Collaboration is not Evil: A Systematic Look at Security Research for Industrial Use

Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge base. Background. As part of our collaborative research of advancing the scope of industrial applications through cybersecurity and privacy, we identified a set of common challenges and pitfalls that surface in such applied interdisciplinary collaborations. Aim. Our goal with this paper is to support researchers in the emerging field of cybersecurity in industrial settings by formalizing our experiences as reference for other research efforts, in industry and academia alike. Method. Based on our experience, we derived a process cycle of performing such interdisciplinary research, from the initial idea to the eventual dissemination and paper writing. This presented methodology strives to successfully bootstrap further research and to encourage further work in this emerging area. Results. Apart from our newly proposed process cycle, we report on our experiences and conduct a case study applying this methodology, raising awareness for challenges in cybersecurity research for industrial applications. We further detail the interplay between our process cycle and the data lifecycle in applied research data management. Finally, we augment our discussion with an industrial as well as an academic view on this research area and highlight that both areas still have to overcome significant challenges to sustainably and securely advance industrial applications. Conclusions. With our proposed process cycle for interdisciplinary research in the intersection of cybersecurity and industrial application, we provide a foundation for further research. We look forward to promising research initiatives, projects, and directions that emerge based on our methodological work.

[1]  David M. Balenson,et al.  Barriers to science in security , 2010, ACSAC '10.

[2]  Stefan Decker,et al.  LISSU: Integrating Semantic Web Concepts into SOA Frameworks , 2021, ICEIS.

[3]  Martin Henze,et al.  Assessing the Security of OPC UA Deployments , 2020, ArXiv.

[4]  K. Rieck,et al.  Dos and Don'ts of Machine Learning in Computer Security , 2020, USENIX Security Symposium.

[5]  Martin Henze,et al.  The Quest for Secure and Privacy-preserving Cloud-based Industrial Cooperation , 2020, 2020 IEEE Conference on Communications and Network Security (CNS).

[6]  Christopher J. Garneau,et al.  Results and Lessons Learned from a User Study of Display Effectiveness with Experienced Cyber Security Network Analysts , 2016 .

[7]  William K. Michener,et al.  Ten Simple Rules for Creating a Good Data Management Plan , 2015, PLoS Comput. Biol..

[8]  R. H. Schmitt,et al.  Domain-Specific Language for Sensors in the Internet of Production , 2020 .

[9]  Günther Schuh,et al.  Manufacturing Control in Job Shop Environments with Reinforcement Learning , 2021, ICAART.

[10]  Florian Brillowski,et al.  Know-How Transfer and Production Support Systems to Cultivate the Internet of Production Within the Textile Industry , 2021, Advances in Intelligent Systems and Computing.

[11]  Bernhard Rumpe,et al.  A Conceptual Model for Digital Shadows in Industry and Its Application , 2021, ER.

[12]  Jason R. C. Nurse,et al.  Design Considerations for Building Credible Security Testbeds: Perspectives from Industrial Control System Use Cases , 2020, Journal of Cyber Security Technology.

[13]  Klaus Wehrle,et al.  Unlocking Secure Industrial Collaborations through Privacy-Preserving Computation , 2021, ERCIM News.

[14]  Max Ellerich,et al.  Potentials of Bluetooth Low Energy Beacons for order tracing in single and small batch production , 2021 .

[15]  Piller,et al.  Business Model Innovation for Industrie 4.0: Why the 'Industrial Internet' Mandates a New Perspective on Innovation , 2015 .

[16]  Thomas Bergs,et al.  Kernel Selection for Support Vector Machines for System Identification of a CNC Machining Center , 2019, IFAC-PapersOnLine.

[17]  Tyler Moore,et al.  Cybersecurity Research Datasets: Taxonomy and Empirical Analysis , 2018, CSET @ USENIX Security Symposium.

[18]  Bernhard Rumpe,et al.  Process Prediction with Digital Twins , 2021, 2021 ACM/IEEE International Conference on Model Driven Engineering Languages and Systems Companion (MODELS-C).

[19]  Günther Schuh,et al.  Human Digital Shadow: Data-based Modeling of Users and Usage in the Internet of Production , 2021, 2021 14th International Conference on Human System Interaction (HSI).

[20]  L. Gleim,et al.  Timestamped URLs as Persistent Identifiers , 2020, MEPDaW@ISWC.

[21]  Carmela Troncoso,et al.  Engineering Privacy by Design , 2011 .

[22]  Klaus Wehrle,et al.  Detecting Out-Of-Control Sensor Signals in Sheet Metal Forming using In-Network Computing , 2021, 2021 IEEE 30th International Symposium on Industrial Electronics (ISIE).

[23]  Noa Zilberman,et al.  An Artifact Evaluation of NDP , 2020, Comput. Commun. Rev..

[24]  Klaus Wehrle,et al.  A Case for Integrated Data Processing in Large-Scale Cyber-Physical Systems , 2019, HICSS.

[25]  Sarah Jones How to Develop a Data Management and Sharing Plan , 2011 .

[26]  Bernhard Rumpe,et al.  MontiThings: Model-Driven Development and Deployment of Reliable IoT Applications , 2022, J. Syst. Softw..

[27]  Malek Ben Salem,et al.  On the Design and Execution of Cyber-Security User Studies: Methodology, Challenges, and Lessons Learned , 2011, CSET.

[28]  L. Gleim,et al.  Expressing FactDAG Provenance with PROV-O , 2020, MEPDaW@ISWC.

[29]  A. H. Ball,et al.  Review of Data Management Lifecycle Models , 2012 .

[30]  Stuart S. Shapiro,et al.  Privacy by design , 2010, Commun. ACM.

[31]  Manuela Dalibor,et al.  Model-Driven Development of a Digital Twin for Injection Molding , 2020, CAiSE.

[32]  Klaus Wehrle,et al.  Data Reliability and Trustworthiness Through Digital Transmission Contracts , 2021, ESWC.

[33]  Nils Ole Tippenhauer,et al.  SWaT: a water treatment testbed for research and training on ICS security , 2016, 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater).

[34]  Matthias Jarke,et al.  An Agricultural Data Platform iStar Model , 2020, iStar.

[35]  Klaus Wehrle,et al.  QWIN: Facilitating QoS in Wireless Industrial Networks Through Cooperation , 2020, 2020 IFIP Networking Conference (Networking).

[36]  Christian Brecher,et al.  Dataflow Challenges in an Internet of Production: A Security & Privacy Perspective , 2019, CPS-SPC@CCS.

[37]  Klaus Wehrle,et al.  Challenges and Opportunities in Securing the Industrial Internet of Things , 2020, IEEE Transactions on Industrial Informatics.

[38]  B. Dfg Dt. Forschungsgem.,et al.  Guidelines for Safeguarding Good Research Practice , 2019 .

[39]  Roman Matzutt,et al.  Secure End-to-End Sensing in Supply Chains , 2020, 2020 IEEE Conference on Communications and Network Security (CNS).

[40]  Gerhard Lakemeyer,et al.  Action Discretization for Robot Arm Teleoperation in Open-Die Forging , 2020, 2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[41]  Matthias Jarke Data Sovereignty and the Internet of Production , 2020, CAiSE.

[42]  J. Pennekamp,et al.  The Road to Accountable and Dependable Manufacturing , 2021, Automation.

[43]  Christian Brecher,et al.  Gaining IIoT insights by leveraging ontology-based modelling of raw data and Digital Shadows , 2021, 2021 4th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS).

[44]  Michail Maniatakos,et al.  The Cybersecurity Landscape in Industrial Control Systems , 2016, Proceedings of the IEEE.

[45]  U. Reisgen,et al.  Study on weld seam geometry control for connected gas metal arc welding systems* , 2020, 2020 17th International Conference on Ubiquitous Robots (UR).

[46]  Johannes Lipp,et al.  When to Collect What? Optimizing Data Load via Process-driven Data Collection , 2020, ICEIS.

[47]  Ulf Lindqvist,et al.  Crossing the "Valley of Death": Transitioning Cybersecurity Research into Practice , 2013, IEEE Security & Privacy.

[48]  Tom M. Kroeger,et al.  Lessons Learned from 10k Experiments to Compare Virtual and Physical Testbeds , 2019, CSET @ USENIX Security Symposium.

[49]  Christian Brecher,et al.  Towards an Infrastructure Enabling the Internet of Production , 2019, 2019 IEEE International Conference on Industrial Cyber Physical Systems (ICPS).

[50]  Robert Schmitt,et al.  Data-driven decision support for process quality improvements , 2021 .

[51]  Erik van der Kouwe,et al.  Benchmarking Crimes: An Emerging Threat in Systems Security , 2018, ArXiv.

[52]  Christian Brecher,et al.  FactDAG: Formalizing Data Interoperability in an Internet of Production , 2020, IEEE Internet of Things Journal.

[53]  Sandra Geisler,et al.  The International Data Spaces Information Model - An Ontology for Sovereign Exchange of Digital Content , 2020, SEMWEB.

[54]  Klaus Wehrle,et al.  Security Considerations for Collaborations in an Industrial IoT-based Lab of Labs , 2019, 2019 IEEE Global Conference on Internet of Things (GCIoT).

[55]  J. Pennekamp,et al.  BLOOM: BLoom filter based oblivious outsourced matchings , 2017, BMC Medical Genomics.

[56]  Günther Schuh,et al.  Development of Digital Shadows for Production Control , 2021 .

[57]  Klaus Wehrle,et al.  Private Multi-Hop Accountability for Supply Chains , 2020, 2020 IEEE International Conference on Communications Workshops (ICC Workshops).

[58]  Christian Brecher,et al.  Tool wear monitoring in roughing and finishing processes based on machine internal data , 2021, The International Journal of Advanced Manufacturing Technology.

[59]  José M. Fernandez,et al.  Computer Security Clinical Trials: Lessons Learned from a 4-month Pilot Study , 2014, CSET.

[60]  Christian Brecher,et al.  Holarchy for line-less mobile assembly systems operation in the context of the internet of production , 2021 .

[61]  L. Gleim,et al.  FactStack , 2021, BTW.

[62]  Thomas W. Edgar,et al.  Realizing scientific methods for cyber security , 2012, LASER '12.

[63]  Yih-Chun Hu,et al.  Cyber-Physical Testbed: Case Study to Evaluate Anti-Reconnaissance Approaches on Power Grids’ Cyber-Physical Infrastructures , 2020 .

[64]  Max Hoffmann,et al.  Towards a flexible process-independent meta-model for production data , 2021 .

[65]  Klaus Wehrle,et al.  Secure Low Latency Communication for Constrained Industrial IoT Scenarios , 2018, 2018 IEEE 43rd Conference on Local Computer Networks (LCN).

[66]  Andrew W. Moore,et al.  Thoughts about Artifact Badging , 2020, Comput. Commun. Rev..

[67]  Josiah Dykstra,et al.  Lessons from Using the I-Corps Methodology to Understand Cyber Threat Intelligence Sharing , 2019, CSET @ USENIX Security Symposium.

[68]  Jan Rüth,et al.  Towards Executing Computer Vision Functionality on Programmable Network Devices , 2019, ENCP '19.

[69]  Tudor Dumitras,et al.  Experimental Challenges in Cyber Security: A Story of Provenance and Lineage for Malware , 2011, CSET.

[70]  Robert H. Schmitt,et al.  Methodological Assessment of Data Suitability for Defect Prediction , 2020 .

[71]  Celeste Lyn Paul,et al.  Cyber Operations Stress Survey (COSS): Studying fatigue, frustration, and cognitive workload in cybersecurity operations , 2018, CSET @ USENIX Security Symposium.

[72]  Klaus Wehrle,et al.  Easing the Conscience with OPC UA: An Internet-Wide Study on Insecure Deployments , 2020, Internet Measurement Conference.

[73]  Gianluca Percoco,et al.  Building a digital twin for additive manufacturing through the exploitation of blockchain: A case analysis of the aircraft industry , 2019, Comput. Ind..

[74]  Christian Brecher,et al.  Privacy-Preserving Production Process Parameter Exchange , 2020, ACSAC.

[75]  Klaus Wehrle,et al.  Revisiting the Privacy Needs of Real-World Applicable Company Benchmarking , 2020, IACR Cryptol. ePrint Arch..

[76]  Klaus Wehrle,et al.  Stamping Process Modelling in an Internet of Production , 2020 .

[77]  Klaus Wehrle,et al.  Connected, Digitalized Welding Production—Secure, Ubiquitous Utilization of Data Across Process Layers , 2020, Advanced Structured Materials.

[78]  Klaus Wehrle,et al.  Transparent End-to-End Security for Publish/Subscribe Communication in Cyber-Physical Systems , 2021, SAT-CPS@CODASPY.

[79]  Christian Brecher,et al.  Applying Runtime Monitoring to the Industrial Internet of Things , 2019, 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA).

[80]  Günther Schuh,et al.  Product Production Complexity Research: Developments and Opportunities , 2017 .

[81]  Martin Henze,et al.  IPAL: Breaking up Silos of Protocol-dependent and Domain-specific Industrial Intrusion Detection Systems , 2021, ArXiv.

[82]  Joseph H. Holles,et al.  Graduate Research Data Management Course Content: Teaching the Data Management Plan (DMP) , 2018 .

[83]  David Hutchison,et al.  Pains, Gains and PLCs: Ten Lessons from Building an Industrial Control Systems Testbed for Security Research , 2017, CSET @ USENIX Security Symposium.

[84]  Klaus Wehrle,et al.  Blockchain-based privacy preservation for supply chains supporting lightweight multi-hop information accountability , 2021, Inf. Process. Manag..

[85]  Jens Hiller,et al.  Privacy-Preserving Remote Knowledge System , 2019, 2019 IEEE 27th International Conference on Network Protocols (ICNP).

[86]  B. Montavon,et al.  FAIR sensor services - Towards sustainable sensor data management , 2021, Measurement: Sensors.

[87]  Xun Xu,et al.  From cloud computing to cloud manufacturing , 2012 .

[88]  Matthias Jarke,et al.  Information Systems Engineering with Digital Shadows: Concept and Case Studies , 2020, CAiSE.

[89]  Klaus Wehrle,et al.  Network Security and Privacy for Cyber-Physical Systems , 2017 .

[90]  Mauro Conti,et al.  A Survey on Industrial Control System Testbeds and Datasets for Security Research , 2021, IEEE Communications Surveys & Tutorials.

[91]  Christian Brecher,et al.  Integrative Production Technology—Theory and Applications , 2017 .

[92]  Kat Krol,et al.  Towards Robust Experimental Design for User Studies in Security and Privacy , 2016 .

[93]  Klaus Wehrle,et al.  Investigating the Applicability of In-Network Computing to Industrial Scenarios , 2021, 2021 4th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS).