Skip to main content
Springer Nature Link
Log in

Novel Maturity Model for Cybersecurity Evaluation in Industry 4.0

  • Conference paper
  • First Online:
Advances in Cyber Security (ACeS 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1487))

Included in the following conference series:

Abstract

The opportunities offered by Industry 4.0 for manufacturing companies are enormous but are in danger of remaining unexploited due to inadequate IT security measures. Increasing networking in the production environment leads to a growing number of attack surfaces that need to be protected by appropriate security measures. The overarching goal of this paper is therefore to provide companies with an easy-to-use tool with which they can self-assess their own cybersecurity maturity level, identify vulnerabilities and, based on this, implement secure, digitally networked production themselves. The Fraunhofer IPT has therefore developed the “Production Security Readiness Check”, which is presented in this article and the result of a study of 28 companies that have carried out the check is highlighted.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Flatt, H., Schriegel, S., Jasperneite, J., Trsek, H., Adamczyk, H.: Analysis of the cyber-security of industry 4.0 technologies based on RAMI 4.0 and identification of requirements. In: 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA). 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA), Berlin, Germany, 06–09 September 2016, pp. 1–4. IEEE (2016). https://doi.org/10.1109/ETFA.2016.7733634

  2. Gatzke, M., Stark, J., Weigelin, L.: Künstliche Intelligenz, Blockchain, 5G und Cyber Physical Security, Wuppertal (2018)

    Google Scholar 

  3. Heinrich, B., Linke, P., Glöckler, M.: Grundlagen Automatisierung. Sensorik, Regelung, Steuerung, 2nd edn. Lehrbuch. Springer Vieweg, Wiesbaden (2017)

    Google Scholar 

  4. Lichtblau, K., et al.: Industrie 4.0-readiness. Aachen, Köln (2015)

    Google Scholar 

  5. Mohr, N., Morawiak, D., Köster, N., Saß, B.: Die Digitalisierung des deutschen Mittelstands (2017)

    Google Scholar 

  6. Bischoff, J., et al.: Erschließen der Potenziale der Anwendung von ‘Industrie 4.0’ im Mittelstand, Mühlheim an der Ruhr (2015)

    Google Scholar 

  7. Meyer, L., Seiz, M.: Industrie 4.0 im Mittelstand, München (2019)

    Google Scholar 

  8. Barth, M., et al.: Spionage, Sabotage, Datendiebstahl – Wirtschaftsschutz in der vernetzten Welt, Berlin (2020)

    Google Scholar 

  9. Hahn, A.: Operational technology and information technology in industrial control systems. In: Colbert, E.J.M., Kott, A. (eds.) Cyber-security of SCADA and Other Industrial Control Systems. AIS, vol. 66, pp. 51–68. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-32125-7_4

    Chapter  Google Scholar 

  10. Forschung und Innovation für die Menschen – Die Hightech-Strategie 2025 (2018). https://www.bmbf.de/upload_filestore/pub/Forschung_und_Innovation_fuer_die_Menschen.pdf. Accessed 17 Mar 2021

  11. Datenstrategie der Bundesregierung. Eine Innovationsstrategie für gesellschaftlichen Fortschritt und nachhaltiges Wachstum, Berlin (2021). https://www.bundesregierung.de/resource/blob/992814/1845634/5bae389896531854c579069f9a699a8f/datenstrategie-der-bundesregie-rung-download-bpa-data.pdf. Accessed 17 Mar 2021

  12. Schneider, F.: IT-Sicherheit 2018: Pflichten für Unternehmen (2018). https://www.cmshs-bloggt.de/tmc/it-recht/it-sicherheit-2018-sicherheit-fuer-unternehmen/. Accessed 17 Mar 2021

  13. IT-Sicherheitsgesetz und Datenschutz-Grundverordnung: Handreichung zum “Stand der Technik“ technischer und organisatorischer Maßnahmen. Revidierte und erweiterte Ausgabe 2018 (2018). https://www.teletrust.de/fileadmin/docs/fachgruppen/ag-stand-der-technik/TeleTrusT-Handreichung_Stand_der_Technik_-_Ausgabe_2018.pdf. Accessed 17 Mar 2021

  14. Schutz Kritischer Infrastrukturen durch IT-Sicherheitsgesetz und UP KRITIS (2017). https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Broschueren/Schutz-Kritischer-Infrastrukturen-ITSig-u-UP-KRITIS.pdf?__blob=publicationFile&v=7. Accessed 17 Mar 2021

  15. IT-Sicherheit für die Industrie 4.0. Produktion, Produkte, Dienste von morgen im Zeichen globalisierter Wertschöpfungsketten. Studie im Auftrag des Bundesministeriums für Wirtschaft und Energie. Abschlussbericht (2016). https://www.bmwi.de/Redaktion/DE/Publikationen/Studien/it-sicherheit-fuer-industrie-4-0.pdf?__blob=publicationFile&v=4. Accessed 17 Mar 2021

  16. Niemann, K.-H., Hoh, M.: Anforderungen an die IT-Sicherheit von Feldgeräten. Schutzlösungen für hoch vernetzte Produktionsanlagen. atp edition 59. Jg., 42–53 (2017)

    Google Scholar 

  17. Live Security Studie 2017/2018. Eine repräsentative Untersuchung von Bitkom Research im Auftrag von F-Secure, Berlin (2018)

    Google Scholar 

  18. Digitalisierung und IT-Sicherheit in deutschen Unternehmen. Eine repräsentative Untersuchung, erstellt von der Bundesdruckerei GmbH in Zusammenarbeit mit KANTAR EMNID, Berlin (2017)

    Google Scholar 

  19. The State of Industrial Cybersecurity 2018 (2018)

    Google Scholar 

  20. VDMA Studie Status Quo der Security in Produktion und Automation, Frankfurt am Main (2013). https://industrialsecurity.vdma.org/viewer/-/v2article/render/26700821. Accessed 17 Mar 2021

  21. Protecting Industrial Control Systems, Heraklion (2011)

    Google Scholar 

  22. DIN EN ISO/IEC 27001:2017-06, Informationstechnik_- Sicherheitsverfahren_- Informationssicherheitsmanagementsysteme_- Anforderungen. Beuth Verlag GmbH, Berlin

    Google Scholar 

  23. BSI-Standard 200-1. Information Security Management Systems (ISMS), Bonn (2017). https://www.bsi.bund.de/EN/Topics/ITGrundschutz/itgrundschutz_node.html. Accessed 6 Aug 2021

  24. BSI-Standard 200-2. IT-Grundschutz-Methodik, Bonn (2017). https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/BSI_Standards/standard_200_2.pdf?__blob=publicationFile&v=2

  25. Cybersecurity Capability Maturity Model (C2M2) (2014). https://www.energy.gov/sites/prod/files/2014/03/f13/C2M2-v1-1_cor.pdf. Accessed 6 Aug 2021

  26. Le, N.T., Hoang, D.B.: Can maturity models support cyber security? In: 2016 IEEE 35th International Performance Computing and Communications Conference (IPCCC), pp. 1–7 (2016)

    Google Scholar 

  27. National Institute of Standards and Technology: Cybersecurity Framework (CSF) (2018). https://www.nist.gov/cyberframework. Accessed 6 Aug 2021

  28. Almuhammadi, S., Alsaleh, M.: Information security maturity model for nist cyber security framework. In: CS & IT-CSCP 2017, pp. 51–62 (2017)

    Google Scholar 

  29. Kosutic, D.: Which one to go with – Cybersecurity Framework or ISO 27001? (2014). https://advisera.com/27001academy/blog/2014/02/24/which-one-to-go-with-cybersecurity-framework-or-iso-27001/. Accessed 6 Aug 2021

  30. Kiesel, R., Heutmann, T., Dering, J., Kies, A., Vollmer, T., Schmitt, R.H.: Cybersecurity in der vernetzten Produktion. Fraunhofer-Institut für Produktionstechnologie IPT, Aachen (2020)

    Google Scholar 

  31. Kiesel, R., Kies, A., Kreppein, A., Schmitt, R.H.: IT-Sicherheit in der vernetzten Produktion. Unzureichende Sicherheitsmaßnahmen gefährden den digitalen Wandel. ZWF Zeitschrift für wirtschaftlichen Fabrikbetrieb (2021)

    Google Scholar 

  32. Schwab, W., Poujol, M.: The State of Industrial Cybersecurity 2018 (2018)

    Google Scholar 

  33. DIN Deutsches Institut für Normung e. V.: DIN EN IEC 62443. IT-Sicherheit für industrielle Automatisierungssysteme. Beuth Verlag GmbH, Berlin. Accessed 2020

    Google Scholar 

  34. Leszczyna, R., Egozcue, E., Tarrafeta, L., Fidalgo Villar, V., Estremera, R., Alonso, J.: Protecting Industrial Control Systems, Heraklion (2011)

    Google Scholar 

  35. Lichtblau, K., Schleiermacher, T., Goecke, H., Schützdeller, P.: Digitalisierung der KMU in Deutschland, Köln (2018)

    Google Scholar 

  36. Icks, A., Schröder, C., Brink, S., Dienes, C., Schneck, S.: Digitalisierungsprozesse von KMU im Verarbeitenden Gewerbe, Bonn (2017)

    Google Scholar 

  37. Security on the Industrial Internet of Things. How companiescan defend themselves against cyber attacks, Bonn (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fraunhofer Institute for Production Technology IPT, Steinbachstr. 17, 52074, Aachen, Germany

    Alexander Kreppein, Alexander Kies & Robert H. Schmitt

  2. Laboratory for Machine Tools and Production Engineering (WZL) of RWTH Aachen University, Campus-Boulevard 30, 52074, Aachen, Germany

    Robert H. Schmitt

Authors
  1. Alexander Kreppein
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander Kies
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Robert H. Schmitt
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alexander Kreppein .

Editor information

Editors and Affiliations

  1. Hodeidah University, Hodeidah, Yemen

    Nibras Abdullah

  2. Universiti Sains Malaysia, Penang, Malaysia

    Selvakumar Manickam

  3. Universiti Sains Malaysia, Penang, Malaysia

    Mohammed Anbar

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kreppein, A., Kies, A., Schmitt, R.H. (2021). Novel Maturity Model for Cybersecurity Evaluation in Industry 4.0. In: Abdullah, N., Manickam, S., Anbar, M. (eds) Advances in Cyber Security. ACeS 2021. Communications in Computer and Information Science, vol 1487. Springer, Singapore. https://doi.org/10.1007/978-981-16-8059-5_12

Download citation

  • DOI: https://doi.org/10.1007/978-981-16-8059-5_12

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-16-8058-8

  • Online ISBN: 978-981-16-8059-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics