Affiliation:
1. Ceit and Universidad de Navarra, San Sebastián, Spain
Abstract
Industrial Internet of Things (IIoT) is present in many participants from the energy, health, manufacturing, transport, and public sectors. Many factors catalyze IIoT, such as robotics, artificial intelligence, and intelligent decentralized manufacturing. However, the convergence between IT, OT, and IoT environments involves the integration of heterogeneous technologies through protocols, standards, and buses. However, this integration brings with it security risks. To avoid the security risks, especially when systems in different environments interact, it is important and urgent to create an early consensus among the stakeholders on the IIoT security. The default Common Vulnerability Scoring System (CVSS) offers a mechanism to measure the severity of an asset's vulnerability and therefore a way to characterize the risk. However, CVSS by default has two drawbacks. On the one hand, to carry out a risk analysis, it is necessary to have additional metrics to the one established by CVSSv3.1. On the other hand, this index has been used mostly in IT environments and although there are numerous efforts to develop a model that suits industrial environments, there is no established proposal. Therefore, we first propose a survey of the main 33 protocols, standards, and buses used in an IIoT environment. This survey will focus on the security of each one. The second part of our study consists of the creation of a framework to characterize risk in industrial environments, i.e., to solve both problems of the CVSS index. To this end, we created the Vulnerability Analysis Framework (VAF), which is a methodology that allows the analysis of 1,363 vulnerabilities to establish a measure to describe the risk in IIoT environments.
Funder
SENDAISEgurtasun integrala iNDustria AdImentsurako
CYBERPREST-Cybersegurtasunerako gaitasun osoa
Publisher
Association for Computing Machinery (ACM)
Subject
General Computer Science,Theoretical Computer Science
Reference262 articles.
1. R. Shirey. 2007. Internet security glossary version 2. Retrieved from https://tools.ietf.org/html/rfc4949. R. Shirey. 2007. Internet security glossary version 2. Retrieved from https://tools.ietf.org/html/rfc4949.
2. S. Whalen M. Bishop and S. Engle. 2005. Protocol vulnerability analysis. Citeseer 14 (2005). Retrieved from https://pdfs.semanticscholar.org/cb46/7b25e76e309b15fef603882c8b9892a2ddc7.pdf 7. S. Whalen M. Bishop and S. Engle. 2005. Protocol vulnerability analysis. Citeseer 14 (2005). Retrieved from https://pdfs.semanticscholar.org/cb46/7b25e76e309b15fef603882c8b9892a2ddc7.pdf 7.
3. K. Stouffer V. Pillitteri S. Lightman M. Abrams and A. Hahn. 2015. NIST special publication 800-82: Guide to industrial control systems (ICS) security. Retrieved from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf. K. Stouffer V. Pillitteri S. Lightman M. Abrams and A. Hahn. 2015. NIST special publication 800-82: Guide to industrial control systems (ICS) security. Retrieved from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf.
4. R. Martin etal 2016. Industrial Internet Security Framework Technical Report Second. Highland Avenue Needham MA. Industrial Internet Consortium. Retrieved from https://www.iiconsortium.org/pdf/IIC_PUB_G4_V1.00_PB-3.pdf. R. Martin et al. 2016. Industrial Internet Security Framework Technical Report Second. Highland Avenue Needham MA. Industrial Internet Consortium. Retrieved from https://www.iiconsortium.org/pdf/IIC_PUB_G4_V1.00_PB-3.pdf.
Cited by
56 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献