of Things Summit (GIoTS). IEEE, Bilbao, 1--6.
[24]
John O'Raw, David Laverty, and D. John Morrow. 2019. Securing the Industrial Internet of Things for Critical Infrastructure (IIoT-CI). In 2019 IEEE 5th World Forum on Internet of Things (WF-IoT). IEEE, Limerick, Ireland, 70--75.
[25]
Abhijeet C. Panchal, Vijay M. Khadse, and Parikshit N. Mahalle. 2018. Security Issues in IIoT: A Comprehensive Survey of Attacks on IIoT and Its Countermeasures. In 2018 IEEE Global Conference on Wireless Computing and Networking (GCWCN). IEEE, Lonavala, India, 124--130.
[26]
Tobias Pauli, Erwin Fielt, and Martin Matzner. 2021. Digital Industrial Platforms. Business & Information Systems Engineering 63, 2 (April 2021), 181--190.
[27]
Jan Pennekamp, Martin Henze, Simo Schmidt, Philipp Niemietz, Marcel Fey, Daniel Trauth, Thomas Bergs, Christian Brecher, and Klaus Wehrle. 2019. Dataflow Challenges in an Internet of Production: A Security & Privacy Perspective. In Proceedings of the ACM Workshop on Cyber-Physical Systems Security & Privacy - CPS-SPC'19. ACM Press, London, United Kingdom, 27--38.
[28]
Dimitri Petrik and Georg Herzwurm. 2020. Towards the IIoT Ecosystem Development-Understanding the Stakeholder Perspective. (2020).
[29]
Jaco Prinsloo, Saurabh Sinha, and Basie Von Solms. 2019. A Review of Industry 4.0 Manufacturing Process Security Risks. Applied Sciences 9, 23 (Nov. 2019), 5105.
[30]
Akond Rahman, Rezvan Mahdavi-Hezaveh, and Laurie Williams. 2019. A Systematic Mapping Study of Infrastructure as Code Research. Information and Software Technology 108 (April 2019), 65--77.
[31]
Thorsten Rangnau, Remco v. Buijtenen, Frank Fransen, and Fatih Turkmen. 2020. Continuous Security Testing: A Case Study on Integrating Dynamic Security Testing Tools in CI/CD Pipelines. In 2020 IEEE 24th International Enterprise Distributed Object Computing Conference (EDOC). IEEE, Eindhoven, Netherlands, 145--154.
[32]
Benjamin D. Rodes, John C. Knight, and Kimberly S. Wasson. 2014. A Security Metric Based on Security Arguments. In Proceedings of the 5th International Workshop on Emerging Trends in Software Metrics. ACM, Hyderabad India, 66--72.
[33]
João Rosas, Vasco Brito, Luis Brito Palma, and Jose Barata. 2017. Approach to Adapt a Legacy Manufacturing System Into the IoT Paradigm. International Journal of Interactive Mobile Technologies (iJIM) 11, 5 (July 2017), 91.
[34]
John Rushby and Robin Bloomfield. 2022. Assessing Confidence with Assurance 2.0. arXiv:2205.04522 [cs]
[35]
Jayasree Sengupta, Sushmita Ruj, and Sipra Das Bit. 2020. A Comprehensive Survey on Attacks, Security Issues and Blockchain Solutions for IoT and IIoT. Journal of Network and Computer Applications 149 (Jan. 2020), 102481.
[36]
Koen Tange, Michele De Donno, Xenofon Fafoutis, and Nicola Dragoni. 2020. A Systematic Survey of Industrial Internet of Things Security: Requirements and Fog Computing Opportunities. IEEE Communications Surveys & Tutorials 22, 4 (2020), 2489--2520.
[37]
Nilufer Tuptuk and Stephen Hailes. 2018. Security of Smart Manufacturing Systems. Journal of Manufacturing Systems 47 (April 2018), 93--106.
[38]
Renchao Xie, Dier Gu, Qinqin Tang, Tao Huang, and Fei Richard Yu. 2022. Workflow Scheduling in Serverless Edge Computing for the Industrial Internet of Things: A Learning Approach. IEEE Transactions on Industrial Informatics (2022), 1--10.
[39]
Lu Zhou, Kuo-Hui Yeh, Gerhard Hancke, Zhe Liu, and Chunhua Su. 2018. Security and Privacy for the Industrial Internet of Things: An Overview of Approaches to Safeguarding Endpoints. IEEE Signal Processing Magazine 35, 5 (Sept. 2018), 76--87.
[40]
Yuyang Zhou, Guang Cheng, Yuyu Zhao, Zihan Chen, and Shanqing Jiang. 2022. Toward Proactive and Efficient DDoS Mitigation in IIoT Systems: A Moving Target Defense Approach. IEEE Transactions on Industrial Informatics 18, 4 (April 2022), 2734--2744.
Index Terms
- Software in the Manufacturing Industry: Emerging Security Challenge Areas for IIoT Platforms
Recommendations
IIOT Within The Architecture Of The Manufacturing Company
DTMIS '20: Proceedings of the International Scientific Conference - Digital Transformation on Manufacturing, Infrastructure and ServiceThe introduction of the Internet of Things (IoT) in industry can increase the level of production management, increase the speed of managerial decision-making, and provide higher quality products. The article discusses the use of the Industrial Internet ...
Measuring Software Security from the Design of Software
CompSysTech '17: Proceedings of the 18th International Conference on Computer Systems and TechnologiesWith the increasing use of mobile phones in contemporary society, more and more networked computers are connected to each other. This has brought along security issues. To solve these issues, both research and development communities are trying to build ...
Software evaluation in high integrity systems
This paper discusses some of the issues involved in developing and evaluating software intended for security-related systems. Security software meeting the demands of the U.K. certification process can be developed only if the right approach is adopted ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
April 2024
480 pages
ISBN:9798400705014
DOI:10.1145/3639477
- Co-chairs:
- Ana Paiva,
- Rui Abreu,
- Maurício Aniche,
- Nachiappan Nagappan,
- Program Co-chairs:
- Abhik Roychoudhury,
- Margaret Storey
Copyright © 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
- Faculty of Engineering of University of Porto
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 31 May 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
ICSE-SEIP '24
Sponsor:
ICSE-SEIP '24: 46th International Conference on Software Engineering: Software Engineering in Practice
April 14 - 20, 2024
Lisbon, Portugal
Upcoming Conference
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 60Total Downloads
- Downloads (Last 12 months)60
- Downloads (Last 6 weeks)8
Reflects downloads up to 17 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in