The emergence of industry 4.0 stems from research that has received a great deal of attention in the last few decades. Consequently, there has been a huge paradigm shift in the manufacturing and production sectors. However, this poses a challenge for cybersecurity and highlights the need to address the possible threats targeting (various pillars of) industry 4.0. However, before providing a concrete solution certain aspect need to be researched, for instance, cybersecurity threats and privacy issues in the industry. To fill this gap, this paper discusses potential solutions to cybersecurity targeting this industry and highlights the consequences of possible attacks and countermeasures (in detail). In particular, the focus of the paper is on investigating the possible cyber-attacks targeting 4 layers of IIoT that is one of the key pillars of Industry 4.0. Based on a detailed review of existing literature, in this study, we have identified possible cyber threats, their consequences, and countermeasures. Further, we have provided a comprehensive framework based on an analysis of cybersecurity and privacy challenges. The suggested framework provides for a deeper understanding of the current state of cybersecurity and sets out directions for future research and applications.
The number of businesses entering I4.0 (also referred to as Industrial Internet, Internet of Things) is increasingly growing, by connecting industrial units through the internet with the intent of improving productivity and efficiency. These internet-enabled industries are key targets of Cyber Security (CS) threats, and it is one of the key challenges that need to be dealt with [
According to the annual report on CS published by CISCO in 2018, 31% of organizations faced cyber-attacks on operational technology while 38% of organizations expected the extension of cyber-attack to change from Information technology level to Operational Technology level. According to this report, 75% of experts perceived CS as a priority. By comparison, only 16% of experts believed that their company is ready to face CS challenges. Lack of knowledge about CS threats and poor technical and managerial skills are considered a reason for this problem [
CS is now becoming a key consideration for Europe and various other international organizations. For instance, IEC has published guidelines about CS and privacy and the possible ways of implementing these principles [
The structure of the remaining paper is organized as: the next section of the paper will discuss some key terminologies in detail for a better understanding of the area under research. Section 3 discusses the architecture of IIoT and I4.0 characterization. Section 4 will discuss the research methodology and proposed framework along with possible threats targeting IIoT layers, the consequence of these attacks, and countermeasures. Section 5 will present the result of the paper by providing a detailed discussion of our findings. Section 6 will conclude the paper by discussing some open issues for the research.
Acr | Abbreviations | Acr | Abbreviations |
---|---|---|---|
IIOT | Industrial internet of things | UDP | User Datagram Protocol |
CS | Cybersecurity | DTLS | Datagram Transport Layer Security |
I4.0 | Industry 4.0 | CARP | Channel-aware routing protocol |
IEC | International electro-technical Commission | NIST | National Institute of Standards and Technology |
ESCO | European cybersecurity organization | DoS | Denial of service |
CPS | Cyber-physical systems | MITM | Man-in-the-Middle attack |
IOS | Internet of Services | WSN | Wireless Sensor Networks |
ICT | Information and Communication Technologies | IDS | Intrusion detection system |
RPL | Routing protocol for low power | CSP | Cloud service provider |
ITU | International Telecommunications Union | SST | Spread spectrum techniques |
HTTP | Hypertext transfer protocol | COAP | Constrained application protocol |
MQTT | Message queue telemetry transport | XMPP | Extensible messaging and presence protocol |
I4.0 is a single paradigm, but it has many visions and dimensions. To fully understand it, we need to see these different dimensions. Below we discuss it.
The term I4.0 also known as industrial internet, has brought a great revolution in the industry. It originated in Germany when the German government promoted the computerization of the manufacturing industry. The idea behind I4.0 was to connect all the participants using the internet so that they could exchange information with each other. This idea is based on a cyber-physical system, a system of computational elements collaborating in a coordinated and controlled way. I4.0. Provides better business gain and has accelerated productivity a lot. It has impacted almost every field of life; proponent of I4.0 considers it as the third wave of innovation [
Below we discuss some definitions of I4.0 from the current literature for a better understanding.
“The industrial internet is an IoT, machines, computers, and people enabling intelligent industrial operations using advanced data analytics for transformational business outcomes, and it is redefining the landscape for business and individuals alike [
I4.0 is the interaction between IoT and CPS which includes embedded systems, sensors and actuators, hardware, and software along with the connection to other systems.
IoT is a network of connected devices that are communicating with each other through the internet [
“Industrial Internet: a short-hand for the industrial applications of IoT, also known as the IIoT” [
“In general, the terms “IoT” apply to expand network access and computational capabilities to objects, devices, sensors, and things that are not typically considered computers as shown in
The above definitions provide a good overview of IIoT; however; for this paper, we have taken IIoT as one of the key pillars of IIoT. This pillar is divided into four layers as shown in
Cyber protection is the practice of using different methods to secure computers, networks, programs, and data from unauthorized access or attacks. It can also be defined as the security of organizational cyberspace from various internal and external security attacks. CS has become a matter of global interest for researchers and practitioners. Below we provide some definitions of CS from literature.
CS is defined as “preserving the integrity, confidentiality, and timely availability of information in Cyberspace” [
“The art of ensuring the existence and continuity of the information society of a nation, guaranteeing and protecting, in Cyberspace, its information, assets, and critical infrastructure” [
CPS is a system of interacting physical entities manipulating computational elements. CPS are physical and engineered structures whose activities are controlled, organized, regulated, and incorporated by a center of computing and communication. They allow us to combine computation and communication with physical processes to add capabilities to physical systems [
“A system comprising a set of interacting physical and digital components, which may be centralized or distributed, that provides a combination of sensing, control, computation and networking functions, to influence outcomes in the real world through physical processes” [
CPS is characterized as disruptive technologies between its physical assets and computational capabilities for the management of interconnected systems [
In this section, we will discuss the pillars of I4.0. The detailed architecture of IIoT and CS characterization for I4.0 will pave the way for the next section. I4.0 is mainly based on nine pillars. In a single research, it is not possible to address each pillar in detail; however, for the readers’ understanding of I4.0, each pillar is discussed briefly in Sub-section 3.1. The reason for choosing IIoT as the topic for this research is manifold: firstly; researchers have discussed several pillars of I4.0, but all of them highlight IIoT as a key pillar of I4.0. Secondly; IIoT has revolutionized industry 4.0 [
Researchers and practitioners have defined various enabling factors of I4.0. However; eight factors are common in many research papers as shown in
I4.0 is having nine key pillars, as discussed above; each one is important. However; for this research, we will only discuss cyber threats targeting IIoT in the context of I4.0. Before proceeding towards research methodology, we will discuss IIoT architecture in detail. IIoT architecture is composed of 4 layers, as shown in
After discussing I4.0 and one of its pillar IIoT, this section takes advantage of Defining system vulnerability Cyber-attacks The risk associated with cyber-attacks Countermeasures used to deal with possible attacks
All these elements are associated with CS. The brief discussion of these points will help in a better understanding of this research’s findings.
A detailed review of the existing literature is performed in this study to highlight possible CS attacks targeting IIoT. This review aims to collect possible cyber-attacks that target every four layers of IIoT, identify the possible consequences of these attacks, and providing countermeasures to protect against these attacks. The detailed methodology is shown in
IIoT sensing and actuator layer is the target of direct physical attacks. According to our findings, possible attacks targeting the sensing layer of IIoT include tampering, sensor threats, and DoS. Tampering attacks may be launched through physical damage, malicious code injection, and node jamming. Weak authentication and careless deployment may cause sensor threats while the DoS attack may be launched through changing the physical link, distortion, and Jamming. This study also highlighted countermeasures against each attack. The possible countermeasures to address the problems of tampering include tamper-resistant packaging and tamper-proofing & hiding. The measures that need to be taken against sensor threats include IDS, public key encryption, protecting sensed data, and enhancing the service management system. On the other hand, DoS may be protected through traffic monitoring and SST [
In IIoT automation, communication between nodes is key and networking attacks are especially harmful. According to our review results, two main attacks targeting the network layer of IIoT are MITM and DoS. However, these attacks cause further sub attacks as shown in our framework. According to Framework, MITM can be launched in many ways, including eavesdropping, routing attack, and replay attack. On the other hand, DoS may be launched through exhaustion, collision, wormhole, spoofing, unfair behavior, sinkhole attack, Sybil attack, flooding, node replication, and selective forwarding. According to our findings, MITM may be addressed through a semi-dynamic controller signature, detecting and blocking fake links and encryption. On the other hand, DoS attack at the network layer may be addressed through anti-jamming, identity-based authentication, IP security, digital signature, intrusion detection system, using link quality indicator, using a mobile agent to defend nodes, monitoring neighbor nodes, cryptography and packet tracing [
In the IIoT setup, data is centralized and aggregated at the data processing layer usually within the cloud. The security of this data is crucial for any cyber environment. According to the existing literature on IIoT, this layer is a target of four main attacks, namely, Malware, session hijacking, malicious insider, and CSP risks. All these attacks have further subtypes: Malware attack has three main subtypes that are virus, worm, and botnets. Session hijacking attack at the service layer includes active session hijacking and passive session hijacking. Malicious insider attacks include DoS, extracting information, and executing privileges. The risk and attacks associated with CSP are back door attack, social engineering, and password guessing. According to our findings, the possible solution to Malware attacks is antimalware software and avoiding suspicious emails, websites, and other links. The possible solution for addressing session hijacking attacks is by educating users, IDS, using SSL, and monitoring MAC address and CAPTCHA protection. The possible solution for malicious insider includes periodic risk assessment, employee training, assigning fewer privileges, strict security policy, and monitoring disruptive behavior. Cloud service provided risk may be addressed through input monitoring, encrypted communication, and cloud education [
The IIoT application layer is the target of several security attacks. There are mainly four types of attacks that target the application layer of IIoT, namely, sniffing, phishing, malicious code injection, and DoS. These attacks have further sub attacks i.e., sniffing is of two types: active sniffing and passive sniffing. DoS attack at the application layer may be through exhaustion and flooding. Phishing attacks may be subdivided into social engineering attacks and malware-based phishing. Malicious code injection attacks include injecting the packet as well as injecting the nodes. According to our findings, the countermeasures used to protect against sniffing attacks are encryption and Mac filtering. DoS attacks at the application layer may be protected using firewall & proxies, filtering, and IP security. Malicious code injection can be protected using authentication and IDS, and phishing attacks can be addressed through user education, strong authentication mechanism, network-level protection, and using client and server-side security tools [
Despite the importance of IIoT in the I4.0, it is prone to various security attacks. A lot of research efforts have been done to protect IIoT infrastructure from possible cyber-attacks. After going through the existing literature on IIoT, we realized that there is a need to provide a detailed review that may discuss all possible cyber-attacks targeting all layers of IIoT and the countermeasures to protect this sensitive infrastructure from security attacks. Further, CS attacks targeting IIoT architecture have been discussed in many studies but there exist no studies that provide layer-wise attacks. To overcome this gap, this paper provides a detailed overview of the possible cyber-security threats targeting each layer of IIoT along with their countermeasures. In the sub-section below, we discuss our results both in tabular and graphical form.
This subsection discusses attacks that target the sensor layer of IIoT.
Attacks | Causes/Consequences | Countermeasures | Freq | References | |
---|---|---|---|---|---|
Physical layer | Tampering | Physical damage | Tamper-resistant packaging | 14 | [ |
Malicious code |
Tamper proofing and hiding | ||||
Sensor Threats | Weak authentication |
Protecting sensed data |
8 | [ |
|
Careless deployment | Enhancing the sensor |
||||
Denial of Service | Changing physical link | SST | 20 | [ |
|
Distortion | SST | ||||
Jamming | Traffic monitoring |
According to the data of
The above statistics show that individuals, as well as organizations, should take proper measures to protect their assets. The use of security tools, proper management, and careful deployment is necessary to protect the networks from these attacks.
This subsection discusses attacks that target the Network layer of IIoT.
According to data in
Attacks | Sub-Attacks | Countermeasures | Freq | References | |
---|---|---|---|---|---|
Network layer | Denial of service | Exhaustion | Packet marking |
14 | [ |
Jamming | Anti-jamming |
10 | [ |
||
Spoofing | Identity-based authentication |
7 | [ |
||
Sinkhole attack | Intrusion detection system |
11 | [ |
||
Unfairness | Proper security mechanism |
8 | [ |
||
Selective forwarding | Monitoring neighbor node |
13 | [ |
||
Wormhole attack | Intrusion detection system |
10 | [ |
||
Sybil attack | Cryptography |
12 | [ |
||
Flooding | Packet marking |
10 | [ |
||
Node replication | Identity-based authentication |
6 | [ |
||
MITM | Eavesdropping | Adding semi-dynamic controller signature |
10 | [ |
|
Routing attack | Encryption | 7 | [ |
||
Replay attack | message sequence |
12 | [ |
This subsection discusses attacks that target the data/service layer of IIoT.
Attacks | Attacks subtypes | Countermeasures | Freq | References | |
---|---|---|---|---|---|
Data layer | Malicious Insider | DoS | Periodic risk assessment |
15 | [ |
Extracting information | |||||
Executing privileges | |||||
CSP risks | Back door attack | Encrypted communication |
13 | [ |
|
Social engineering | |||||
Password guessing | |||||
Malware | Virus | Avoid suspicious opening link |
12 | [ |
|
Worm | |||||
Botnets | |||||
Session hijacking | Active session hijacking | Intrusion detection system |
8 | [ |
|
Passive session hijacking |
Malware threat is a common type of attack that usually comes through auspicious links and emails. Organizations need to train their employees regarding this attack. Last but not least is session hijacking that needs to be monitored, it can be done via IDS, Monitoring MAC address, Using SSL, HTTPS connection, Educating users, and CAPTCHA prevention.
This subsection presents attacks that target the Application layer of IIoT.
Attacks | Attacks Detail | Countermeasures | Freq | References | |
---|---|---|---|---|---|
Data layer | Phishing | Malware based phishing | User education |
19 | [ |
Social engineering | |||||
Sniffing | Active sniffing | Encryption |
14 | [ |
|
Passive sniffing | |||||
DoS | Exhaustion | Firewalls and proxies |
22 | [ |
|
Flooding | |||||
Malicious code injection | Injecting node | Authentication |
22 | [ |
|
Injecting packet |
The second key attack that targets this layer of IIoT is phishing that usually comes through emails and suspicious links. This attack can somehow be prevented through user education, using client-side and server-side security tools, and by implementing a proper authentication mechanism. Last but not least is the sniffing attack that can be prevented through encryption and MAC filtering.
The above discussion provides a detailed overview of existing cybersecurity threats and challenges along with mitigation strategies to the I4.0 practitioners and researchers. Some other studies [
I4.0 has brought a great revolution in almost every field of life by connecting billions of heterogeneous devices on a real-time basis. Researchers have discussed various pillars of I4.0, including autonomous robots, simulation, cyber-security, IIoT, horizontal and vertical integration, augmented reality, etc. It was not possible to discuss cybersecurity and privacy issues confronting all the pillars of I4.0 in a single research. Therefore, in this research, we have focused on IIoT, one of the important pillars of I4.0. We have provided a detailed architecture of I4.0 that is composed of four layers. One of the key challenges faced by I4.0 is the risk of CS attacks. To overcome this problem, we have discussed all possible attacks targeting each layer of IIoT along with their consequences and possible countermeasures. This detailed analysis of the literature aims to provide a broader overview of IIoT architecture and the possible attacks targeting each layer of IIoT. It will help the IIoT researchers and practitioners in getting awareness of possible attacks and their solutions. Based on an analysis of existing cybersecurity and privacy issues targeting IIoT, a comprehensive framework is developed that provides an overview of possible security and privacy threats along with the ways of attacks and countermeasures.
In the future, we are planning to apply the proposed framework in Industry 4.0 settings to analyze the impact of the proposed approach in mitigating cyber privacy and security issues.