Instituto Politécnico de Viana do Castelo, 4900-347 Viana do Castelo, Portugal.
Universidade da Maia, 4475-690 Maia, Portugal.
Sensors (Basel). 2021 Jul 30;21(15):5189. doi: 10.3390/s21155189.
The concepts brought by Industry 4.0 have been explored and gradually applied.The cybersecurity impacts on the progress of Industry 4.0 implementations and their interactions with other technologies require constant surveillance, and it is important to forecast cybersecurity-related challenges and trends to prevent and mitigate these impacts. The contributions of this paper are as follows: (1) it presents the results of a systematic review of industry 4.0 regarding attacks, vulnerabilities and defense strategies, (2) it details and classifies the attacks, vulnerabilities and defenses mechanisms, and (3) it presents a discussion of recent challenges and trends regarding cybersecurity-related areas for Industry 4.0. From the systematic review, regarding the attacks, the results show that most attacks are carried out on the network layer, where dos-related and mitm attacks are the most prevalent ones. Regarding vulnerabilities, security flaws in services and source code, and incorrect validations in authentication procedures are highlighted. These are vulnerabilities that can be exploited by dos attacks and buffer overflows in industrial devices and networks. Regarding defense strategies, Blockchain is presented as one of the most relevant technologies under study in terms of defense mechanisms, thanks to its ability to be used in a variety of solutions, from Intrusion Detection Systems to the prevention of Distributed dos attacks, and most defense strategies are presented as an after-attack solution or prevention, in the sense that the defense mechanisms are only placed or thought, only after the harm has been done, and not as a mitigation strategy to prevent the cyberattack. Concerning challenges and trends, the review shows that digital sovereignty, cyber sovereignty, and data sovereignty are recent topics being explored by researchers within the Industry 4.0 scope, and GAIA-X and International Data Spaces are recent initiatives regarding data sovereignty. A discussion of trends is provided, and future challenges are pointed out.
工业 4.0 带来的概念已经被探索并逐步应用。网络安全对工业 4.0 实施进展的影响及其与其他技术的交互作用需要不断监测,重要的是要预测与网络安全相关的挑战和趋势,以预防和减轻这些影响。本文的贡献如下:(1)它展示了对工业 4.0 攻击、漏洞和防御策略的系统综述的结果,(2)详细分类了攻击、漏洞和防御机制,以及(3)提出了对工业 4.0 网络安全相关领域最新挑战和趋势的讨论。从系统综述来看,在攻击方面,结果表明,大多数攻击是在网络层进行的,其中与 dos 相关的和 mitm 攻击最为常见。在漏洞方面,突出了服务和源代码中的安全缺陷以及身份验证过程中的不正确验证。这些漏洞可以被 dos 攻击和工业设备和网络中的缓冲区溢出利用。在防御策略方面,区块链被认为是最相关的技术之一,因为它可以在各种解决方案中使用,从入侵检测系统到分布式 dos 攻击的预防,并且大多数防御策略被提出作为一种事后的解决方案或预防措施,即防御机制仅在造成损害后才被放置或考虑,而不是作为预防网络攻击的缓解策略。关于挑战和趋势,综述表明,数字主权、网络主权和数据主权是研究人员在工业 4.0 范围内正在探索的新主题,而 GAIA-X 和国际数据空间是关于数据主权的新举措。提供了对趋势的讨论,并指出了未来的挑战。
