Abstract
Industry 4.0 adoption demands integrability, interoperability, composability, and security. Currently, integrability, interoperability and composability are addressed by next-generation approaches for enterprise systems integration such as model-based standards, ontology, business process model life cycle management and the context of business processes. Security is addressed by conducting risk management as a first step. Nevertheless, security risks are very much influenced by the assets that the business processes are supported. To this end, this paper proposes an approach for automated risk estimation in smart sensor environments, called ARES, which integrates with the business process model life cycle management. To do so, ARES utilizes standards for platform, vulnerability, weakness, and attack pattern enumeration in conjunction with a well-known vulnerability scoring system. The applicability of ARES is demonstrated with an application example that concerns a typical case of a microSCADA controller and a prototype tool called Business Process Cataloging and Classification System. Moreover, a computer-aided procedure for mapping attack patterns-to-platforms is proposed, and evaluation results are discussed revealing few limitations.
Highlights
The fourth industrial revolution, commonly referred to as Industry 4.0, seeks to achieve self-aware, self-optimized manufacturing systems by applying service-oriented architecture to connect data analytics, digital contents, physical devices, and smart sensors across the supply network [1,2,3,4].the adoption of Industry 4.0 presents many significant technical challenges [5], including integrability, interoperability, composability, and security [6,7,8]
According to National Institute of Standards and Technology (NIST), both risk risk assessment are conducted at three tiers: (i) organization; (ii) mission/business process; and (iii) management and risk assessment are conducted at three tiers: (i) organization; (ii) mission/business information systems tier, as depicted in Figure 1 [14,23]
To enable the discovery of Common Platform Enumeration” (CPE), we extended the Business Process Context (BPC), as defined by the Business Process Cataloging and Classification System (BPCCS) (Figure 8)
Summary
The fourth industrial revolution, commonly referred to as Industry 4.0, seeks to achieve self-aware, self-optimized manufacturing systems by applying service-oriented architecture to connect data analytics, digital contents, physical devices, and smart sensors across the supply network [1,2,3,4]. Numerous well-known risk assessment methodologies have been developed, proposed, and evaluated through different criteria [15], such as the OCTAVE [16] and MAGERIT [17] Existing works, such as in [18], proposed the concept of business processes and the dependencies among them towards the estimation of the cascading risk. Business Process Context (BPC), which is a set of meta-data about a business process model, was specified as an important component in the BPM LCM that drives the risk assessment automation [13].
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have