Development process for information security concepts in IIoT-based manufacturing

Abstract

Digital technologies are increasingly utilized by manufacturers to make processes more transparent, efficient and networked. Novel utilization elicits the challenge of preventing deployed information technology from compromising processual security. The digital enabling of formerly analog operation technology, the extensive use of information technology connectivity like MQTT, TCP/IP, Wi-Fi, and the deployment of IoT edge computing platforms create an application scenario for the Industrial Internet of Things (IIoT), which also introduces the associated vulnerabilities, which have been extensively exploited in the past. This paper introduces a development process for information security concepts designed for production scenarios based on the IIoT. This concept is then applied using an illustrative use case from aircraft production. The main contents of the development process include: Formulation of reasonable assumptions, system modelling, threat analysis including risk assessment, recommendation of countermeasures, reassessment after incorporating countermeasures. Specifically, a Data Flow Diagram as the model is developed, and a “risk first” variation of the STRIDE methodology is applied to identify threats and prioritize them. The aforementioned state-of-the-art methodologies are adjusted to our cyber-physical use case in the IIoT. The resulting concept aims to enable manufacturing processes to be digitized as sought. The adjustments to the methodologies are independent from our use case and may be suitable to a broad field of scenarios in the IIoT.