Figure 2 - uploaded by Simon Liebl
Content may be subject to copyright.
Threat Sources.

Threat Sources.

Source publication
Conference Paper
Full-text available
As part of the Internet of Things, industrial devices are now also connected to cloud services. However, the connection to the Internet increases the risks for Industrial Control Systems. Therefore, a threat analysis is essential for these devices. In this paper, we examine Industrial Internet of Things devices, identify and rank different sources...

Context in source publication

Context 1
... what capabilities attackers have, i.e., how many skills and financial resources are available to them. Figure 2 classifies nine threat sources accordingly. In the following section, each source is described in detail. ...

Citations

... However, interfacing Information Technology (i.e., information or data management) and Operation Technology (i.e., physical devices and processes) domains using internet technologies for horizontal and vertical integration can expose new cyber-attack surfaces. Figure 1 illustrates adversaries' intent to select a target, and their capabilities like skills and financial resources for cyber attacking an Industrial Internet of Things (IIoT) ecosystem [5]. Stuxnet, Saudi Aramco attack, cryptocurrency malware, Tridium Niagara framework attack, and Ukrainian Power Grid attack are some of the successful attacks in recent years that devastated critical operations [6]. ...
Preprint
Full-text available
Secure and efficient communication to establish a seamless nexus between the five levels of a typical automation pyramid is paramount to Industry 4.0. Specifically, vertical and horizontal integration of these levels is an overarching requirement to accelerate productivity and improve operational activities. Vertical integration can improve visibility, flexibility, and productivity by connecting systems and applications. Horizontal integration can provide better collaboration and adaptability by connecting internal production facilities, multi-site operations, and third-party partners in a supply chain. In this paper, we propose an Edge-computing-based Industrial Gateway for interfacing information technology and operational technology that can enable Industry 4.0 vertical and horizontal integration. Subsequently, we design and develop a working prototype to demonstrate a remote production-line maintenance use case with a strong focus on security aspects and the edge paradigm to bring computational resources and data storage closer to data sources.
... The implementation of GIIoT has resulted from the fast changes in the environment caused by hazardous waste, as well as the realization of the devastating effect of these changes (Tabaa et al., 2020). GIIoT is dedicated to minimizing environmental pollution and energy waste and maximizing resource use and technical services (Liebl, 2020). According to sustainability goals and the growing relevance of environmental responsibility in business, GIIoT will improve an organization's ability to monitor, manage, and improve its performance. ...
Article
To meet environmental performance (EP) goals, this study aims to identify the complex interaction between green Industrial Internet of Things (GIIoT), circular economic practices (CEPs), and dynamic capabilities (DC). This study analyzes how technological, operational, and cultural compatibilities enhance GIIoT adoption. Data were collected from diverse Chinese manufacturing firms (n=339) through a quantitative survey. The research model was proposed, and hypotheses were tested using structural equation modeling. Moreover, the robustness of the structural model is further tested using Fuzzy Set Qualitative Comparative Analysis and Importance-Performance Map Analysis. The empirical results indicate that higher organizational compatibilities boost GIIoT adoption and EP. DC was assessed as a higher-order construct to examine its mediation of GIIoT adoption and EP. DC positively mediates GIIoT adoption-EP. Similarly, CEP’s positive impact on EP, partially mediating the relationship between GIIoT adoption and EP, has also been proved. This research bridges current understanding and contributes useful insights for fostering environmental sustainability inside manufacturing firms and advances the theoretical understanding of technology adoption, sustainable development, and dynamic capacity theory. It illuminates the way forward to harmonize and successfully integrate technology, CEP, and EP. This research advances the area and gives decision-makers practical advice for creating sustainable and technologically sophisticated organizations.
... The race for the shortest time to market also led to security and privacy issues, as these topics have been neglected or even omitted entirely so far. To address the latter issues, our work in [1] and this extension aim to support IIoT device manufacturers and operators in identifying threats against their devices. ...
... There are several types of attackers with different capabilities, attack techniques and motives. We classified various types of threat sources and their respective intentions in [1]. This is useful for deliberately including or excluding types of attacks. ...
Preprint
The growing connectivity of industrial devices as a result of the Internet of Things is increasing the risks to Industrial Control Systems. Since attacks on such devices can also cause damage to people and machines, they must be properly secured. Therefore, a threat analysis is required in order to identify weaknesses and thus mitigate the risk. In this paper, we present a systematic and holistic procedure for analyzing the attack surface and threats of Industrial Internet of Things devices. Our approach is to consider all components including hardware, software and data, assets, threats and attacks throughout the entire product life cycle.
... However, understanding adversaries' motivation and capabilities (refer to Figure 9) for designing a water-tight security solution yet can be a critical challenge. [203]. Quadrant 1 presents less targeted attacks by less capable attackers like pranksters and script kiddies, Quadrant 2 presents targeted attacks for terrorism, hacktivism, or inside leaks by less capable adversaries. ...
Preprint
Full-text available
p>Connected and autonomous vehicles (CAVs) can fulfill the emerging demand for smart transportation on a global scale. Such innovations for transportation can bring manyfold benefits from fully autonomous driving services to proactive vehicle monitoring and traffic management. However, given the complexity involved in the deployment of CAVs, zero-tolerance safety, and security measures must be incorporated to avert vehicle immobilization, road accidents, disclosure of sensitive data, or any potential threats. In this article, we present a reference architecture of CAVs to investigate existing and emerging cyber threats and thus, derive a common attack taxonomy for a CAVs ecosystem based on our studies of academic literature and industry white papers. After that, we discuss security mechanisms for the CAVs ecosystem that can be useful for the safe and secure transportation of passengers from one destination to another. Our work can provide insights to security engineers and system architects for investigating security problems using a top-to-bottom approach and subsequently, identifying optimal security solutions for CAVs.</p
... Adversaries motivation and capabilities[200] ...
Preprint
Full-text available
p>Connected and autonomous vehicles (CAVs) can fulfill the emerging demand for smart transportation on a global scale. Such innovations for transportation can bring manyfold benefits from fully autonomous driving services to proactive vehicle monitoring and traffic management. However, given the complexity involved in the deployment of CAVs, zero-tolerance safety, and security measures must be incorporated to avert vehicle immobilization, road accidents, disclosure of sensitive data, or any potential threats. In this article, we present a reference architecture of CAVs to investigate existing and emerging cyber threats and thus, derive a common attack taxonomy for a CAVs ecosystem based on our studies of academic literature and industry white papers. After that, we discuss security mechanisms for the CAVs ecosystem that can be useful for the safe and secure transportation of passengers from one destination to another. Our work can provide insights to security engineers and system architects for investigating security problems using a top-to-bottom approach and subsequently, identifying optimal security solutions for CAVs.</p
... Adversaries motivation and capabilities[200] ...
Preprint
Full-text available
p>Connected and autonomous vehicles (CAVs) can fulfill the emerging demand for smart transportation on a global scale. Such innovations for transportation can bring manyfold benefits from fully autonomous driving services to proactive vehicle monitoring and traffic management. However, given the complexity involved in the deployment of CAVs, zero-tolerance safety, and security measures must be incorporated to avert vehicle immobilization, road accidents, disclosure of sensitive data, or any potential threats. In this article, we present a reference architecture of CAVs to investigate existing and emerging cyber threats and thus, derive a common attack taxonomy for a CAVs ecosystem based on our studies of academic literature and industry white papers. After that, we discuss security mechanisms for the CAVs ecosystem that can be useful for the safe and secure transportation of passengers from one destination to another. Our work can provide insights to security engineers and system architects for investigating security problems using a top-to-bottom approach and subsequently, identifying optimal security solutions for CAVs.</p
... Formal verification of security mechanisms to be employed in EC-CAV can mathematically prove the correctness of the underlying algorithms and software to accomplish the below objectives. Figure 6: Adversaries motivation and capabilities [188] 1. Increased Safety: A formal verification of the communication and control systems can reduce the likelihood of safety incidents. ...
Preprint
Full-text available
p>Edge Computing-based Connected Autonomous Vehicles (EC-CAVs) can fulfill the emerging demand for smart transportation on a global scale. Such innovations to transportation ecosystems can bring manyfold benefits from fully autonomous driving services to proactive vehicle monitoring and traffic management. Given the complexity involved in the deployment of EC-CAVs, zero-tolerance safety and security measures must be incorporated to avert vehicle immobilization, road accidents, disclosure of sensitive data, or any potential threats. This paper presents a reference architecture of EC-CAVs to investigate existing and emerging cyber-threats for deriving a common attack taxonomy for the EC-CAVs ecosystem. Subsequently, a comprehensive survey of security mechanisms is presented that can ensure safe and secure transportation of passengers from one destination to another using an EC-CAVs ecosystem.</p
... The fifth step is to address the questions of who is threatening the device, why they might attack it, which threats arise, and what consequences may result. Further information can be found in [9,10]. ...
Technical Report
Full-text available
An increasing number of devices from everyday life and the working environment are being connected to a network, and thus become part of the so-called Internet of Things. However, many of these devices have vulnerabilities that consequently threaten the security and privacy of the users. This report presents the current progress of a PhD project that aims to support device manufacturers in identifying threats and vulnerabilities and developing suitable countermeasures. For this purpose, a threat modelling technique and a risk assessment methodology are presented.
... Durch diese Vorarbeiten konnten sämtliche Angriffsszenarien auf die Geräte der Industriepartner untersucht werden. Die angesprochenen Ergebnisse sind detailliert in den Publikationen[2,3] beschrieben.Die Bedrohungsanalyse wurde durch Penetrationstests begleitet, um weitere Schwachstellen zu finden und die identifizierten Angriffsszenarien zu verifizieren. Im Rahmen dessen wurden auch Fuzzing-Tests durchgeführt. ...
Technical Report
Full-text available
Zusammenfassung: Im Zuge des industriellen Internet der Dinge werden Sensoren und Aktoren netzwerkfähig und intelligenter. Die vergrößerte Angriffsfläche führt jedoch zu einem er-höhten Risiko von Cyberangriffen auf industrielle Kontroll-systeme. Vor allem in kritischen Infrastrukturen kann dies zur Gefahr für Mensch und Umwelt werden. In diesem Bericht wird das Forschungsprojekt "iSEC" vorgestellt, dessen Ziel die Entwicklung von Security-Lösungen für leistungsschwache industrielle eingebettete Systeme ist. Es werden Ergebnisse aus den Bereichen Bedrohungs-analyse, Physical Unclonable Functions und Kryptografie präsentiert und eine Auswahl gewonnener Erkenntnisse beschrieben. Abstract: As the industrial Internet of Things progresses, sensors and actuators become network-enabled and smarter. However, the increasing attack surface leads to a higher risk of cyberattacks on industrial control systems. This may endanger people and the environment, especially for systems in critical infrastructures. This report presents the research project "iSEC", which aims to develop security solutions for low-power industrial embedded systems. The results from the threat analysis, the evaluation of Physical Unclonable Functions and cryptographic solutions are presented and a few findings described.
... However, interfacing Information Technology (i.e., information or data management) and Operation Technology (i.e., physical devices and processes) domains using internet technologies for horizontal and vertical integration can expose new cyber-attack surfaces. Fig. 1 illustrates adversaries' intent to select a target, and their capabilities like skills and financial resources for cyber attacking an Industrial Internet of Things (IIoT) ecosystem [5]. Stuxnet, Saudi Aramco attack, cryptocurrency malware, Tridium Niagara framework attack, and Ukrainian Power Grid attack are some of the successful attacks in recent years that devastated critical operations [6]. ...
Article
Full-text available
Secure and efficient communication to establish a seamless nexus between the five levels of a typical automation pyramid is paramount to Industry 4.0. Specific ally, vertical and horizontal integration of these levels is an overarching requirement to accelerate productivity and improve operational activities. Vertical integration can improve visibility, flexibility, and productivity by connecting systems and applications. Horizontal integration can provide better collaboration and adaptability by connecting internal production facilities, multi-site operations, and third-party partners in a supply chain. In this paper, we propose an Edge computing based Industrial Gateway for interfacing information technology and operational technology that can enable Industry 4.0 vertical and horizontal integration. Subsequently, we design and develop a working prototype to demonstrate a remote production-line maintenance use case with a strong focus on security aspects and the edge paradigm to bring computational resources and data storage closer to data sources.