Abstract
Contemporary business (including those with integrated AI capabilities) often encompasses or aspires towards the automated, networked production of industrial goods across transnational supply chains that have many digitalized interfaces. This allows competitive operations in time, costs, and quality, which have been widely discussed. On the downside, it entails cyber threats with significant risks for society in areas including business, environment, and health. Hence, to adequately manage these risks in the emerging digital world, there is a vital necessity to raise awareness, establish, maintain, and further develop cyber-security measures to ensure an appropriate level of protection along the entire value chain and supply chain. Blockchain capabilities are introduced to improve the technical and organizational basis for secured operations in industrial networks. Its advantages are explained by a simple USB-device use case, that has often been the root cause to subsequent security incidents, especially in the Stuxnet incident.
Similar content being viewed by others
Notes
Technically, this is achieved by writing each entry into a block linked to the previous block containing a link to all previously written entries. Hence the name blockchain.
Physical Unclonable Functions (PUFs) empower the realization of a hardware identifier. Due to the unique physical properties of the hardware implementation, PUFs are unclonable. The replication of a PUF would require replication of the hardware material at a level of granularity that is currently considered to be technically infeasible.
References
Arampatzis A (2018) USB threats to cybersecurity of industrial facilities. https://www.tripwire.com/state-of-security/ics-security/usb-threats-cybersecurity-industrial/. Accessed 25 Feb 2019
Avraham I, Ray K, Williams M, Wooten DR (2019) United States Patent No. US7761618 B2, July 20, 2010. http://patentimages.storage.googleapis.com/pdfs/US7761618.pdf. Accessed 10 Feb 2019
Bodeau D, Graubart R (2017) Cyber resiliency design principles. Technical report. The MITRE Corporation. https://www.mitre.org/publications/technical-papers/cyber-resiliency-design-principles. Accessed 27 Jan 2018
Boschert S, Rosen R (2016) Digital twin—the simulation aspect. Springer, Berlin, pp 59–74
Brown G (2011) Why Iran didn’t admit Stuxnet was an attack. JFQ (63). SSRN. https://ssrn.com/abstract=2485181. Accessed 19 Feb 2019
Honeywell Process Solutions (2018) Honeywell Industrial USB Threat Report: Universal Serial Bus (USB) threat vector trends and implications for industrial operators. https://honeywellprocess.blob.core.windows.net/public/Support/Customer/Honeywell-USB-Threat-Report.pdf. Accessed 18 Feb 2019
Huang J, Nicol DM (2013) Trust mechanisms for cloud computing. J Cloud Comput. https://doi.org/10.1186/2192-113X-2-9
ISA (2016) The 62443 series standards—industrial automation and control system security. Revised December 2016. https://cdn2.hubspot.net/hubfs/3415072/Resources/The%2062443%20Series%20of%20Standards.pdf
Jansen WA (2011) Cloud hooks: security and privacy issues in cloud computing. In: 44th Hawaii international conference on systems science (HICSS-44). IEEE Computer Society, Koloa, Kauai, HI, USA, pp 1–10. https://doi.org/10.1109/HICSS.2011.103
Jansen C, Jeschke S (2018) Mitigating risks of digitization through managed industrial security services. AI Soc 33(2):163–173. https://doi.org/10.1007/s00146-018-0812-1
Kiayias A, Russell A, David B, Oliynykov R (2017) Ouroboros: a provably secure proof-of-stake blockchain protocol. In: Advances in cryptology—CRYPTO 2017–37th annual international cryptology conference, Santa Barbara, CA, USA, August 20–24, 2017. Proceedings, Part I, pp 357–388. https://doi.org/10.1007/978-3-319-63688-7_12
Kotla R, Alvisi L, Dahlin M, Clement A, Wong EL (2009) Zyzzyva: speculative byzantine fault tolerance. ACM Trans Comput Syst 27(4):7:1–7:39. https://doi.org/10.1145/1658357.1658358
Lamport L (2011) Byzantizing Paxos by refinement. In: Distributed computing—25th international symposium, DISC 2011, Rome, Italy, September 20–22, 2011. Proceedings, pp 211–224. https://doi.org/10.1007/978-3-642-24100-0_22
Lamport L, Shostak R, Pease M (1982) The byzantine generals problem. ACM Trans Program Lang Syst 4(3):382–401
Langer R (2011) Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur Priv 9(3):49–51. https://doi.org/10.1109/MSP.2011.67
Langer R (2013) To kill a centrifuge—a technical analysis of what Stuxnet’s creators tried to achieve. https://www.langner.com/wp-content/uploads/2017/03/to-kill-a-centrifuge.pdf. Accessed 20 Feb 2019
Lees M, Crawford M, Jansen C (2018) Towards industrial cybersecurity resilience of multinational corporations. IFAC PapersOnLine 51(31):756–761. https://doi.org/10.1016/j.ifacol.2018.11.201 (Proceedings of the IFAC international conference on international stability, technology and culture, Baku, Azerbaijan)
Matrosov A, Rodionov E, Harley D, Malcho J (2019) Stuxnet under the microscope. http://daveschull.com/wp-content/uploads/2015/05/Stuxnet_Under_the_Microscope.pdf. Accessed 18 Feb 2019
McAfee (2019) The economic impact of cybercrime—no slowing down. https://www.mcafee.com/enterprise/en-us/assets/executive-summaries/es-economic-impact-cybercrime.pdf. Accessed 18 Feb 2019
Nakamoto S (2008) A peer-to-peer electronic cash system. White paper
Ponemon (2018) 2018 Cost of a data breach study. https://www.ibm.com/security/data-breach?ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US. Accessed 25 Feb 2019
Stouffer K, Pillitteri V, Lightman S, Abrams M, Hahn A (2015) Guide to industrial control systems (ICS) security. http://dx.doi.org/10.6028/NIST.SP.800-82r2. Accessed 21 May 2018
Tischer M, Durumeric Z, Foster S, Duan S, Mori A, Burstein E, Bailey M (2016) Users really do plug in USB drives they find. In: IEEE symposium on security and privacy (SP). IEEE Computer Society, San Jose, CA, pp 306–319. https://doi.org/10.1109/SP.2016.26
Acknowledgements
The first author’s work is supported by the EU H2020 project FENTEC (Grant no. 780108). The authors would also like to thank the management of Carlton & United Breweries for permission to publish this work.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Gajek, S., Lees, M. & Jansen, C. IIoT and cyber-resilience. AI & Soc 36, 725–735 (2021). https://doi.org/10.1007/s00146-020-01023-w
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00146-020-01023-w