Skip to main content

Advertisement

Springer Nature Link
Log in

A Secure Method for Industrial IoT Development

  • Original Research
  • Published:
SN Computer Science Aims and scope Submit manuscript

Abstract

Due to the wide scope of technical issues involved, IIoT projects require Systems Development Methods (SDMs) to deal with the entire complex process. With so many issues to solve, security is often left until the main functional pillars have already been established. Thus, the security standards for IIoT and IoT SDMs are not fully integrated, which leads to projects that do not meet the security-by-Design requirement. In this article, we present IgniteSec, a new method that combines the Ignite System Development Method with the security standard for industrial systems NIST 800-82. The case study carried out with IgniteSec shows that, by uniting these two fronts from the first stages, the project arrives at the software design stage with the important functional and security elements well integrated into the design and in compliance with security standard.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Source [24]

Fig. 2
Fig. 3

Source [24]

Fig. 4

Source [24]

Fig. 5

Similar content being viewed by others

References

  1. Middleton P, Velosa A, Biscotti F. Forecast analysis: enterprise IoT platforms, worldwide. Gartner Res. 2020. https://www.gartner.com/en/documents/3983783/forecast-analysis-enterprise-iot-platforms-worldwide. Accessed in 18 June 2021.

  2. Fahmideh M, Zowghi D. An exploration of IoT platform development. Inf Syst. 2020. https://doi.org/10.1016/j.is.2019.06.005.

    Article  Google Scholar 

  3. Hassan QF, Madani SA, Morrish J, Bhatnagar RM. Internet of Things: challenges, advances, and applications. Boca Raton: Taylor & Francis Group; 2018.

    Google Scholar 

  4. Tekinerdoğan B, Tüzün E, Giray G. IoT system development methods, Book chapter. Boca Raton: Taylor & Francis Group; 2018. https://doi.org/10.1201/9781315155005.

    Book  Google Scholar 

  5. Positive Technologies. ICS vulnerabilities: 2018 in review. Accessed in: https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ICS-vulnerabilities-2019-eng.pdf.

  6. Yaacoub JA, Salman O, Noura HN, Kaaniche N, Chehab A, Malli M. Cyber-physical systems security: limitations, issues and future trends. Microprocess Microsyst. 2020;77:103201. https://doi.org/10.1016/j.micpro.2020.103201.

    Article  Google Scholar 

  7. Trinca Ann Y, Vishik C, Matsubara M, Plonk A. Key concepts in cyber security: towards a common policy and technology context for cyber security norms. Tallinn: NATO CCD COE Publications; 2016.

    Google Scholar 

  8. Thomas RJ, Chothia T, et al. Learning from Vulnerabilities–categorising, understanding and detecting weaknesses in industrial control systems. In: Katsikas S, et al., editors. Computer security. CyberICPS 2020, SECPRE 2020, ADIoT 2020. Lecture notes in computer science, vol. 12501. Cham: Springer; 2020. https://doi.org/10.1007/978-3-030-64330-0_7.

    Chapter  Google Scholar 

  9. Jacobson I, Spence I, Pan-Wei N. Is there a single method for the Internet of Things? Acm Queue. 2017. https://doi.org/10.1145/3121437.3123501.

    Article  Google Scholar 

  10. Leszczyna R. Approaching secure industrial control systems. ET Inf Secur. 2014;9(1):81–9. https://doi.org/10.1049/iet-ifs.2013.0159.

    Article  Google Scholar 

  11. Zambonelli F. Key abstractions for IoT-oriented software engineering. IEEE Softw IEEE. 2017;34(1):38–45. https://doi.org/10.1109/MS.2017.3.

    Article  Google Scholar 

  12. Patel P, Cassou D. Enabling high-level application development for the Internet of Things. J Syst Softw 2015;103:62–84. arXiv:1501.05080.

  13. Fortino G, Rango F, Russo W. ELDAMeth design process. In: Cossentino M, Hilaire V, Molesini A, Seidita V, editors. Handbook on AgentOriented Design Processes. Heidelberg: Springer, Berlin; 2014. p. 115–39.

    Chapter  Google Scholar 

  14. Fortino G, Guerrieri A, Russo W, Savaglio C. Towards a development methodology for smart object-oriented IoT systems: a metamodel approach. In: IEEE International Conference on Systems, Man, and Cybernetics, Hong Kong, China, 2015, p. 1297–302. https://doi.org/10.1109/SMC.2015.231.

  15. Giray G, Tekinerdogan B. Situational method engineering for constructing Internet of Things development methods. In: Business Modeling and Software Design—8th International Symposium, BMSD 2018, Proceedings, vol. 319. Springer. p. 221–239. https://doi.org/10.1007/978-3-319-94214-8_14.

  16. IoT methodology—the Internet of Things project lifecycle guide for creative, technical and business people. http://www.iotmethodology.com/. Accessed in 02 Feb 2022.

  17. Merzouk S, Elhadi S, Cherkaoui A, Marzak A, Sael N. Agile software development: comparative study. SSRN Electron J. 2018. https://doi.org/10.2139/ssrn.3186323.

    Article  Google Scholar 

  18. Knaster R. SAFe 4.0 distilled: applying the scaled agile framework for lean software and systems engineering. Boston: Addison-Wesley; 2017.

    Google Scholar 

  19. Sahoo KS, Tiwary M, Luhach AK, Nayyar A, Choo KKR, Bilal M. Demand-Supply based economic model for resource provisioning in industrial loT traffic. IEEE Internet of Things Journal. 2021;. https://doi.org/10.1109/JIOT.2021.3122255.

    Article  Google Scholar 

  20. Merzouk S, Cherkaoui A, Marzak A, Nawal S. IoT methodologies: comparative study. Procedia Comput Sci. 2020;175:585–90. https://doi.org/10.1016/j.procs.2020.07.084 (ISSN 1877-0509).

    Article  Google Scholar 

  21. International Society of Automation. New ISA/IEC 62443 standard specifies security capabilities for control system components. 2019. https://www.isa.org/intech-plus/2019/may/new-isa-iec-62443-standard-specifies-security-capa.

  22. International Organization for Standardization. Information technology—security techniques—information security management systems—overview and vocabulary. Fifth edition, 2018-02. https://www.iso.org/standard/73906.html.

  23. Stouffer K, Lightman S, Pillitteri V, Abrams M, Hahn A. Guide to industrial control systems (ICS) security. NIST Special Publication, vol. 800, no. 82 Revision 2, p. 1–247, 2015.

  24. Slama D, Puhlmann F, Morrish J, Bhatnagar RM. Enterprise IoT: strategies and best practices for connected products and services. Sebastopol: O’Reilly Media, Inc.; 2016.

    Google Scholar 

  25. Object Management Group. Business process model and notation. https://www.bpmnquickguide.com/view-bpmn-quick-guide/.

  26. Joint Task Force. Risk management framework for information systems and organizations: a system life cycle approach for security and privacy. NIST Special Publication, vol. 800, no. 37 Revision 2, p. 1–183, 2018. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf.

  27. Rainer R, Marshall T, Knapp K, Montgomery G. Do information security professionals and business managers view information security issues differently? Inf Syst Secur. 2007;16(2):100–8. https://doi.org/10.1080/10658980701260579.

    Article  Google Scholar 

  28. Labrado C, Thapliyal H, Prowell S, Kuruganti T. Use of thermistor temperature sensors for cyber-physical system security. Sensors (Basel, Switzerland). 2019;19(18):3905. https://doi.org/10.3390/s19183905.

    Article  Google Scholar 

  29. Rocio P, Diego-Mas J, Leon-Medina D. Measuring the project management complexity: the case of information technology projects. complexity, Hindawi, vol 2018, Article ID 6058480, 19 pages. https://doi.org/10.1155/2018/6058480.

  30. Sophia Antipolis. European Parliament makes eCall mandatory from 2018. 7 May 2015.https://www.etsi.org/newsroom/news/960-2015-05-european-parliament-makes-ecall-mandatory-from-2018.

  31. Economic and Social Council—United Nations, proposal for new regulation no. XXX on accident emergency call systems (AECS). 2017. https://unece.org/DAM/trans/doc/2017/wp29/ECE-TRANS-WP29-2017-132e.pdf.

  32. Le VH, den Hartog J, Zannone N. Security and privacy for innovative automotive applications: a survey. Comput Commun. 2018;132:17–41. https://doi.org/10.1016/j.comcom.2018.09.010 (ISSN 0140-3664).

    Article  Google Scholar 

  33. ŽabenskýRadomír J, Ščurek R, Jeremy Toh WH. Experimental verification of selected risk factors disrupting eCall system function. Trans VŠB Tech Univ Ostrava Saf Eng Ser. 2015. http://dx.doi.org/10.1515/tvsbses-2015-0003.

Download references

Author information

Authors and Affiliations

  1. ITA: Instituto Tecnologico de Aeronautica, Sao José dos Campos, Brazil

    Sebastiao Beethoven Brandao Filho & Cecilia de Azevedo Castro Cesar

Authors
  1. Sebastiao Beethoven Brandao Filho
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Cecilia de Azevedo Castro Cesar
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Cecilia de Azevedo Castro Cesar.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical approval

This paper does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Brandao Filho, S.B., Cesar, C.d.C. A Secure Method for Industrial IoT Development. SN COMPUT. SCI. 3, 173 (2022). https://doi.org/10.1007/s42979-022-01061-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s42979-022-01061-9

Keywords