Computer Security Vulnerabilities in Industry 4.0
proposed Criteria for Using Multi-Criteria Analysis
DOI:
https://doi.org/10.5585/exactaep.2022.21683Keywords:
security vulnerability, Industry 4.0, multi-criteria analysis, AHP, information securityAbstract
The progress of Industry 4.0 is increasingly relevant, considering the rise in computer security vulnerabilities and the complexity of prioritizing them in decision-making. There was a research gap on this topic. The article’s objective is to identify criteria in the scientific literature that can be used in a multi-criteria analysis method to prioritize the treatment of security vulnerabilities in Industry 4.0. A method like AHP (Analytic Hierarchy Process is a proposed solution. The methodology was an exploratory review in the SCOPUS and Web of Science databases. The result identified eight criteria and 34 sub-criteria related to the treatment of security vulnerabilities in Industry 4.0. The theoretical contribution goes towards filling the gap in relation to this topic. The practical contribution allows Industry 4.0 organizations to apply the criteria identified in the multi-criteria analysis to address their security vulnerabilities and thus reach better decisions for the delivery of products and services contributing to society. Future research can be conducted through interviews or surveys for professional validation of the criteria found, as well as the practical application of the AHP method.
Downloads
References
Agrawal, A., Alenezi, M., Kumar, R., & Khan, R. A. (2020). A unified fuzzy-based symmetrical multi-criteria decision-making method for evaluating sustainable-security of web applications. Symmetry, 12(3). https://doi.org/10.3390/sym12030448
Agrawal, A., Zarour, M., Alenezi, M., Kumar, R., & Khan, R. A. (2019). Security durability assessment through fuzzy analytic hierarchy process. PeerJ Computer Science, 2019(9). https://doi.org/10.7717/peerj-cs.215
Alcácer, V., & Cruz-Machado, V. (2019). Scanning the Industry 4.0: A Literature Review on Technologies for Manufacturing Systems. In Engineering Science and Technology, an International Journal (Vol. 22, Issue 3, pp. 899–919). Elsevier B.V. https://doi.org/10.1016/j.jestch.2019.01.006
Al-Mhiqani, M. N., Ahmad, R., Yassin, W., Hassan, A., Zaheera, Z., Abidin, N., Salih, A., & Abdulkareem, H. (2018). Cyber-Security Incidents: A Review Cases in Cyber-Physical Systems. In IJACSA) International Journal of Advanced Computer Science and Applications (Vol. 9, Issue 1). http://dx.doi.org/10.14569/IJACSA.2018.090169
Ani, U. D., He, H., & Tiwari, A. (2019). Human factor security: evaluating the cybersecurity capacity of the industrial workforce. Journal of Systems and Information Technology, 21(1), 2–35. https://doi.org/10.1108/JSIT-02-2018-0028
Ankele, R., Marksteiner, S., Nahrgang, K., & Vallant, H. (2019, August 26). Requirements and recommendations for IoT/IIoT models to automate security assurance through threat modelling, security analysis and penetration testing. ACM International Conference Proceeding Series. https://doi.org/10.1145/3339252.3341482
Annual, C., & Report, I. (2018). White paper Cisco public.
Anuar, N. B., Papadaki, M., Furnell, S., & Clarke, N. (2013). Incident prioritisation using analytic hierarchy process (AHP): Risk Index Model (RIM). Security and Communication Networks, 6(9), 1087–1116. https://doi.org/10.1002/sec.673
Bolbot, V., Theotokatos, G., Boulougouris, E., & Vassalos, D. (2020). A novel cyber-risk assessment method for ship systems. Safety Science, 131. https://doi.org/10.1016/j.ssci.2020.104908
Butun, I., Osterberg, P., & Song, H. (2020). Security of the Internet of Things: Vulnerabilities, Attacks, and Countermeasures. IEEE Communications Surveys and Tutorials, 22(1), 616–644. https://doi.org/10.1109/COMST.2019.2953364
Butun, I., Sari, A., & Osterberg, P. (2019). Security Implications of Fog Computing on the Internet of Things. In 2019 IEEE International Conference on Consumer Electronics (ICCE) (pp. 1-6). IEEE. https://doi.org/10.1109/ICCE.2019.8661909
CISA. (2021, July 20). Significant Historical Cyber-Intrusion Campaigns Targeting ICS. CISA.
de Almeida, P. S. (2019). Indústria 4.0: Princípios básicos, aplicabilidade e implantação. Saraiva Educação.
Dimitriadis, A., Flores, J. L., Kulvatunyou, B., Ivezic, N., & Mavridis, I. (2020). Ares: Automated risk estimation in smart sensor environments. Sensors (Switzerland), 20(16), 1–19. https://doi.org/10.3390/s20164617
Fekete, A., & Rhyner, J. (2020). Sustainable digital transformation of disaster risk—integrating new types of digital social vulnerability and interdependencies with critical infrastructure. Sustainability (Switzerland), 12(22), 1–18.
https://doi.org/10.3390/su12229324
Fernández-Caramés, T. M., & Fraga-Lamas, P. (2020a). Teaching and learning IoT cybersecurity and vulnerability assessment with shodan through practical use cases. Sensors (Switzerland), 20(11). https://doi.org/10.3390/s20113048
Fernández-Caramés, T. M., & Fraga-Lamas, P. (2020b). Use case based blended teaching of IIoT cybersecurity in the industry 4.0 era. Applied Sciences (Switzerland), 10(16). https://doi.org/10.3390/app10165607
Galegale, N. V., Fontes, E. L. G., & Galegale, B. P. (2017). Uma contribuição para a segurança da informação: Um estudo de casos múltiplos com organizações brasileiras. Perspectivas Em Ciencia Da Informacao, 22(3), 75–97. https://doi.org/10.1590/1981-5344/2866
Guglielmetti, F. R., Augusto, F., Marins, S., Antonio, V., & Salomon, P. (2003). Comparação Teórica entre Métodos de Auxílio à Tomada de Decisão por Múltiplos Critérios. Encontro Nacional de Engenharia de Produção, 23. Disponível em: http://www.din.uem.br/sbpo/sbpo2003/pdf/arq0131.pdf
He, H., Maple, C., Watson, T., Tiwari, A., Mehnen, J., Jin, Y., & Gabrys, B. (2016). The Security Challenges in the IoT enabled Cyber-Physical Systems and Opportunities for Evolutionary Computing & Other Computational Intelligence. IEEE Computational Intelligence Society. https://doi.org/10.1109/CEC.2016.7743900
Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences, 80(5), 973–993. https://doi.org/10.1016/j.jcss.2014.02.005
Kim, D. W., Choi, J. Y., & Han, K. H. (2020). Risk management-based security evaluation model for telemedicine systems. BMC
Medical Informatics and Decision Making, 20(1). https://doi.org/10.1186/s12911-020-01145-7
Lara, E., Aguilar, L., Sanchez, M. A., & García, J. A. (2020). Lightweight authentication protocol for M2M communications of resource-constrained devices in industrial internet of things. Sensors (Switzerland), 20(2). https://doi.org/10.3390/s20020501
Leite, I. M. S., & Freitas, F. F. T. (2012). Análise Comparativa dos Métodos de Apoio Multicritério a Decisão: AHP, ELECTRE e PROMETHEE. XXXII Encontro Nacional de Engenharia de Produção - ENEGEP. Disponível em http://www.abepro.org.br/biblioteca/enegep2012_TN_STP_162_944_20906.pdf
Liang, F., Hatcher, W. G., Liao, W., Gao, W., & Yu, W. (2019). Machine Learning for Security and the Internet of Things: The Good, the Bad, and the Ugly. IEEE Access, 7, 158126–158147. https://doi.org/10.1109/ACCESS.2019.2948912
Luo, S., Dong, M., Ota, K., Wu, J., & Li, J. (2015). A security assessment mechanism for software-defined networking-based mobile networks. Sensors (Switzerland), 15(12), 31843–31858. https://doi.org/10.3390/s151229887
Marins, C. S., Souza, D. de O., & Barros, M. da S. (2009). O Uso do Método de Análise Hierárquica (AHP) na Tomada de Decisões Gerenciais – Um Estudo de Caso. XLI SBPO. Disponível em http://www.din.uem.br/sbpo/sbpo2009/artigos/55993.pdf
Mendonça Silva, M., Poleto, T., Silva, L. C. E., Henriques De Gusmao, A. P., & Cabral Seixas Costa, A. P. (2016). A grey theory-based approach to big data risk management using FMEA. Mathematical Problems in Engineering, 2016. https://doi.org/10.1155/2016/9175418
Modarresi, A., & Symons, J. (2020). Technological Heterogeneity and Path Diversity in Smart Home Resilience: A Simulation Approach. Procedia Computer Science, 170, 177–186. https://doi.org/10.1016/j.procs.2020.03.023
Mohamed, N., Al-Jaroodi, J., & Jawhar, I. (2020). Cyber–physical systems forensics: Today and tomorrow. Journal of Sensor and Actuator Networks, 9(3). https://doi.org/10.3390/JSAN9030037
Moher, D., Shamseer, L., Clarke, M., Ghersi, D., Liberati, A., Petticrew, M., Shekelle, P., Stewart, L. A., Estarli, M., Barrera, E. S. A., Martínez-Rodríguez, R., Baladia, E., Agüero, S. D., Camacho, S., Buhring, K., Herrero-López, A., Gil-González, D. M., Altman, D. G., Booth, A., Whitlock, E. (2016). Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica, 20(2), 148–160. https://doi.org/10.1186/2046-4053-4-1
Moraitis, G., Nikolopoulos, D., Bouziotas, D., Lykou, A., Karavokiros, G., & Makropoulos, C. (2020). Quantifying Failure for Critical Water Infrastructures under Cyber-Physical Threats. Journal of Environmental Engineering, 146(9), 04020108. https://doi.org/10.1061/(asce)ee.1943-7870.0001765
Mourtzis, D., Angelopoulos, K., & Zogopoulos, V. (2019). Mapping vulnerabilities in the industrial internet of things landscape. Procedia CIRP, 84, 265–270. https://doi.org/10.1016/j.procir.2019.04.201
Murch, R. S., So, W. K., Buchholz, W. G., Raman, S., & Peccoud, J. (2018). Cyberbiosecurity: An emerging new discipline to help safeguard the bioeconomy. Frontiers in Bioengineering and Biotechnology, 6(APR). https://doi.org/10.3389/fbioe.2018.00039
Pandey, A. K., & Alsolami, F. (n.d.). Malware Analysis in Web Application Security: An Investigation and Suggestion. In IJACSA International Journal of Advanced Computer Science and Applications (Vol. 11, Iss.7). https://dx.doi.org/10.14569/IJACSA.2020.0110725
Pandey, S., Singh, R. K., Gunasekaran, A., & Kaushik, A. (2020). Cyber security risks in globalized supply chains: conceptual framework. Journal of Global Operations and Strategic Sourcing, 13(1), 103–128. https://doi.org/10.1108/JGOSS-05-2019-0042
Phu, T. N., Dang, K. H., Quoc, D. N., Dai, N. T., & Binh, N. N. (2019). A Novel Framework to Classify Malware in MIPS Architecture-Based IoT Devices. Security and Communication Networks, 2019. https://doi.org/10.1155/2019/4073940
Prislan, K., Mihelič, A., & Bernik, I. (2020). A real-world information security performance assessment using a multidimensional socio-technical approach. PLoS ONE, 15(9 September). https://doi.org/10.1371/journal.pone.0238739
PRODANOV, C. C., & de FREITAS, E. Cesar. (2013). Metodologia do trabalho científico: métodos e técnicas da pesquisa e do trabalho acadêmico (2a). Editora Feevale.
Ratasich, D., Khalid, F., Geissler, F., Grosu, R., Shafique, M., & Bartocci, E. (2019). A Roadmap Toward the Resilient Internet of Things for Cyber-Physical Systems. IEEE Access, 7, 13260–13283. https://doi.org/10.1109/ACCESS.2019.2891969
Russo, P., Caponi, A., Leuti, M., & Bianchi, G. (2019). A web platform for integrated vulnerability assessment and cyber risk management. Information (Switzerland), 10(7). https://doi.org/10.3390/info10070242
Saaty, T. L. (2008). Decision making with the analytic hierarchy process. Int. J. Services Sciences, 1(1), 83–98. http://dx.doi.org/10.1504/IJSSCI.2008.017590
SAATY, T. L. (2014). Toma de decisiones para líderes. RWS Publications.
Samaila, M. G., Sequeiros, J. B. F., Simoes, T., Freire, M. M., & Inacio, P. R. M. (2020). IoT-HarPSecA: A Framework and Roadmap
for Secure Design and Development of Devices and Applications in the IoT Space. IEEE Access, 8, 16462–16494.
https://doi.org/10.1109/ACCESS.2020.2965925
Sha, L., Xiao, F., Chen, W., & Sun, J. (2018). IIoT-SIDefender: Detecting and defense against the sensitive information leakage in industry IoT. World Wide Web, 21(1), 59–88. https://doi.org/10.1007/s11280-017-0459-8
Sommerville, I. (2011). Engenharia de software (Vol. 19). Pearson Education.
Sun, Z., & Liu, M. (2012). Application of Fuzzy AHP Method in the Effect Evaluation of Network Attack. 2nd International Conference on Electronic & Mechanical Engineering and Information Technology. http://dx.doi.org/10.2991/emeit.2012.517
Walker-Roberts, S., Hammoudeh, M., Aldabbas, O., Aydin, M., & Dehghantanha, A. (2020). Threats on the horizon: understanding security threats in the era of cyber-physical systems. Journal of Supercomputing, 76(4), 2643–2664. https://doi.org/10.1007/s11227-019-03028-9
Willing, M., Dresen, C., Haverkamp, U., & Schinzel, S. (2020). Analyzing medical device connectivity and its effect on cyber security in german hospitals. BMC Medical Informatics and Decision Making, 20(1). https://doi.org/10.1186/s12911-020-01259-y
Wollmann, D., Steiner, M. T. A., Vieira, G. E., & Steiner, P. A. (2011). Utilização da técnica AHP para análise da concorrência entre operadoras de planos de saúde. GEPROS Gestão Da Produção, Operações e Sistemas, 6(4), 111–124.
https://doi.org/10.15675/gepros
Yan, X., Fan, Y., Lee, H. H., & Qiu, R. (2020). Research on personal information risk assessment model in smart cities. Tehnicki Vjesnik, 27(5), 1403–1409. https://doi.org/10.17559/TV-20190104101416
Zardari, N. H., Ahmed, K., Shirazi, S. M., & Yusop, Z. bin. (2015). Weighting Methods and their Effects on Multi-Criteria Decision-Making Model Outcomes in Water Resources Management. SPRINGER BRIEFS IN WATER SCIENCE AND TECHNOLOGY. http://dx.doi.org/10.1007/978-3-319-12586-2
Zhou, P., Ang, B. W., & Poh, K. L. (2006). Decision analysis in energy and environmental modeling: An update. Energy, 31(14), 2604–2622. https://doi.org/10.1016/j.energy.2005.10.023
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2022 Autores
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.