Zsolt Bederna
ABSTRACT
Industrial automatization and robotization make the manufacturing and all industrial processes more effective and robust. Industrial control systems consist of many specific computer-based elements, behaving somewhat differently than business IT. They can be used in many sectors and, from the regulatory aspect, might be controlled by more EU regulations. The NIS Directive currently has the base role of prescribing the obligation for Member States to address cybersecurity issues. However, in spite of security controls, threat actors try to compromise ICT services and infrastructure, causing confidentiality, integrity, or availability-related security incidents. These attacks may cause not only financial loss but also more complex effects may arise, as analyzed in the paper.
- F. Webster, “What information society?,” Information Society, 1994, doi: 10.1080/01972243.1994.9960154.Google Scholar
Cross Ref
- European Union, “Information society.” https://eur-lex.europa.eu/summary/glossary/information_society.html (accessed Dec. 09, 2020).Google Scholar
- D. T. Kuehl, “From Cyberspace to Cyberpower: Defining the Problem,” in Cyberpower and National Security, Potomac Books and National Defense Univerity, 2009, pp. 24–42. doi: 10.2307/j.ctt1djmhj1.7.Google ScholarCross Ref
- M. Ryba, “The role of ICT components in the functioning of critical infrastructure,” in Critical Infrastructure Security - the ICT Dimension, J. Świątkowska, Ed. Kraków: The Kosciuszko Institute, 2014, pp. 59–62.Google Scholar
- M. Lom and O. Pribyl, “Smart city model based on systems theory,” International Journal of Information Management, 2020, doi: 10.1016/j.ijinfomgt.2020.102092.Google ScholarDigital Library
- V. Roblek, M. Meško, and A. Krapež, “A Complex View of Industry 4.0,” SAGE Open, vol. 6, no. 2, 2016, doi: 10.1177/2158244016653987.Google ScholarCross Ref
- K. Shirase and K. Nakamoto, “Simulation technologies for the development of an autonomous and intelligent machine tool,” International Journal of Automation Technology, vol. 7, no. 1, 2013, doi: 10.20965/ijat.2013.p0006.Google ScholarCross Ref
- K. D. Thoben, S. A. Wiesner, and T. Wuest, “‘Industrie 4.0’ and smart manufacturing-a review of research issues and application examples,” International Journal of Automation Technology, vol. 11, no. 1. 2017. doi: 10.20965/ijat.2017.p0004.Google ScholarCross Ref
- L. Monostori , “Cyber-physical systems in manufacturing,” CIRP Annals, vol. 65, no. 2, 2016, doi: 10.1016/j.cirp.2016.06.005.Google ScholarCross Ref
- P. Ackerman, Industrial Cybersecurity, no. 11. 2017.Google ScholarDigital Library
- Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. 2016, p. 1. [Online]. Available: http://data.europa.eu/eli/dir/2016/1148/ojGoogle Scholar
- V. Alcácer and V. Cruz-Machado, “Scanning the Industry 4.0: A Literature Review on Technologies for Manufacturing Systems,” Engineering Science and Technology, an International Journal, vol. 22, no. 3, pp. 899–919, Jun. 2019, doi: 10.1016/j.jestch.2019.01.006.Google ScholarCross Ref
- Y. Lu, “Industry 4.0: A survey on technologies, applications and open research issues,” J Ind Inf Integr, vol. 6, pp. 1–10, Jun. 2017, doi: 10.1016/j.jii.2017.04.005.Google ScholarCross Ref
- A. Ustundag and E. Cevikcan, Industry 4.0: Managing The Digital Transformation. Cham: Springer International Publishing, 2018. doi: 10.1007/978-3-319-57870-5.Google ScholarCross Ref
- D. P. Perales, F. A. Valero, and A. B. García, “Industry 4.0: A Classification Scheme,” 2018, pp. 343–350. doi: 10.1007/978-3-319-58409-6_38.Google ScholarCross Ref
- T. Usländer and C. Thomalla, “Risks of industrie 4.0 - An information technology perspective,” 2016.Google Scholar
- Y. Lu, “Industry 4.0: A survey on technologies, applications and open research issues,” Journal of Industrial Information Integration, vol. 6. 2017. doi: 10.1016/j.jii.2017.04.005.Google ScholarCross Ref
- E. Knapp, Industrial network security: Securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems. 2011. doi: 10.1016/B978-1-59749-645-2.00024-0.Google ScholarCross Ref
- A. K. Majumdar, Optical wireless communications for broadband global internet connectivity: Fundamentals and potential applications. 2018. doi: 10.1016/C2016-0-02116-2.Google ScholarCross Ref
- H. Boyes, B. Hallaq, J. Cunningham, and T. Watson, “The industrial internet of things (IIoT): An analysis framework,” Computers in Industry, vol. 101, 2018, doi: 10.1016/j.compind.2018.04.015.Google ScholarCross Ref
- M. Resman, M. Pipan, M. Šimic, and N. Herakovič, “A new architecture model for smart manufacturing: A performance analysis and comparison with the RAMI 4.0 reference model,” Advances in Production Engineering And Management, vol. 14, no. 2, 2019, doi: 10.14743/apem2019.2.318.Google ScholarCross Ref
- B. Lydon, “RAMI 4.0 reference architectural model for Industrie 4.0,” InTech, vol. 66, no. 2, 2019.Google Scholar
- B. Karabacak, S. O. Yildirim, and N. Baykal, “A vulnerability-driven cyber security maturity model for measuring national critical infrastructure protection preparedness,” International Journal of Critical Infrastructure Protection, vol. 15, 2016, doi: 10.1016/j.ijcip.2016.10.001.Google ScholarCross Ref
- Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. 2008, p. 75. [Online]. Available: http://data.europa.eu/eli/dir/2008/114/ojGoogle Scholar
- S. Kumar, A. K. Singh, and M. A. Kalam, “Intelligent electronic device functionality and interfacing: An experimental examination of smart grid,” International Journal of Recent Technology and Engineering, vol. 8, no. 2 Special Issue 11, 2019, doi: 10.35940/ijrte.B1523.0982S1119.Google ScholarCross Ref
- M. Ghobakhloo and M. Fathi, “Industry 4.0 and opportunities for energy sustainability,” Journal of Cleaner Production, vol. 295, 2021, doi: 10.1016/j.jclepro.2021.126427.Google ScholarCross Ref
- M. O. Alabi, A. Telukdarie, and N. J. van Rensburg, “Water 4.0: An Integrated Business Model from an Industry 4.0 Approach,” 2019. doi: 10.1109/IEEM44572.2019.8978859.Google ScholarCross Ref
- L. Barreto, A. Amaral, and T. Pereira, “Industry 4.0 implications in logistics: an overview,” Procedia Manufacturing, vol. 13, 2017, doi: 10.1016/j.promfg.2017.09.045.Google ScholarCross Ref
- B. Mekinjić, “THE IMPACT OF INDUSTRY 4.0 ON THE TRANSFORMATION OF THE BANKING SECTOR,” JOURNAL OF CONTEMPORARY ECONOMICS, vol. 1, no. 1, 2019, doi: 10.7251/joce1901006m.Google ScholarCross Ref
- J. Al-Jaroodi, N. Mohamed, and E. Abukhousa, “Health 4.0: On the Way to Realizing the Healthcare of the Future,” IEEE Access, vol. 8, 2020, doi: 10.1109/ACCESS.2020.3038858.Google ScholarCross Ref
- H. Misra, “Analogue to Digital with Exchange 4.0.” https://www.hedgethink.com/analogue-digital-exchange-4-0/ (accessed Mar. 12, 2022).Google Scholar
- Regulation (EU) No 910/2014 of the European Parliament and the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. 2014, p. 73. [Online]. Available: http://data.europa.eu/eli/reg/2014/910/ojGoogle Scholar
- Directive (EU) 2015/2366. 2015, p. 35. [Online]. Available: http://data.europa.eu/eli/dir/2015/2366/ojGoogle Scholar
- Regulation (EU) 2016/679. 2016, p. 1. [Online]. Available: http://data.europa.eu/eli/reg/2016/679/ojGoogle Scholar
- Z. Bederna and Z. Rajnai, “Analysis of the cybersecurity ecosystem in the European Union,” International Cybersecurity Law Review, vol. 3, pp. 35–49, 2022, doi: 10.1365/s43439-022-00048-9.Google ScholarCross Ref
- ENISA, “Industry 4.0 cybersecurity: Challanges & Recommendations,” 2019.Google Scholar
- C. Kohler, “The EU Cybersecurity Act and European standards: an introduction to the role of European standardization,” International Cybersecurity Law Review, vol. 1, no. 1–2, pp. 7–12, Oct. 2020, doi: 10.1365/s43439-020-00008-1.Google ScholarCross Ref
- D. Rehak and M. Hromada, “Failures in a Critical Infrastructure System,” in System of System Failures, 2018. doi: 10.5772/intechopen.70446.Google ScholarCross Ref
- S. M. Rinaldi, J. P. Peerenboom, and T. K. Kelly, “Identifying, understanding, and analyzing critical infrastructure interdependencies,” IEEE Control Systems Magazine, 2001, doi: 10.1109/37.969131.Google ScholarCross Ref
- R. von Roessing, “The ISACA Business Model for Information Security: An Integrative and Innovative Approach,” in ISSE 2009 Securing Electronic Business Processes, P. N., R. H., and S. W., Eds. Vieweg+Teubner, 2010. doi: 10.1007/978-3-8348-9363-5_4.Google ScholarCross Ref
- S. Prawesh, K. Chari, and M. Agrawal, “Industry Norms as Predictors of IT Outsourcing Behaviors,” International Journal of Information Management, 2021, doi: 10.1016/j.ijinfomgt.2020.102242.Google ScholarDigital Library
- S. Y. Ponomarov and M. C. Holcomb, “Understanding the concept of supply chain resilience,” The International Journal of Logistics Management, 2009, doi: 10.1108/09574090910954873.Google ScholarCross Ref
- Z. Bederna and T. Szadeczky, “Cyber espionage through Botnets,” Security Journal, vol. 33, pp. 43–62, 2019, doi: 10.1057/s41284-019-00194-6.Google ScholarCross Ref
- Z. Bederna and T. Szádeczky, “Effects of botnets – a human-organisational approach,” Security and Defence Quarterly, 2021, doi: 10.35467/sdq/138588.Google ScholarCross Ref
- IBM, “X-Force Threat Intelligence Index 2022,” Feb. 2022. https://www.ibm.com/downloads/cas/ADLMYLAZ (accessed Mar. 12, 2022).Google Scholar
- Z. Bederna, Z. Rajnai, and T. Szadeczky, “Attacks against energy, water and other critical infrastructure in the EU,” 2020. doi: 10.1109/CANDO-EPE51100.2020.9337751.Google ScholarCross Ref
- A. Teixeira, F. Kupzog, H. Sandberg, and K. H. Johansson, “Cyber-Secure and Resilient Architectures for Industrial Control Systems,” in Smart Grid Security: Innovative Solutions for a Modernized Grid, 2015. doi: 10.1016/B978-0-12-802122-4.00006-7.Google ScholarCross Ref
- G. McDonald, L. O. Murchu, S. Doherty, and E. Chien, “Stuxnet 0.5: The Missing Link,” Feb. 26, 2013. https://docs.broadcom.com/doc/stuxnet-missing-link-13-en (accessed Mar. 13, 2022).Google Scholar
- M. F. P. Services and M. Labs, “Global Energy Cyberattacks: ‘Night Dragon,’” 2011. https://securingtomorrow.mcafee.com/wp-content/uploads/2011/02/McAfee_NightDragon_wp_draft_to_customersv1-1.pdf (accessed Oct. 02, 2019).Google Scholar
- W. Ashford, “Exxon, Shell, BP hacked in Night Dragon attacks,” ComputerWeekly.com, 2011.Google Scholar
- Symantec, “Emerging Threat: Dragonfly / Energetic Bear – APT Group,” 2013. https://www.symantec.com/connect/blogs/emerging-threat-dragonfly-energetic-bear-apt-group (accessed Oct. 03, 2019).Google Scholar
- E-ISAC, “Analysis of the Cyber Attack on the Ukrainian Power Grid,” 2016.Google Scholar
- S. Y. Pickering and P. B. Davies, “Cyber Security of Nuclear Power Plants: US and Global Perspectives,” Georgetown Journal of International Affairs, Jan. 22, 2021. https://gjia.georgetown.edu/2021/01/22/cyber-security-of-nuclear-power-plants-us-and-global-perspectives/ (accessed Jun. 01, 2022).Google Scholar
- N. Newman, “Cyber pirates terrorising the high seas,” E&T., Apr. 18, 2019.Google Scholar
- ENISA, “WannaCry Ransomware Outburst,” 2017. https://www.enisa.europa.eu/publications/info-notes/wannacry-ransomware-outburst (accessed Oct. 03, 2019).Google Scholar
- N. A. Office, “Investigation: WannaCry cyber attack and the NHS,” 2017. https://www.nao.org.uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-and-the-NHS.pdf (accessed Mar. 15, 2019).Google Scholar
- ZDNet, “First death reported following a ransomware attack on a German hospital,” Sep. 17, 2020.Google Scholar
- M. Antonakakis , “Understanding the Mirai Botnet,” USENIX Security, 2017, doi: 10.1016/j.religion.2008.12.001.Google ScholarCross Ref
- Waldrappteam, “IMPEL Water Crimes Workshop,” Accessed July, vol. 29, p. 2019, 2018, [Online]. Available: http://waldrapp.eu/science/conference-crete-2018/wp-content/uploads/2018/11/2018-Water-Crimes-Workshop-Report.pdfGoogle Scholar
Index Terms
- Industry 4.0-based critical infrastructure and the NIS Directive
Recommendations
Cyber Security Incidents on Critical Infrastructure and Industrial Networks
ICCAE '17: Proceedings of the 9th International Conference on Computer and Automation EngineeringNational critical infrastructure and industrial processes are heavily reliant on automation, monitoring and control technologies, including the widely used Supervisory Control and Data Acquisition (SCADA) systems. The growing interconnection of these ...
Requirements and Challenges for Digital Forensic Readiness in Industrial Automation and Control Systems
IEIM 2022: 2022 The 3rd International Conference on Industrial Engineering and Industrial ManagementIndustrial automation and control systems (IACS) are vital components in various industries. Incidents in the past, highlighted the magnitude of impacts arising from attacks, such as disruptions of power supply or in manufacturing plants. In order to ...
Cyber In-security of Industrial Control Systems: A Societal Challenge
SAFECOMP 2015: Proceedings of the 34th International Conference on Computer Safety, Reliability, and Security - Volume 9337Our society and its citizens increasingly depend on the undisturbed functioning of critical infrastructures CI, their products and services. Many of the CI services as well as other organizations use Industrial Control Systems ICS to monitor and control ...
Comments