An increase of distributed denial-of-service (DDoS) attacks launched by botnets such as Mirai has raised public awareness regarding potential security weaknesses in the Internet of Things (IoT). Devices are an attractive target for attackers because of their large number and due to most devices being online 24/7. In addition, many traditional security mechanisms are not applicable for resource constraint IoT devices. The importance of security for cyber-physical systems (CPS) is even higher, as most systems process confidential data or control a physical process that could be harmed by attackers. While industrial IoT is a hot topic in research, not much focus is put on ensuring information security. Therefore, this paper intends to give an overview of current research regarding the security of data in industrial CPS. In contrast to other surveys, this work will provide an overview of the big CPS security picture and not focus on special aspects.
TopIntroduction
In recent years, customers’ demands for personalized products increased rapidly (Adomavicius & Tuzhilin, 2005). To account for these customer requests, traditional mass production facilities need to be altered such that personalized products can be manufactured in a cost-effective way. One possible way to achieve this goal is to make factories smart by enabling the interconnection of all devices involved in the manufacturing process. The term Smart Factory was introduced by Zuelke (2010) when he described his vision of a factory-of-things. According to Zuelke, in such a factory-of-things, smart objects could interact with each other using Internet of Things (IoT) and cyber-physical systems (CPSs) concepts (Weiser, 1991) (Mattern & Floerkemeier, 2010), (Lee, 2008). Recent high-tech initiatives such as Germany’s Industry 4.0 further extend the vision of smart factories beyond providing cost effective personalized products. In these initiatives, smart factories utilize self-organizing multi-agent systems that operate without human assistance. In addition, also big data analysis will play a major role in future smart factories in order to optimize production processes.
To account for the envisioned functionalities of a smart factory, devices ranging from battery operated sensors up to big data servers need to be interconnected. Due to the diversity of devices which might be resource constraint, standard web protocols such as HTTP often cannot be applied, thus making Web of Things (WoT) concepts infeasible. Instead, lightweight protocols and concepts from the IoT can be applied. IoT concepts in industrial contexts offer advantages but also critical disadvantages. One advantage is the possibility to control and reconfigure machines such that personalized products can be manufactured (Gibson, Rosen, Stucker et al., 2010). However, connecting production machinery to the Internet also results in issues that do not arise in traditional production facilities. Machinery that is accessible through the Internet implicates security and safety issues; security breaches in industrial contexts may lead to the loss of highly confidential data or may even threaten employees’ lives (Cheng, Zhang, & Chen, 2016).
Security, however, is often not considered in industrial IoT research as current main topics in research are enabling technologies and production strategies. Therefore, the intention of this work is to present an overview of current security related research on industrial IoT and CPSs. In contrast to other works, the authors intend to give a broad overview of security aspects, not focusing on single special topics. This broad overview, however, is given in a compact form to present the big picture of IoT and CPS security. An overview of all topics discussed in this work is presented in the big picture shown in Figure 1.
Figure 1. Big picture of IoT and CPS related security measures as discussed in this work
This work is structured as follows. As background information, attack taxonomies are given and different types of attacks are discerned in Section Attack Taxonomies. Also in this Section, challenges of CPS security and differences compared to traditional IT systems are discussed. This section also lists current research trends regarding CPS security. To highlight the importance of IoT and CPS security, recent attacks targeting IoT devices and CPSs are presented in Section Attacks. The subsequent sections discuss security enhancing technologies on different layers as shown in Figure 1. Section Network Security lists network related security problems and solutions. Issues and fixes related to device security are discussed in Section Device Security where hardware and software related topics are discussed. This work is then concluded with Section Conclusion where also current hot research topics are briefly discussed.