Concept and use Case Driven Approach for Mapping IT Security Requirements on System Assets and Processes in Industrie 4.0

Abstract

The fourth industrial revolution (Industrie 4.0) is distinguished by a growing network and intelligence of machines, products, services and data. This results in new business models and value chains, but also various risks, e.g. by hacker attacks, data theft or manipulation. Many companies consider Industrie 4.0 much as a security challenge other than an opportunity or enabler for new business models. Therefore, effective security methods to protect the Industrie 4.0 systems and its associated values and assets are needed. One of the aims of Industrie 4.0 is identifying and developing new, appropriate security practices for enterprises and especially for their production systems. Based on the connectivity infrastructure in the shop floor, the diversity in the corporate landscape of the global mechanical and plant engineering ultimately causes that every company has to develop its own way of IT and production security management. In the context of Industrie 4.0, an integral concept is needed, that connects the requirements from manufacturing automation and mechanical engineering to process engineering with the properties of cyber-physical systems as an Industrie 4.0 component and well-established core elements of IT security descriptions. Standards from industry associations and standardization committees have to be included. In this paper, a process model is developed, which consults RAMI 4.0 and well-established core elements of safety and IT security considering the standards IEC 61508 and IEC 62443. A use case driven approach is developed with the goal to demonstrate the functionalities and validation of the process model. In different iterations, the dynamic change of the system by mapping IT security requirements on system assets and processes will be presented. The purpose of the developed process model is to assign security measures to vulnerabilities and threats of a system for Industrie 4.0.