论文信息 - Towards Automated Security Evaluation within the Industrial Reference Architecture

Towards Automated Security Evaluation within the Industrial Reference Architecture

The current developments towards the visions of Industrie 4.0 will create open and dynamic architectures being supervised by Industrial Automation and Control Systems. Due to this new connectivity and flexibility, future industrial production systems need to be inspected during all phases of the whole lifecycle from a security point of view as well. Frequent reconfiguration and adaptation based on smart services impose advanced requirements on the audits and certification with regard to security. To facilitate that, this work presents an approach for the modeling of security requirements and capabilities within the Industrial Reference Architecture and evaluates it based on the concrete system architectures of a number of industrial use cases. The result is the Sec4ICS tooling-based concept for the automated assessment of security-related functionalities within industrial systems.

Marco Ehrlich | Henning Trsek | Georg Lukas | Martin Gergeleit

[1] Juergen Jasperneite,et al. The Future of Industrial Communication: Automation Networks in the Era of the Internet of Things and Industry 4.0 , 2017, IEEE Industrial Electronics Magazine.

[2] W. Marsden. I and J , 2012 .

[3] Animesh Pattanayak,et al. Current Cyber Security Challenges in ICS , 2018, 2018 IEEE International Conference on Industrial Internet (ICII).

[4] Alexander Fay,et al. Ontology and life cycle of knowledge for ICS security assessments , 2016, ICS-CSR.

[5] Marco Ehrlich,et al. Automated Processing of Security Requirements and Controls for a common Industrie 4.0 Use Case , 2019, 2019 International Conference on Networked Systems (NetSys).

[6] Edgar R. Weippl,et al. Quantitative Security Risk Assessment for Industrial Control Systems: Research Opportunities and Challenges , 2019, J. Internet Serv. Inf. Secur..

[7] Karen A. Scarfone,et al. Guide to Industrial Control Systems (ICS) Security , 2015 .

[8] Marco Ehrlich,et al. Modeling Security Requirements and Controls for an Automated Deployment of Industrial IT Systems , 2020 .

[9] Joint Task Force Transformation Initiative,et al. Risk management framework for information systems and organizations:: a system life cycle approach for security and privacy , 2018 .

[10] Rudolf Schmid,et al. Organization for the advancement of structured information standards , 2002 .