ArticlePDF Available

Cyber Security in Industry 4.0: The Pitfalls of Having Hyperconnected Systems

Abstract

The fourth industrial revolution is referred to as Industry 4.0. The current trend with manufacturing is automation and unparalleled levels of data exchange. To bring this trend to realization requires integrating the Internet of Things, Internet of Everything cyber-physical systems, cloud computing technologies, and more into manufacturing. Industry 4.0 involves a hyperconnected system that includes the smarter use of robotics to effectively and efficiently move to manufacture to new heights. With the use of all these technological systems, it is imperative to ensure that cyber security plays a role during the rise of this digital industrial revolution. In the United Kingdom, more than eighty manufacturing plants were hit by cyber attacks while threats in this specific industry have risen. The pitfalls of having hyperconnected systems leave an entire industry even more vulnerable than the traditional enterprise system design.
19
Journal of Strategic Management Studies
Vol. 10, No. 1, 19–28 (October 2018)
Copyright © 2018 by International Academy of Strategic Management
Cyber Security in Industry 4.0:
The Pitfalls of Having Hyperconnected Systems
MAURICE DAWSON
Assistant Professor, School of Applied Technology, Illinois Institute of Technology
Abstract
The fourth industrial revolution is referred to as Industry 4.0. The current trend with manufactur-
ing is automation and unparalleled levels of data exchange. To bring this trend to realization requires
integrating the Internet of Things, Internet of Everything cyber-physical systems, cloud computing
technologies, and more into manufacturing. Industry 4.0 involves a hyperconnected system that in-
cludes the smarter use of robotics to effectively and efficiently move to manufacture to new heights.
With the use of all these technological systems, it is imperative to ensure that cyber security plays
a role during the rise of this digital industrial revolution. In the United Kingdom, more than eighty
manufacturing plants were hit by cyber attacks while threats in this specific industry have risen. The
pitfalls of having hyperconnected systems leave an entire industry even more vulnerable than the tra-
ditional enterprise system design.
Keywords:
cyber security, risk management, internet of things, hyperconnectivity
INTRODUCTION
The landscape of manufacturing has changed,
and this has allowed attackers unparalleled access
to data unlike before. Nearly eighty-five participants
in a survey reported falling victim to a cyber attack
in the United Kingdom (U.K.) (Ambrose, 2018).
The worry is that Russian hackers and other nation
states are gaining entry into protected networks.
Currently, there are well-documented attacks on
Supervisory control and data acquisition (SCADA)
systems throughout North America and Europe. A
survey conducted by researchers shows the methods
of operations, impact, and target sectors (Miller &
Rowe, 2012). Essentially all incidents were classi-
fied with the following to include showing the year
of the attack. Within the summary of incidents, you
can see the earliest attack is 1982 on the Power of
Siberia pipeline (Miller & Rowe, 2012). This shows
that manufacturing has been a target for attackers for
over two decades.
To understand the current state of manufacturing,
it is vital to understand the history of the previous
industrial revolutions. The First Industrial Revolu-
tion occurred in Britain over the century 1750–1850
(Deane, 1979). This was when the theory of eco-
nomic development took root, and specialized ac-
tivity for production for national and international
markets rose. The Second Revolution is known as
the technological revolution. This period was near
the end of 19th century through the beginning of the
20th century. During this revolution, we received
inventions such as airplanes, Henry Ford’s Model
T, light bulb, and telegram. This period introduced
mass production which has been altered by experts
in supply chain and logistics today to equip manu-
facturing companies to produce to meet supply and
demand. The Third Industrial Revolution was from
1969 to 2000. These three industrial revolutions are
depicted in FIGURE 1.
Manufacturing is undergoing another revolution-
ary change, and that is paving the way for system-
atical deployment of Cyber-Physical Systems (CPS)
(Lee, Bagheri, & Kao, 2015). CPS is an integration
of networking, physical processes, and embedded
computers that are tightly integrated with the Inter-
net. This change is known as the Fourth Industrial
Revolution, and it does not arrive without cyber se-
doi: 10.24760/iasme.10.1_19
20
Vol. 10, No. 1 (October 2018)
curity with technological implementation. While
technology is the United States (U.S.) has been years
ahead of the laws providing protection and gover-
nance meanwhile the government are continuously
playing catch up (March & Smith, 1995). Under-
standing the various technological architectures in
this connected environments provides an insight into
the issues surrounds this new revolution.
INTERNET OF THINGS
The Internet of Things (IoT) describes a world in
which smart technologies enable objects with a net-
work to communicate with each other and interface
with humans effortlessly. This connected world of
convenience and technology does not come without
its drawbacks, as interconnectivity implies hack-
ability. This new world of convenience calls for
revolutionary protection strategies to reassess secu-
rity. Risk management concepts and Information As-
surance architecture similar to those practiced in the
United States Department of Defense (DoD) should
be used as guidelines for cyber security implementa-
tion. This new emerging market that is facilitating
the exchange of services and goods requires under-
standing the associated laws for the implementation
of an IoT architecture (Weber, 2010).
Researchers at Cisco Systems estimate that over
99 percent of physical devices are still unconnected
and that there is a market of $14.4 trillion. This
white paper urges business leaders to transform their
organizations based on key learnings to be competi-
tive for the future (Evans, 2012). As this new wave
of Internet-enabled technologies arrives, it is impera-
tive to understand the security and privacy concerns
fully (Thierer, 2015). Understanding these concerns
also means understanding how to apply security
controls to systems appropriately. Addressing secu-
rity objectives appropriately will allow for risks to
be mitigated. This means following the principles of
security to ensure cyber security posture is achieved.
All of these connected devices using proven stan-
dards, policies, and guidance can help with the ease
of integrating these technologies into everyday life.
Currently, there is a lack of guidance for securing
IoT, Internet of Everything (IoE), and Web of Things
(WoT) as a cohesive unit; however, there is appro-
priate documentation available through the National
Institute of Standards and Technology (NIST), Fed-
eral Information Processing Systems (FIPS), Depart-
ment of Defense (DoD), Institute of Electronic and
Electrical Engineers (IEEE), International Organiza-
tion for Standardization (ISO), Defense Information
Systems Agency (DISA) Security Technical Imple-
mentation Guides (STIGs), and more. It is essential
for the security engineer to understand how to pro-
tect these devices individually and then understand
how the devices become more vulnerable when con-
Reprinted from Industry 4.0, by Wikipedia, June 30 2018, retrieved from https://en.wikipedia.
org/wiki/Industry_4.0. Licensed under CC Attribution-ShareAlike License.
FIGURE 1 Industrial Revolutions
21
Cyber Security in Industry 4.0: The Pitfalls of Having Hyperconnected Systems
nected. Mobile devices would need to be hardened
with appropriate security controls for compliance
(Dawson, Wright, & Omar, 2015). Encryption would
need to be on devices that have IoT capabilities
such as refrigerators, televisions, or smart watches.
This would allow the protection of data in transit
and at rest. The recommended guidance would be
to use an approved public algorithm and not a weak
algorithm. The classification of weak and robust al-
gorithm change over time thus it is essential to keep
abreast of the changes in cartographic algorithms.
Access controls would need to be placed to ensure
that other users within the hyperconnected system to
do not have the ability to elevate privileges through
lateral movement within a network (Dawson, 2017).
INTERNET OF THINGS IN
MANUFACTURING
IoT in manufacturing is part of this Industrial
Revolution 4.0, and this concept has a significant
impact. For the manufacturing plant, one can moni-
tor production to apply lean principles for waste
management while being able to see inventory
changes in real time. The implementation of IoT
allows for Built-In Test (BIT) alerts, maintenance
alerts for downtime. Having embedded OS allows
for devices to be transformed for computing func-
tionality beyond essential functions. This would in-
clude the ability to capture more data that allows for
managers to see production status, gain insight on
usage patterns, and from this data make decisions.
A manager could make decisions that allow them to
make decisions based upon product performance in
the assembly line such as replacement or the need to
add additional equipment. The data would include
information such as Global Positioning Systems
(GPS) tags that provide the exact location of equip-
ment that needs to be further examined to review
point of origination.
FIGURE 2 displays how IoT looks in manufac-
turing and all the different situations where IoT can
be applied. What is not displayed is the negative
concerns around using IoT. Since all these systems
are connected to so many other systems through In-
ternet, Bluetooth, or another method of communica-
tion it is necessary to ensure the secure transmission
of data. At the current time, there are a few docu-
ments that provides the guidance for securing the
systems in the manufacturing environment. This is
an issue as the industrial revolution is rapidly taking
root in manufacturing.
Reprinted from Internet of Things (IoT), by Andrej Tozon, 2015, retrieved from https://www.slideshare.net/andrejt/ntk-
2015-internet-of-things-track-iot-smart-home. Licensed under CC Attribution-ShareAlike License.
FIGURE 2 Internet of Things in Manufacturing
22
Vol. 10, No. 1 (October 2018)
Secure computing is essential as technological en-
vironments continue to become intertwined and hy-
perconnected. The policies to properly secure these
new environments must also be explored as many
of the security controls found within guidance such
as the DoD focuses on singular systems and compo-
nents (Dawson, Crespo, & Brewster, 2013). There
needs to be the creation of new controls that review
embedded sensors, body modifications, and devices
that entirely take advantage of Internet-enabled tech-
nologies. With the emergence of these technologies,
the possibilities are endless; however, there will be
new vulnerabilities unexplored.
CYBER SECURITY ISSUES IN
TECHNOLOGICAL DEVICES
As the next era of computing will be outside of
the traditional desktop and into embedded systems
and smaller devices are targets for attacks (Gubbi,
Buyya, Marusic, & Palaniswami, 2013). When you
consider, Bring Your Own Device (BYOB) as a radi-
cal step, imagine using a device such as a refrigera-
tor that contains an embedded computing device to
track the number of groceries within. This integrated
device would allow access to email, weather, and
other devices that enable connectivity through WiFi,
or some Application Programming Interface (API)
to a web-based application. Thus, the data collected
would be weather, thermostat cooling patterns, foods
purchased, the cost of items per month, average con-
sumption, and more. This massive amount of data
provides the ability for an attacker to gather intel-
ligence unlike before. They can see schedules which
allow for them to analyze behavioral patterns view
dietary concerns that affect health, and more than
give information once though genuinely personal.
At the moment, organizations such as Cisco Systems
and others are pushing for WoT and IoT, but no one
has a plan for ensuring secured transmission is main-
tained during various modes of operation.
Additionally, the unknowing consumer of every-
day products needs to be aware of what it means
to have sensors, Radio Frequency IDentification
(RFID), Bluetooth, and WiFi enabled products.
What further needs be explored is how Availability,
Integrity, and Confidentiality (AIC) can be applied
to IoT, WoT, and IoE with consideration for the ap-
plication of these architectures in the commercial
sector. All these architectures allow for hypercon-
nectivity while at the same time it is critical to un-
derstand the changing threat landscape (Badonnel,
Koch, Pras, Drašar, & Stiller, 2016).
When an organization allows BYOB being to be
used in a manufacturing setting it must be realized
that yet another device is going unchecked into the
system, effects of various attacks such as Distributed
Denial of Service (DDoS), replicating worms, and
calculated virus that are activated based upon specif-
ic system configuration (Singh, 2012; Brooks, 2017).
As the consequences of security problems ranging
from personal injury to system downtime the need
for secure environments (Chahid, Benabdellah, &
Azizi, 2017). So having a manufacturing floor with
multiple IoT devices means there are lots of data that
can be captured with relative ease. With applications
such as Wireshark, it is relatively easy to capture
data on an unsecured network. Wireshark is a soft-
ware application that not only a laptop but also a
mobile device or RaspberryPi for penetration testing
(Muniz & Lakhani, 2015). The amount of detailed
captured through Wireshark is astounding and re-
vealing much about the network (See FIGURE 3) .
In FIGURE 4 displayed is 500,000 packets cap-
tured from one device on a network. Understanding
the origination, destination, and types of network
protocols are currently in use enable an attacker to
know what to attack precisely. This scenario could
also include knowing the destination as it could be
used to develop man in the middle attacks. The data
captured through a system can be revealing and help
an attacker understand the attack surface in detail.
Provided in network scans are the open ports and
the closed ports, disabling, and identification of un-
patched applications. This informs the attacker there
was no system hardening done before the deploy-
ment of the system on the network and perhaps that
the organization has a lack of security policies that
address secure system configuration before going
live (Creery & Byres, 2005).
23
Cyber Security in Industry 4.0: The Pitfalls of Having Hyperconnected Systems
MANUFACTURING SYSTEMS
CERTIFICATION AND
ACCREDITATION
For Industry 4.0 to survive, it is necessary to
ensure security is being embedded into the system
from the beginning of the lifecycle through a pro-
cess (Aljawarneh, Alawneh, & Jaradat, 2017). Thus
the implementation of policies, directives, and laws
that systems undergo Certification and Accreditation
(C&A) is mandatory. Implementing this allows for
all these systems to be routinely checked and meet
stringent initial cyber security controls before the
system goes live. (Ross, 2009). Essentially the in-
FIGURE 3 Wireshark Capture
FIGURE 4 Group-by Column: Protocol and Value Column: Destination
24
Vol. 10, No. 1 (October 2018)
dustry would be required to implement a bare mini-
mum of controls to protect the facility from physical
controls. In 2011, NIST published a Guide to Indus-
trial Control Systems (ISC) Security that provides a
baseline for precisely this (Stouffer, Falco, & Scar-
fone, 2011). Contained in the document is how the
overall environment should be set up to maximize
cyber security to include specific recommenda-
tions for ICS. These documented guidelines would
mitigate attacks that are against the process, risk as-
sessment, risk management, and the overall systems
development life cycle (Cárdenas et al., 2011).
A framework such as the Risk Management
Framework (RMF) should be used as a baseline to
enable organizations to have already defined con-
trols. This activity is possible as NIST 800-53 pro-
vides details about the RMF which is a framework
created by the NIST to address risk management
(NIST, 2013). The RMF uses the risk-based ap-
proach to security control selection and specification
considering effectiveness, efficiency, and constraints
due to applicable laws, directives, executive orders,
policies, standards, or regulations. Six RMF catego-
rization steps serve as the basis for this NIST guid-
ance (NIST, 2013). Step 1: Categorize. The system
is assessed and categorized based on an impact anal-
ysis. Step 2: Select. During the period the organiza-
tion must identify, select, customize, and document
the security and privacy controls required to protect
the system and the organization commensurate with
the risk to organizational operations and assets, in-
dividuals. These controls are to be addressed in the
design and are a result of high-level requirements
that are decomposed into lower level requirements.
Step 3: Implement. During this step, the controls se-
lected in step 2 are deployed within the system to in-
clude the associated environment of operation. Step
4: Assess. The controls implemented are assessed
to see if they are working as intended, and that the
desired outcome meets the security requirements for
the system. Step 5: Authorize. Get authority for the
system to operate based upon an acceptable deci-
sion upon the acceptable risk for the system. Step 6:
Monitor. Continually assess the security control of
the system on an ongoing basis. The process should
include annual security checks to review compliance
and reporting to a third party for compliance that
does not have ties to the organization undergoing
the C&A process. This process should be more of a
regulatory body that issues the letter for accredita-
tion. Roles similar to that in the former framework,
Department of Defense Information Assurance
Certification and Accreditation Process (DIACAP),
should be implemented (Eller & Stauffer, 2000).
CYBER THREATS AND INTELLIGENCE
GATHERING
With the potential threats of cyber terrorism af-
fecting national and international security, the im-
portance of security is elevated to greater heights
(Dawson, Omar, & Abramson, 2015). New threats
against national infrastructure and digital crime are
making researchers consider new methods of han-
dling cyber incidents (Dawson & Omar, 2015). It
is imperative that if the government or commercial
sectors want to make use of these new technologi-
cal Internet and Web-enabled architectures that they
are prepared to battle new threats. Countries could
target the ability to manufacture products where it is
for military or agriculture could significantly affect a
country’s Gross Domestic Product (GDP). Imagine
numerous factories used for producing foods for an
area known to have a significant amount of federal
employees. The food has the incorrect levels of nu-
trients and some items bypassing proper checks.
An entire county could be sick due to tampering of
equipment in a manufacturing center. If you consider
more high tech items, this tampering could lead to
essential checks not occurring in vehicle produc-
tion that degrades the quality of the car. The lacks
of quality controls in the automatic process would
have dangerous results such as no checks on breaks,
power steering, windows, and onboard system di-
agnostics (Atamli & Martin, 2014; Amoozadeh et
al., 2015). The manufacturing floor could serve as a
place that allows an attacker not only to gather criti-
cal data from devices but inflict damage of any of
the products being produced.
During the Stuxnet, attack operators thought the
centrifuges were operating normally while the caus-
ing a meltdown and significantly slowing down the
process of Uranium enrichment (Langner, 2011).
The source code of this worm is available online and
25
Cyber Security in Industry 4.0: The Pitfalls of Having Hyperconnected Systems
can be repurposed for an attack. Reviewing the at-
tack on Natanz, the exact Program Logic Controller
(PLC) had to be discovered and from this point, they
had to identify the manufacturer. This facility was
kept secret whereas a standard production facility
it is easier to uncover the technological tools in the
manufacturing facility to include methods to investi-
gate the logistics of getting that device to the facility.
Using Open Source Intelligence Tools (OSINT) and
other forms of intelligence gathering such as Human
Intelligence (HUMINT), it will not be far-fetched to
say that an attacker could find out key manufacturers
of machines used in the facility.
For an attacker, they could employ the techniques
from the statecraft of intelligence, and use that to
exploit the numerous devices that are connected to
the network to create an intelligence report (Dulles,
2006; Andrews & Peterson, 1990). The first stage
planning would occur and the determination of in-
formational needs. These needs could be the types
of information and requirements for the data needed.
The second stage collection would be the process
and tools used to collect the data. Earlier in this
paper, the researcher showed half a million network
packets captured in only 15 min using Wireshark.
Data collection could be my means of OSINT,
Signals Intelligence (SIGINT), or running an ap-
plication to map out the network and vulnerabilities.
The third stage, processing, and exploitation are per-
formed with tools to automate the process. For the
fourth stage, the use of the R programming language
and Python could be used to perform data science
on the massive amount of data collected to analyze
data further. It can be everything from looking at
the captured metadata on photos, analyzing machine
behavior, and routing of information. In the final
stage, dissemination, this could include many meth-
ods of providing information. FIGURE 5 shows the
entire Intelligence Cycle at a high level, however,
these stages can be broken down further and tailed
for the organization that is performing the tasks. For
example, in the collection stage, it can be broken
down to details the methods in which the collec-
tions occur. There could be an entire subprocess for
FIGURE 5 Intelligence Cycle
FIGURE 6 Open Source Applications to Use During Intelligence Cycle
26
Vol. 10, No. 1 (October 2018)
OSINT collection which includes getting tagged in
the next stage. The tools that are selected for use and
in what sequence could be essential based upon the
first stage. For example, an attacker could have some
collections tools running first against the network,
and then on individual components for identifica-
tion. Once these components are identified, then the
applications can be discovered. Once that has hap-
pened then the source code can be analyzed to show
current Common Weakness Enumeration (CWE)
(Martin & Barnum, 2008). In stage 4 the CWEs
could be analyzed using their associated Common
Vulnerability Scoring System (CVSS) scores and
vulnerability types (Barnum, 2008). If a CWE is a
top ten, then it is likely that this may be an unad-
dressed exploit from the CWE Top 10 List. There-
fore the attacker could go down the list performing
an array of attacks against the system as if they were
doing black box vulnerability testing (Bau, Bursz-
tein, Gupta, & Mitchell, 2010).
Some tools can be used to go through the entire
intelligence cycle. In FIGURE 6 listed are those
tools and applicable stags of use. The majority of
listed applications are Open Source Software (OSS)
and licensed by the Gnu Public License (GPL). Out
of all the tools for analysis, the R Language is one
of the most powerful open source languages as it
allows for statistical analysis and performing data
science (RDC Team, 2004).
Illustrated in FIGURE 6 the number of tools
available that can be used to perform an array of
intelligence tasks that gives further insight into the
network environment. Briefly covered is the need for
securing the system but provided are some applica-
tions that can quickly transform an attacker into an
intelligence analyst.
CONCLUSION
As this new industrial revolution is taking ground
it will be key to establish what a baseline secure
configuration would be for this manufacturing plants.
This will include a minimum set of security controls
every organization will need to have before gaining
an Approval to Operate (ATO). As the attacks contin-
ue to grow this will be the only path forward to ensur-
ing that these attacks are lowered and that identified
risks are brought to an accepted minimum level. This
will include tighter regulatory polices, employee edu-
cation, and hardened technology that is used within
the boundaries of the network. The goal of this paper
was to show the pitfall of having a hyperconnected
system with improper cyber security implemented.
REFERENCES
Aljawarneh, S. A., Alawneh, A., & Jaradat, R.
(2017). Cloud security engineering: Early
stages of SDLC. Future Generation Computer
Systems, 74, 385–392.
Ambrose, J. (2018, April 23). Half of UK manufactur-
ers fall victim to cyber attacks. Retrieved May
30, 2018, from https://www.telegraph.co.uk/
business/2018/04/22/half-uk-manufacturers-fall-
victim-cyber-attacks/
Amoozadeh, M., Raghuramu, A., Chuah, C. N.,
Ghosal, D., Zhang, H. M., Rowe, J., & Levitt,
K. (2015). Security vulnerabilities of connected
vehicle streams and their impact on coopera-
tive driving. IEEE Communications Magazine,
53(6), 126–132.
Andrews, P. P. & Peterson, M. B. (Eds.). (1990).
Criminal intelligence analysis. Loomis, CA:
Palmer Enterprises.
Atamli, A. W. & Martin, A. (2014, September).
Threat-based security analysis for the internet
of things. In 2014 International Workshop on
Secure Internet of Things (SIoT), (pp. 35–43).
IEEE.
Badonnel, R., Koch, R., Pras, A., Drašar, M., &
Stiller, B. (2016). Management and security in
the age of hyper connectivity. In 10th IFIP WG
6.6 International Conf. Autonomous Infrastruc-
ture, Management, and Security, AIMS 2016.
Barnum, S. (2008). Common attack pattern enu-
meration and classification (capec) schema
description. Cigital Inc, http://capec.mitre.org/
documents/documentation/CAPEC_Schema_
Description_v1, 3.
Bau, J., Bursztein, E., Gupta, D., & Mitchell, J.
(2010, May). State of the art: Automated black-
box web application vulnerability testing. In
2010 IEEE Symposium on Security and Privacy
(pp. 332–345). IEEE.
27
Cyber Security in Industry 4.0: The Pitfalls of Having Hyperconnected Systems
Brooks, T. T. (Ed.). (2017). Cyber-assurance for the
Internet of Things. John Wiley & Sons.
Cárdenas, A. A., Amin, S., Lin, Z. S., Huang, Y.
L., Huang, C. Y., & Sastry, S. (2011, March).
Attacks against process control systems: risk
assessment, detection, and response. In Pro-
ceedings of the 6th ACM symposium on infor-
mation, computer and communications security
(pp. 355–366). ACM.
Chahid, Y., Benabdellah, M., & Azizi, A. (2017,
April). Internet of things security. In 2017 In-
ternational Conference on Wireless Technolo-
gies, Embedded and Intelligent Systems (WITS),
(pp. 1–6). IEEE.
Creery, A. & Byres, E. J. (2005, September). Indus-
trial cybersecurity for power system and SCA-
DA networks. In Petroleum and Chemical In-
dustry Conference, 2005. Industry Applications
Society 52nd Annual (pp. 303–309). IEEE.
Dawson, M. (2017). Exploring Secure Computing
for the Internet of Things, Internet of Every-
thing, Web of Things, and Hyperconnectivity.
In M. Dawson, M. Eltayeb, & M. Omar (Eds.).
Security Solutions for Hyperconnectivity and
the Internet of Things (pp. 1–12). Hershey, PA:
IGI Global. doi: 10.4018/978-1-5225-0741-3.
ch001
Dawson, M. & Omar, M. (2015). New Threats and
Countermeasures in Digital Crime and Cyber
Terrorism (pp. 1–368). Hershey, PA: IGI Glob-
al. doi: 10.4018/978-1-4666-8345-7
Dawson, M. E. Jr, Crespo, M., & Brewster, S.
(2013). DoD cyber technology policies to se-
cure automated information systems. Interna-
tional Journal of Business Continuity and Risk
Management, 4(1), 1–22.
Dawson, M., Omar, M., & Abramson, J. (2015). Un-
derstanding the Methods behind Cyber Terror-
ism. In M. Khosrow-Pour (Ed.). Encyclopedia
of Information Science and Technology (3rd
ed.) (pp. 1539–1549). Hershey, PA: IGI Global.
doi: 10.4018/978-1-4666-5888-2.ch147
Dawson, M., Wright, J., & Omar, M. (2015). &
Mobile Devices: The Case for Cyber Security
Hardened Systems. In M. Dawson, & M. Omar
(Eds.). New Threats and Countermeasures in
Digital Crime and Cyber Terrorism (pp. 8–29).
Hershey, PA: IGI Global. doi: 10.4018/978-1-
4666-8345-7.ch002
Deane, P. M. (1979). The first industrial revolution.
Cambridge University Press.
Dulles, A. (2006). The Craft of Intelligence: Ameri-
cas Legendary Spy Master on the Fundamen-
tals of Intelligence Gathering for a Free World.
Rowman & Littlefield.
Eller, M. M. J., & Stauffer, B. (2000). Department of
Defense Information Technology Security Certi-
fication and Accreditation Process (DITSCAP).
US-Department of Defense.
Evans, D. (2012). The internet of everything: How
more relevant and valuable connections will
change the world. Cisco IBSG, 1–9.
Gubbi, J., Buyya, R., Marusic, S., & Palaniswami,
M. (2013). Internet of Things (IoT): A vision,
architectural elements, and future directions.
Future Generation Computer Systems, 29(7),
1645–1660.
Langner, R. (2011). Stuxnet: Dissecting a cyberwar-
fare weapon. IEEE Security & Privacy, 9(3),
49–51.
Lee, J., Bagheri, B., & Kao, H. A. (2015). A cyber-
physical systems architecture for industry
4.0-based manufacturing systems. Manufactur-
ing Letters, 3, 18–23.
March, S. T. & Smith, G. F. (1995). Design and nat-
ural science research on information technol-
ogy. Decision support systems, 15(4), 251–266.
Martin, R. A. & Barnum, S. (2008). Common weak-
ness enumeration (cwe) status update. ACM
SIGAda Ada Letters, 28(1), 88–91.
Miller, B. & Rowe, D. (2012, October). A survey
SCADA of and critical infrastructure inci-
dents. In Proceedings of the 1st Annual confer-
ence on Research in information technology
(pp. 51–56). ACM.
Muniz, J. & Lakhani, A. (2015). Penetration testing
with raspberry pi (pp. 1–245). Packt Publishing
Ltd.
NIST. (2013). Security and privacy controls for
federal information systems and organizations.
Gaithersburg, MD: U.S. Dept. of Commerce,
National Institute of Standards and Technology.
Omar, M. & Dawson, M. (2013, April). Research
in progress-defending android smartphones
28
Vol. 10, No. 1 (October 2018)
from malware attacks. In 2013 Third Interna-
tional Conference on Advanced Computing
and Communication Technologies (ACCT),
(pp. 288–292). IEEE.
RDC Team. (2004). R: A language and environment
for statistical computing. Vienna: R Founda-
tion for Statistical Computing. Available: http://
www.R-project.org. Accessed 26 July 2018.
Ross, R. S. (2009). Recommended Security Controls
for Federal Information Systems and Organi-
zations [includes updates through 9/14/2009]
(No. Special Publication (NIST SP)-800-53
Rev 3).
Singh, N. (2012). BYOD genie is out of the bottle–
“Devil or angel”. Journal of Business Manage-
ment & Social Sciences Research, 1(3), 1–12.
Stouffer, K., Falco, J., & Scarfone, K. (2011). Guide
to industrial control systems (ICS) security.
NIST special publication, 800(82), 1–255.
Thierer, A. D. (2015). The Internet of Things and
Wearable Technology: Addressing Privacy and
Security Concerns without Derailing Innova-
tion. Richmond Journal of Law and Technol-
ogy, 21, 1–118.
Tozon, A. (2015, May 25). NTK 2015: Internet of
things track (IoT)—Smart Home. Retrieved
July 27, 2018, from https://www.slideshare.net/
andrejt/ntk-2015-internet-of-things-track-iot-
smart-home
Weber, R. H. (2010). Internet of Things—New se-
curity and privacy challenges. Computer law &
security review, 26(1), 23–30.
Wikipedia. (2018, June 19). Industry 4.0. Retrieved
June 30, 2018, from https://en.wikipedia.org/
wiki/Industry_4.0
Dr. Maurice Dawson is an Assistant Professor
of Information Technology and Management
within the School of Applied Technology at Il-
linois Institute of Technology. Additionally, he
serves as Director and Distinguished Member
of the IIT Center for Cyber Security and Fo-
rensics Education (C2SAFE) and responsible
for working with the faculty who are members
of this center. He has a Doctor of Computer
Science from Colorado Technical University
and a Doctor of Philosophy in Cyber Security
from the Intelligent Systems Research Centre
at London Metropolitan University. Addition-
ally, he is the co-editor of Developing Next-
Generation Countermeasures for Homeland
Security Threat Prevention, and New Threats
and Countermeasures in Digital Crime and Cy-
ber Terrorism, published by IGI Global in 2017,
and 2015 respectively. Dawson has received a
Fulbright Scholar Grant to the School of Elec-
trical Engineering and Computer Science at
South Ural State University in Russia in 2015
for Business Intelligence and more recently an
award to the College of Computer & Informa-
tion Science of Prince Sultan University in
Saudi Arabia for cyber security for the period
of 2017–2018.
E-mail: maurice.dawson@ieee.org
... Such vulnerabilities are mostly attributed to the lack of unified standards for organizations to benchmark against. This is coupled with a severe shortage of managerial and technical skills necessary to implement them (Dawson, 2018). Organizations based in the European Union and North America have been prioritizing moves in the direction of standardizing cybersecurity protocols. ...
... The I4.0 has a very close association with cybersecurity. In recent times, a number of I4.0 cybersecurity incidents have been reported, additionally stressing the need to strengthen protection from cyber-attacks (Dawson, 2018). Industrial operators who utilize IoT and I4.0 solutions are particularly vulnerable to such threats. ...
... Industrial operators who utilize IoT and I4.0 solutions are particularly vulnerable to such threats. The need to improve cybersecurity under the I4.0 protocol has become crucial, since the possible impact of cyber threats range from concerns regarding physical security to downtimes in production, damage to products and equipment, as well as potential for substantial reputational and financial losses (Dawson, 2018). ...
Chapter
Artificial Intelligence (AI) is indeed a technique that is increasingly evolving throughout the worldwide and banking industry has become one of its earliest users. From manufacturing to service industries, AI have been a part of the company, in this modern era, where everything is handled by means of computers or human computer interface (HCI’s). AI is not a new innovation, but it has grown exponentially in recent years, catering a lot for sustainable growth. US and China are important countries that contribute to different applications using AI. As per Forrester report the customised customer platform offers quantitative benefits in the form of reduced costs, highly efficient human resources and enhanced customer engagement outcomes. AI is growing, however there are barriers to support and maintain since it can deal with possible biases or accountability of senior executives and government legislations. Big data is a channel to AI’s service and Virtual reality cannot operate without data. In the Present research the development and success of AI have been analysed focussing on the banking industry. The study also finds different ways to minimise costs and provide reliable data based on Site intelligence. AI’s a machine blessing, but also a threat. This report discusses the vulnerabilities and diverse prospects for growth in this particular service sector.
... Such vulnerabilities are mostly attributed to the lack of unified standards for organizations to benchmark against. This is coupled with a severe shortage of managerial and technical skills necessary to implement them (Dawson, 2018). Organizations based in the European Union and North America have been prioritizing moves in the direction of standardizing cybersecurity protocols. ...
... The I4.0 has a very close association with cybersecurity. In recent times, a number of I4.0 cybersecurity incidents have been reported, additionally stressing the need to strengthen protection from cyber-attacks (Dawson, 2018). Industrial operators who utilize IoT and I4.0 solutions are particularly vulnerable to such threats. ...
... Industrial operators who utilize IoT and I4.0 solutions are particularly vulnerable to such threats. The need to improve cybersecurity under the I4.0 protocol has become crucial, since the possible impact of cyber threats range from concerns regarding physical security to downtimes in production, damage to products and equipment, as well as potential for substantial reputational and financial losses (Dawson, 2018). ...
Chapter
The fourth industrial revolution is at the beginning, and it alters the fundamental way we work and live. The technologies like Artificial Intelligence, Internet of Things, Robotics, Nanotechnology, 3D printing, Data Science are strengthening one another. The fourth industrial revolution has made an impact in social and economic domains in the form of loss of many current jobs or shifting of nature of work, and in the delivery of public and private services. This paper explores the transformation of the labor market which demands innovative professional skills due to industrial revolutions 4.0. The topics like the origin of IR 4.0, technical revolution, the impact of I.R 4.0 technology, employment crisis due to IR 4.0, the transformation of the job market, and the necessity of emerging skills in the industry were discussed in this paper. An analysis of the impact of digitization in the labor market is done here.
... Such vulnerabilities are mostly attributed to the lack of unified standards for organizations to benchmark against. This is coupled with a severe shortage of managerial and technical skills necessary to implement them (Dawson, 2018). Organizations based in the European Union and North America have been prioritizing moves in the direction of standardizing cybersecurity protocols. ...
... The I4.0 has a very close association with cybersecurity. In recent times, a number of I4.0 cybersecurity incidents have been reported, additionally stressing the need to strengthen protection from cyber-attacks (Dawson, 2018). Industrial operators who utilize IoT and I4.0 solutions are particularly vulnerable to such threats. ...
... Industrial operators who utilize IoT and I4.0 solutions are particularly vulnerable to such threats. The need to improve cybersecurity under the I4.0 protocol has become crucial, since the possible impact of cyber threats range from concerns regarding physical security to downtimes in production, damage to products and equipment, as well as potential for substantial reputational and financial losses (Dawson, 2018). ...
Chapter
Artificial Intelligence (AI) is indeed a technique that is increasingly evolving throughout the worldwide and banking industry has become one of its earliest users. From manufacturing to service industries, AI have been a part of the company, in this modern era, where everything is handled by means of computers or human computer interface (HCI’s). AI is not a new innovation, but it has grown exponentially in recent years, catering a lot for sustainable growth. US and China are important countries that contribute to different applications using AI. As per Forrester report the customised customer platform offers quantitative benefits in the form of reduced costs, highly efficient human resources and enhanced customer engagement outcomes. AI is growing, however there are barriers to support and maintain since it can deal with possible biases or accountability of senior executives and government legislations. Big data is a channel to AI’s service and Virtual reality cannot operate without data. In the Present research the development and success of AI have been analysed focussing on the banking industry. The study also finds different ways to minimise costs and provide reliable data based on Site intelligence. AI’s a machine blessing, but also a threat. This report discusses the vulnerabilities and diverse prospects for growth in this particular service sector.
... Such vulnerabilities are mostly attributed to the lack of unified standards for organizations to benchmark against. This is coupled with a severe shortage of managerial and technical skills necessary to implement them (Dawson, 2018). Organizations based in the European Union and North America have been prioritizing moves in the direction of standardizing cybersecurity protocols. ...
... The I4.0 has a very close association with cybersecurity. In recent times, a number of I4.0 cybersecurity incidents have been reported, additionally stressing the need to strengthen protection from cyber-attacks (Dawson, 2018). Industrial operators who utilize IoT and I4.0 solutions are particularly vulnerable to such threats. ...
... Industrial operators who utilize IoT and I4.0 solutions are particularly vulnerable to such threats. The need to improve cybersecurity under the I4.0 protocol has become crucial, since the possible impact of cyber threats range from concerns regarding physical security to downtimes in production, damage to products and equipment, as well as potential for substantial reputational and financial losses (Dawson, 2018). ...
Book
The book explains strategic issues, trends, challenges, and future scenario of global economy in the light of Fourth Industrial Revolution. It consists of insightful scientific essays authored by scholars and practitioners from business, technology, and economics area. The book contributes to business education by means of research, critical and theoretical reviews of issues in Fourth Industrial Revolution.
... Such vulnerabilities are mostly attributed to the lack of unified standards for organizations to benchmark against. This is coupled with a severe shortage of managerial and technical skills necessary to implement them (Dawson, 2018). Organizations based in the European Union and North America have been prioritizing moves in the direction of standardizing cybersecurity protocols. ...
... The I4.0 has a very close association with cybersecurity. In recent times, a number of I4.0 cybersecurity incidents have been reported, additionally stressing the need to strengthen protection from cyber-attacks (Dawson, 2018). Industrial operators who utilize IoT and I4.0 solutions are particularly vulnerable to such threats. ...
... Industrial operators who utilize IoT and I4.0 solutions are particularly vulnerable to such threats. The need to improve cybersecurity under the I4.0 protocol has become crucial, since the possible impact of cyber threats range from concerns regarding physical security to downtimes in production, damage to products and equipment, as well as potential for substantial reputational and financial losses (Dawson, 2018). ...
Chapter
Full-text available
Industry 4.0 (I4.0) fueled by technological advancements in the context of cyber-physical space has brought about phenomenal changes in the way goods and services can be manufactured. However, despite the widespread use of the term in popular vernacular, little is known about what exactly I4.0 is, and the potential contribution it is expected to make and its’ possible fallouts on society. The advent of the I4.0 age has not only brought the promise of an era of immense productivity, but also brought with it many challenges that lie in the path of adoption of such an advanced manufacturing ecosystem. This study presents I4.0 in the context of manufacturing by focusing on three areas. Firstly, the nine (9) core foundational technological phenomenon driving I4.0 in the manufacturing environment, followed by the challenges in adoption of I4.0. Finally, the role of industry-academia partnership in paving the path for adoption of I4.0 is presented as a potential for future research focus.
... Industry 4.0 includes a highly integrated system that includes the more efficient use of robotic technology to take the product to new heights efficiently and effectively. However, Industry 4.0 requires a high level of cyber security to proceed it smoothly (Dawson, 2018). ...
Article
Full-text available
Cyber security is a shared responsibility that we all have a role to play. However, interconnection across different information and communication devices sharply increases the complexity of cyberspace, making it difficult to manage in a secure manner. On the other hand, the borderless nature of cyberspace creates an insecure environment for information and ICT devices. Today, many countries have realized that information and communication technology and their national information infrastructure can be vulnerable to cyber-attacks. And, every country in the world is trying to maximize cyber security strategies.
... This sort of control architecture poses another challenge in terms of cybersecurity. This is because the industrial machine and its peripherals go online over TCP/IP, making the industrial system in effect a cyber-physical system (CPS) [17,18]. Furthermore, since the ubiquitous HMI is expected to be portable and mobile, a handheld device with a very low profile in terms of size and weight and an override system (i.e., emergency buttons) that can be easily accessible by system operators' fingers to ensure speedy interventions are required. ...
Article
Full-text available
In this paper, an integrated system to control and manage a state-of-the-art industrial computer numerical control (CNC) machine (Studer S33) using a commercially available tablet (Samsung Galaxy Tablet S2) is presented as a proof of concept (PoC) for the ubiquitous control of industrial machines. As a PoC, the proposed system provides useful insights to support the further development of full-fledged systems for Industrial Internet of Things (IIoT) applications. The proposed system allows for the quasi-decentralisation of the control architecture of conventional programmable logic controller (PLC)-based industrial control systems (ICSs) through data and information exchange over the transmission control protocol and the internet protocol (TCP/IP) suite using multiple agents. Based on the TCP/IP suite, a network device (Samsung Galaxy Tablet S2) and a process field net (PROFINET) device (Siemens Simatic S7-1200) are interfaced using a single-board computer (Raspberry Pi 4). An override system mainly comprising emergency stop and acknowledge buttons is also configured using the single-board computer. The input signals from the override system are transmitted to the PROFINET device (i.e., the industrial control unit (ICU)) over TCP/IP. A fully functional working prototype is realised as a PoC for an integrated system designated for the wireless and ubiquitous control of the CNC machine. The working prototype as an entity mainly comprises a mobile (handheld) touch-sensitive human-machine interface (HMI), a shielded single-board computer, and an override system, all fitted into a compact case with physical dimensions of 300 mm by 180 mm by 175 mm. To avert potential cyber attacks or threats to a reasonable extent and to guarantee the security of the PoC, a multi-factor authentication (MFA) including an administrative password and an IP address is implemented to control the access to the web-based ubiquitous HMI proffered by the PoC.
Article
The use of engineering to drive down costs and improve productivity has been an ongoing business exercise since the first Industrial Revolution. The term Cyber-Physical System is a wide range of different computing technologies embedded with the next-generation engineered systems into the physical world. Connected Cyber-Physical Systems (CPS) improve the lives of people and increase industry and manufacturing efficiency. It is affecting many branches of life such as transportation, healthcare and medicine, the environment, and energy. Industry 4.0 integrates humans, machines, and data to provide a holistic and interlinked approach to manufacturing, hence, increasing privacy concerns. For example, Autonomous Vehicles (AV) can be driven without a pilot and those systems can be hacked if there is a breach in the system. Nowadays, most of the systems are interconnected to the internet and nothing can be considered fully safe. Therefore, with this increase of security threats and privacy concerns, there is a need to assess and evaluate the trade-off between enhancements and improvements in manufacturing and the possible threats and security risks in the context of Cyber-Physical Systems. We need to bridge the gaps and overcome some of these limitations. In this work, we studied the security concerns emerging from interconnected Cyber-Physical systems, devices, and services in Industry 4.0. To identify security vulnerabilities, we have chosen the energy dataset because energy is the key point of every Cyber-Physical system so aimed to show the importance of energy, and the K-Means algorithm implemented which is an advanced Machine Learning and potential risks detected.
Article
Since the first Industrial Revolution the trends in manufacturing have evolved a lot, from mechanical production to the era of smart manufacturing via technologies like Cyber Physical Systems, Internet of Things, Big Data, Cyber Security, Cloud Computing, Additive Manufacturing, Advanced robots, Modelling and Simulation and Augmented Virtual Reality. These technologies are enabling Interoperability and integration of various processes and departments in an organization because of the attribute of real-time inter-connectivity. Due to high inter-connectivity advantages like shorter development time, mass customization and modularity, configurability can be brought into existence. This will not only change the dynamics of the production lines but also add to the profit ratio of an organization by controlling over inventory via virtualization and predictive manufacturing. Due to such attributes of the Industry 4.0 paradigm, understanding them in depth is necessary. Hence, this paper aims to review many such characteristics, enablers, and main drivers of the Industry 4.0 paradigm and ultimately provides insight on the future scopes of each of the main pillars of Industry 4.0.
Article
Full-text available
Within the rise of the fourth industrial revolution, the role of Big Data became increasingly important for a successful digital transformation in the manufacturing environment. The acquisition, analysis, and utilization of this key technology can be defined as a driver for decision-making support, process and operation optimization, and therefore increase the efficiency and effectiveness of a complete manufacturing site. Furthermore, if corresponding interfaces within the supply chain can be connected within a reasonable effort, this technology can boost the competitive advantage of all stakeholders involved. These developments face some barriers: especially SMEs have to be able to be connected to typically more evolved IT systems of their bigger counterparts. To support SMEs with the development of such a system, this paper provides an innovative approach for the digitalization of the value chain of an aluminum component, from casting to the end-of-life recycling, by especially taking into account the RAMI 4.0 model as fundament for a standardized development to ensure compatibility within the complete production value chain. Furthermore, the key role of Big Data within digitalized value chains consisting of SMEs is analytically highlighted, demonstrating the importance of associated technologies in the future of metal processing and in general, manufacturing.
Chapter
Full-text available
Secure computing is essential as environments continue to become intertwined and hyperconnected. As the Internet of Things (IoT), Web of Things (WoT), and the Internet of Everything (IoE) dominate the landscape of technological platforms, protection these complicated networks is important. The everyday person who wishes to have more devices that allow the ability to be connected needs to be aware of what threats they could be potentially exposing themselves to. Additionally, for the unknowing consumer of everyday products needs to be aware of what it means to have sensors, Radio Frequency IDentification (RFID), Bluetooth, and WiFi enabled products. This submission explores how Availability, Integrity, and Confidentiality (AIC) can be applied to IoT, WoT, and IoE with consideration for the application of these architectures in the defense sector.
Chapter
Full-text available
Mobile devices are becoming a method to provide an efficient and convenient way to access, find and share information; however, the availability of this information has caused an increase in cyber attacks. Currently, cyber threats range from Trojans and viruses to botnets and toolkits. Presently, 96% of mobile devices do not have pre-installed security software while approximately 65% of the vulnerabilities are found within the application layer. This lack in security and policy driven systems is an opportunity for malicious cyber attackers to hack into the various popular devices. Traditional security software found in desktop computing platforms, such as firewalls, antivirus, and encryption, is widely used by the general public in mobile devices. Moreover, mobile devices are even more vulnerable than personal desktop computers because more people are using mobile devices to do personal tasks. This review attempts to display the importance of developing a national security policy created for mobile devices in order to protect sensitive and confidential data.
Chapter
Full-text available
Mobile devices are becoming a method to provide an efficient and convenient way to access, find and share information; however, the availability of this information has caused an increase in cyber attacks. Currently, cyber threats range from Trojans and viruses to botnets and toolkits. Presently, 96% of mobile devices do not have pre-installed security software while approximately 65% of the vulnerabilities are found within the application layer. This lack in security and policy driven systems is an opportunity for malicious cyber attackers to hack into the various popular devices. Traditional security software found in desktop computing platforms, such as firewalls, antivirus, and encryption, is widely used by the general public in mobile devices. Moreover, mobile devices are even more vulnerable than personal desktop computers because more people are using mobile devices to do personal tasks. This review attempts to display the importance of developing a national security policy created for mobile devices in order to protect sensitive and confidential data.
Book
This book discusses the cyber-assurance needs of the IoT environment, highlighting key information assurance (IA) IoT issues and identifying the associated security implications. Through contributions from cyber-assurance, IA, information security and IoT industry practitioners and experts, the text covers fundamental and advanced concepts necessary to grasp current IA issues, challenges, and solutions for the IoT. The future trends in IoT infrastructures, architectures and applications are also examined. Other topics discussed include the IA protection of IoT systems and information being stored, processed or transmitted from unauthorized access or modification of machine-2-machine (M2M) devices, radio-frequency identification (RFID) networks, wireless sensor networks, smart grids, and supervisory control and data acquisition (SCADA) systems. The book also discusses IA measures necessary to detect, protect, and defend IoT information and networks/systems to ensure their availability, integrity, authentication, confidentially, and non-repudiation. Discusses current research and emerging trends in IA theory, applications, architecture and information security in the IoT based on theoretical aspects and studies of practical applications Aids readers in understanding how to design and build cyber-assurance into the IoT Exposes engineers and designers to new strategies and emerging standards, and promotes active development of cyber-assurance Covers challenging issues as well as potential solutions, encouraging discussion and debate amongst those in the field Cyber-Assurance for the Internet of Things is written for researchers and professionals working in the field of wireless technologies, information security architecture, and security system design. This book will also serve as a reference for professors and students involved in IA and IoT networking. © 2017 by The Institute of Electrical and Electronics Engineers, Inc. All rights reserved.
Article
Security vulnerabilities and defects are results of poorly constructed software that can lead to easy exploitation by the cyber criminals. A large number of Cloud software systems are facing security threats, and even the sophisticated security tools and mechanisms are not able to detect it. Such prevailing problem necessitates the monitoring and controlling of the software development process and its maintenance. Security is considered to be one of the nonfunctional requirements that have significant effect on the architectural designing of the Cloud Software as a Service (SaaS). In addition, there is prevalence of differential views between the two software engineering concepts, i.e., conventional and contemporary and then this presents a significant challenge for the software development team to deal with security at the implementation and maintenance stage of the SDLC. Thus, we have discussed a real world case study includes 103 failed real cases that were generated manually or automatically by real applications through various testing techniques and we have illustrated some preliminary results. The evaluation results showed appearance of a significant number of security vulnerabilities in the early stages of Cloud Software/Service Development Life Cycle (CSDLC). Hence, this needs to be maintained in advance. Based on such results, this paper presents a generic framework to deal with such security at the early stages of the CSDLC. This framework aims at adding an extra security level at the early stages of the CSDLC, which has been further illustrated by a case study showing the applicability of the framework.
Article
The Internet of Things (IoT) is an emerging paradigm focusing on the inter-connection of things or devices to each other and to the users. This technology is anticipated to become an integral milestone in the development of smart homes and smart cities. For any technology to be successful and achieve widespread use, it needs to gain the trust of users by providing adequate security and privacy assurance. Despite the growing interest of the research community in IoT, and the emergence of several surveys and papers addressing its architecture and its elements, we are still lacking a thorough analysis of the security and privacy properties that are required for a system where the constituent devices vary in their capabilities. In this paper we provide a threat model based on use-cases of IoT, which can be used to determine where efforts should be invested in order to secure these systems. We conclude by recommending measures that will help in providing security and assuring privacy when using IoT.