Automating Multidimensional Security Compliance for Cloud-Based Industry 4.0

Abstract

Industry 4.0 is a concept emerged from technological advances in different fields, from expansion of cyber-physical assets to industrial internet of things encompassed with cloud-adoption that drives big data analysis and artificial intelligence applications. Innovating in such technological landscape imply higher risks both in information security and privacy as various cybersecurity threats exist in each technology. Therefore, the information security management system (ISMS) and system security plan (SSP) in industry 4.0 must manage multiple standards and regulations relating to different scope leading to multidimensional compliance problem. Managing SSP compliance with standards or regulations that overlap in scope and evolve over time is based on assessing and documenting security controls. Relying on manual efforts while the complexity and scope keep increasing is inefficient and often not possible due to the lack of the cybersecurity resources. The paper describes a process to create an industry 4.0 relevant SSP that can be automatically assessed for easier compliance management. In addition, a baseline SSP is created focused on security controls needed for industry 4.0 systems based on cloud environments. The proposed approach suggests that automated security controls assessment and auditing can be achieved which enables continual improvement of the SSP and increased efficiency for any organization trying to manage security audits. As the presented baseline SSP can be easily customized following the described process, the baseline can be used by any organization as a starting point to create the automated security management for industry 4.0 systems.