Abstract
Within the last decade, Security became a major focus in the traditional IT-Industry, mainly through the interconnection of systems and especially through the connection to the Internet. This opened up a huge new attack surface, which resulted in major takedowns of legitimate services and new forms of crime and destruction. This led to the development of a multitude of new defense mechanisms and strategies, as well as the establishing of Security procedures on both, organizational and technical level. Production systems have mostly remained in isolation during these past years, with security typically focused on the perimeter. Now, with the introduction of new paradigms like Industry 4.0, this isolation is questioned heavily with Physical Production Systems (PPSs) now connected to an IT-world resulting in cyber-physical systems sharing the attack surface of traditional web based interfaces while featuring completely different goals, parameters like lifetime and safety, as well as construction. In this work, we present an outline on the major security challenges faced by cyber-physical production systems. While many of these challenges harken back to issues also present in traditional web based IT, we will thoroughly analyze the differences. Still, many new attack vectors appeared in the past, either in practical attacks like Stuxnet, or in theoretical work. These attack vectors use specific features or design elements of cyber-physical systems to their advantage and are unparalleled in traditional IT. Furthermore, many mitigation strategies prevalent in traditional IT systems are not applicable in the industrial world, e.g., patching, thus rendering traditional strategies in IT-Security unfeasible. A thorough discussion of the major challenges in CPPS-Security is thus required in order to focus research on the most important targets.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Agrawal, R., Kiernan, J.: Watermarking relational databases. In: Proceedings of the 28th International Conference on Very Large Data Bases, pp. 155–166. VLDB Endowment (2002)
Barry, B.I.A., Chan, H.A.: Intrusion detection systems. In: Stavroulakis, P., Stamp, M. (eds.) Handbook of Information and Communication Security, pp. 193–205. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-04117-4_10
Barth, M., Biffl, S., Drath, R., Fay, A., Winkler, D.: Bewertung der offenheit von engineering-tools. Open Autom. 4(13), 12–15 (2013)
Byres, E.: The air gap: SCADA’s enduring security myth. Commun. ACM 56(8), 29–31 (2013)
Crosby, M., Pattanayak, P., Verma, S., Kalyanaraman, V.: Blockchain technology: beyond bitcoin. Appl. Innov. 2, 6–10 (2016)
Depren, O., Topallar, M., Anarim, E., Ciliz, M.K.: An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Syst. Appl. 29(4), 713–722 (2005)
Diemer, J.: Sichere industrie-4.0-plattformen auf basis von community-clouds. In: Vogel-Heuser, B., Bauernhansl, T., ten Hompel, M. (eds.) Handbuch Industrie 4.0 Bd. 1. VDI Springer Reference, pp. 177–204. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-45279-0_39
Interinstitutional File: Proposal for a regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation) (2012)
Villaronga, E.F., Kieseberg, P., Li, T.: Humans forget, machines remember: artificial intelligence and the right to be forgotten. Comput. Secur. Law Rev. 8 (2017)
Hell, K., Lüder, A.: Wiederverwendung im engineering. ZWF Zeitschrift für wirtschaftlichen Fabrikbetrieb 111(6), 337–341 (2016)
Kagermann, H.: Recommendations for Implementing the Strategic Initiative Industrie 4.0. Forschungsunion, Essen (2013)
Howard, M., Lipner, S.: The Security Development Lifecycle, vol. 8. Microsoft Press, Redmond (2006)
Hundt, L., Lüder, A.: Development of a method for the implementation of interoperable tool chains applying mechatronical thinking—use case engineering of logic control. In: 2012 IEEE 17th Conference on Emerging Technologies and Factory Automation (ETFA), pp. 1–8. IEEE (2012)
Kieseberg, P., Schrittwieser, S., Mulazzani, M., Echizen, I., Weippl, E.: An algorithm for collusion-resistant anonymization and fingerprinting of sensitive microdata. Electron. Mark. 24(2), 113–124 (2014)
Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)
Liang, G., Weller, S.R., Zhao, J., Luo, F., Dong, Z.Y.: The 2015 ukraine blackout: implications for false data injection attacks. IEEE Trans. Power Syst. 32(4), 3317–3318 (2017)
Lindemann, U.: Methodische Entwicklung Technischer Produkte: Methoden Flexibel und Situationsgerecht Anwenden. Springer, Heidelberg (2006). https://doi.org/10.1007/978-3-642-01423-9
McGraw, G.: Software security. IEEE Secur. Priv. 2(2), 80–83 (2004)
Nagra, J., Collberg, C.: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Pearson Education, London (2009)
Ramaswamy, A., Bratus, S., Smith, S.W., Locasto, M.E.: Katana: a hot patching framework for elf executables. In: International Conference on Availability, Reliability, and Security, ARES 2010, pp. 507–512. IEEE (2010)
Richtlinie, V.D.I.: 2206: Entwicklungsmethodik für mechatronische Systeme. VDI-Verlag, Düsseldorf (2004)
Richtlinie, V.D.I.: 2221 (1993): Methodik zum Entwickeln und Konstruieren technischer Systeme und Produkte. VDI-Verlag, Düsseldorf (2007)
Riel, A., Kreiner, C., Macher, G., Messnarz, R.: Integrated design for tackling safety and security challenges of smart products and digital manufacturing. CIRP Ann.-Manuf. Technol. 66, 177–180 (2017)
Schrittwieser, S., Katzenbeisser, S., Kinder, J., Merzdovnik, G., Weippl, E.: Protecting software through obfuscation: can it keep pace with progress in code analysis? ACM Comput. Surv. (CSUR) 49(1), 4 (2016)
Sion, R., Atallah, M., Prabhakar, S.: Watermarking relational databases (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Kieseberg, P., Weippl, E. (2018). Security Challenges in Cyber-Physical Production Systems. In: Winkler, D., Biffl, S., Bergsmann, J. (eds) Software Quality: Methods and Tools for Better Software and Systems. SWQD 2018. Lecture Notes in Business Information Processing, vol 302. Springer, Cham. https://doi.org/10.1007/978-3-319-71440-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-71440-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71439-4
Online ISBN: 978-3-319-71440-0
eBook Packages: Computer ScienceComputer Science (R0)