Abstract
Critical manufacturing processes in smart networked systems such as Cyber-Physical Production Systems (CPPSs) typically require guaranteed quality-of-service performances, which is supported by cyber-security management. Currently, most existing vulnerability-assessment techniques mostly rely on only the security department due to limited communication between different working groups. This poses a limitation to the security management of CPPSs, as malicious operations may use new exploits that occur between successive analysis milestones or across departmental managerial boundaries. Thus, it is important to study and analyse CPPS networks’ security, in terms of vulnerability analysis that accounts for humans in the production process loop, to prevent potential threats to infiltrate through cross-layer gaps and to reduce the magnitude of their impact. We propose a semantic framework that supports the collaboration between different actors in the production process, to improve situation awareness for cyberthreats prevention. Stakeholders with different expertise are contributing to vulnerability assessment, which can be further combined with attack-scenario analysis to provide more practical analysis. In doing so, we show through a case study evaluation how our proposed framework leverages crucial relationships between vulnerabilities, threats and attacks, in order to narrow further the risk-window induced by discoverable vulnerabilities.
This research has been supported in part by the EU ISF Project A431.678/2016 ELVIRA (Threat modeling and resilience of critical infrastructures), coordinated by Polismyndigheten/Sweden.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Wu, D., et al.: Cybersecurity for digital manufacturing. J. Manuf. Syst. 48, 3–12 (2018)
Mohurle, S., Patil, M.: A brief study of Wannacry Threat: Ransomware attack 2017. Int. J. Adv. Res. Comput. Sci. 8(5) (2017)
Välja, M., Lagerström, R., Franke, U., Ericsson, G.: A framework for automatic it architecture modeling: applying truth discovery (2018)
Rahm, E., Bernstein, P.A.: A survey of approaches to automatic schema matching. VLDB J. 10(4), 334–350 (2001)
Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security-a survey. IEEE Internet Things J. 4(6), 1802–1831 (2017)
Kure, H., Islam, S., Razzaque, M.: An integrated cyber security risk management approach for a cyber-physical system. Appl. Sci. 8(6), 898 (2018)
Jiang, Y., Jeusfeld, M., Atif, Y., Ding, J., Brax, C., Nero, E.: A language and repository for cyber security of smart grids. In: 2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC), pp. 164–170. IEEE (2018)
Hafner, M., Breu, R., Agreiter, B., Nowak, A.: SECTET: an extensible framework for the realization of secure inter-organizational workflows. Internet Res. 16(5), 491–506 (2006)
Johnson, P., Vernotte, A., Gorton, D., Ekstedt, M., Lagerström, R.: Quantitative information security risk estimation using probabilistic attack graphs. In: Großmann, J., Felderer, M., Seehusen, F. (eds.) RISK 2016. LNCS, vol. 10224, pp. 37–52. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57858-3_4
Elhabashy, A.E., Wells, L.J., Camelio, J.A., Woodall, W.H.: A cyber-physical attack taxonomy for production systems: a quality control perspective. J. Intell. Manuf. 30(6), 1–16 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Jiang, Y., Atif, Y., Ding, J., Wang, W. (2020). A Semantic Framework with Humans in the Loop for Vulnerability-Assessment in Cyber-Physical Production Systems. In: Kallel, S., Cuppens, F., Cuppens-Boulahia, N., Hadj Kacem, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2019. Lecture Notes in Computer Science(), vol 12026. Springer, Cham. https://doi.org/10.1007/978-3-030-41568-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-41568-6_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41567-9
Online ISBN: 978-3-030-41568-6
eBook Packages: Computer ScienceComputer Science (R0)