Nowadays, the industrial sector is being challenged by several cybersecurity concerns. Direct attacks by malicious persons and (or) software form part of the severe jeopardies of industrial control systems (ICSs). These affect products/production qualities, brand reputations, sales revenues, and aggravate the risks to health and safety of human lives. These have been enabled due to progressive adoption of technology trends like Industry 4.0, BYOD, mobile computing, and Internet-of-Things (IoT), in the quest for improved relevance and value of production decisions, minimised operational overheads, optimum resource utilisation, markets globalisation, etc. However, several security vulnerabilities and risks have also emerged, and are increasingly being exploited in the industrial sector especially manufacturing. To manage this phenomenon, refined and holistic (combining people, process, and technology perspectives) security strategies and solutions are required to enhance security in ICS. This paper offers an insightful review of possible solution path beginning with the understanding of ICS security trends relative to cyber threats, vulnerabilities, attacks and patterns, agents, risks, and the impacts of all these on the industrial environment and entities that depend on it. Such episteme can improve security awareness, proficiency for respective stakeholders, and advance the development of appropriate security mechanisms, and adoption of recommendations.
Purpose -As cyber-attacks continue to grow, organisations adopting the internet-of-things (IoT) have continued to react to security concerns that threaten their businesses within the current highly competitive environment. Many recorded industrial cyber-attacks have successfully beaten technical security solutions by exploiting humanfactor vulnerabilities related to security knowledge and skills and manipulating human elements into inadvertently conveying access to critical industrial assets. Knowledge and skill capabilities contribute to human analytical proficiencies for enhanced cybersecurity readiness. Thus, a human-factored security endeavour is required to investigate the capabilities of the human constituents (workforce) to appropriately recognise and respond to cyber intrusion events within the industrial control system (ICS) environment.Design/methodology/approach -A quantitative approach (statistical analysis) is adopted to provide an approach to quantify the potential cybersecurity capability aptitudes of industrial human actors, identify the least security-capable workforce in the operational domain with the greatest susceptibility likelihood to cyber-attacks (i.e. weakest link) and guide the enhancement of security assurance. To support these objectives, a Human-factored Cyber Security Capability Evaluation approach is presented using conceptual analysis techniques.Findings -Using a test scenario, the approach demonstrates the capacity to proffer an efficient evaluation of workforce security knowledge and skills capabilities and the identification of weakest link in the workforce.Practical implications -The approach can enable organisations to gain better workforce security perspectives like security-consciousness, alertness and response aptitudes, thus guiding organisations into adopting strategic means of appropriating security remediation outlines, scopes and resources without undue wastes or redundancies.Originality/value -This paper demonstrates originality by providing a framework and computational approach for characterising and quantify human-factor security capabilities based on security knowledge and security skills. It also supports the identification of potential security weakest links amongst an evaluated industrial workforce (human agents), some key security susceptibility areas and relevant control interventions. The model and validation results demonstrate the application of action research. This paper demonstrates originality by illustrating how action research can be applied within socio-technical dimensions to solve recurrent and dynamic problems related to industrial environment cyber security improvement. It provides value by demonstrating how theoretical security knowledge (awareness) and practical security skills can help resolve cyber security response and control uncertainties within industrial organisations.
This article conducts a literature review of current and future challenges in the use of artificial intelligence (AI) in cyber physical systems. The literature review is focused on identifying a conceptual framework for increasing resilience with AI through automation supporting both, a technical and human level. The methodology applied resembled a literature review and taxonomic analysis of complex internet of things (IoT) interconnected and coupled cyber physical systems. There is an increased attention on propositions on models, infrastructures and frameworks of IoT in both academic and technical papers. These reports and publications frequently represent a juxtaposition of other related systems and technologies (e.g. Industrial Internet of Things, Cyber Physical Systems, Industry 4.0 etc.). We review academic and industry papers published between 2010 and 2020. The results determine a new hierarchical cascading conceptual framework for analysing the evolution of AI decision-making in cyber physical systems. We argue that such evolution is inevitable and autonomous because of the increased integration of connected devices (IoT) in cyber physical systems. To support this argument, taxonomic methodology is adapted and applied for transparency and justifications of concepts selection decisions through building summary maps that are applied for designing the hierarchical cascading conceptual framework.
This article addresses the topic of shared responsibilities in supply chains, with a specific focus on the application of the Internet of Things (IoT) in e-health environments, and Industry 4.0 issues—concerning data security, privacy, reliability and management, data mining and knowledge exchange as well as health prevention. In this article, we critically review methodologies and guidelines that have been proposed to approach these ethical aspects in digital supply chain settings. The emerging framework presents new findings on how digital technologies affect vaccine shared supply chain systems. Through epistemological analysis, the article derives new insights for transparency and accountability of supply chain cyber risk from Internet of Things systems. This research devises a framework for ethical awareness, assessment, transparency and accountability of the emerging cyber risk from integrating IoT technologies on shared Covid-19 healthcare supply chain infrastructure.
In this paper we present an understanding of cyber risks in the Internet of Things (IoT), we explain why it is important to understand what IoT cyber risks are and how we can use risk assessment and risk management approaches to deal with these challenges. We introduce the most effective ways of doing Risk assessment and Risk Management of IoT risk. As part of our research, we also developed methodologies to assess and manage risk in this emerging environment. This paper will take you through our research and we will explain: what we mean by the IoT; what we mean by risk and risk in the IoT; why risk assessment and risk management are important; the IoT risk management for incident response and recovery; what open questions on IoT risk assessment and risk management remain.
The version in the Kent Academic Repository may differ from the final published version. Users are advised to check http://kar.kent.ac.uk for the status of the paper. Users should always cite the published version of record.
Cyber-attacks on Industrial Control Systems (ICS) are no longer matters of anticipation. Industrial infrastructures are continually being targeted by malicious cyber actors with very little resistance on their paths. From network breaches to data theft, denial of service attacks to privilege escalation; command and control functions have in some way been exerted on targeted industrial systems. Safety, security, resilience, reliability and performance require private industrial control system user organizations and the public sector to device strategies and steps towards dealing decisively to these emerging and increasing ICS cyber security concerns. There are already couple security solutions proposed by governments, private organizations, academia, and industries for achieving this goal. This discourse reviews the ICS security risk landscape, current security strategies and solutions with a view to discovering the gaps or weaknesses in the effective mitigation of cyber-attacks, and the enhancement of cyber security. Notable fissures in existing ICS security solutions include: greater emphasis on technology security while discounting other critical bits like people and processes, which is clearly incongruent with emerging security threats and attack trends, the unilateral dimension strategy towards security which focuses more on SCADA systems, and the emergence of more sector-specific solutions as against generic security solutions. Better solutions include approaches that follow similar evolutionary patterns as the problem trend. These include cyber security measures that would embrace constant evolution in response to changes in the threat, vulnerabilities, attacks, and impact domains. Solutions that recognise and capture; people, process, and technology security enhancement into a single system entity with holistic provisioning that can meet all three-entity vulnerabilities for a more secured ICS environment.
As new technologies such as the Internet of Things (IoT) are integrated into Critical National Infrastructures (CNI), new cybersecurity threats emerge that require specific security solutions. Approaches used for analysis include the modelling and simulation of critical infrastructure systems using attributes, functionalities, operations, and behaviours to support various security analysis viewpoints, recognising and appropriately managing associated security risks. With several critical infrastructure protection approaches available, the question of how to effectively model the complex behaviour of interconnected CNI elements and to configure their protection as a system-of-systems remains a challenge. Using a systematic review approach, existing critical infrastructure protection approaches (tools and techniques) are examined to determine their suitability given trends like IoT, and effective security modelling and analysis issues. It is found that empirical-based, agent-based, system dynamics-based, and network-based modelling are more commonly applied than economic-based and equation-based techniques, and empirical-based modelling is the most widely used. The energy and transportation critical infrastructure sectors reflect the most responsive sectors, and no one Critical Infrastructure Protection (CIP) approach -tool, technique, methodology or framework -provides a 'fit-for-all' capacity for all-round attribute modelling and simulation of security risks. Typically, deciding factors for CIP choices to adopt are often dominated by trade-offs between 'complexity of use' and 'popularity of approach', as well as between 'specificity' and 'generality' of application in sectors. Improved security modelling is feasible via; appropriate tweaking of CIP approaches to include a wider scope of security risk management, functional responsiveness to interdependency, resilience and policy formulation requirements, and collaborative information sharing between public and private sectors.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.