On the Cost of Security Compliance in Information Systems
This addresses security compliance costs for industrial systems adopting Industry 4.0, but it is incremental as it adapts existing SixSigma methods.
The paper tackled the security challenges in Industry 4.0 by developing a catalog that maps security requirements to standard controls and includes cost estimation, enabling secure remote access for smart maintenance.
The onward development of information and communication technology has led to a new industrial revolution called Industry 4.0. This revolution involves Cyber-Physical Production Systems (CPPS), which consist of intelligent Cyber-Physical Systems that may be able to adapt themselves autonomously in a production environment. At the moment, machines in industrial environments are often not connected to the internet, which thus needs a point-to-point connection to access the device if necessary. Through Industry 4.0, these devices should enable remote access for smart maintenance through a connection to the outside world. However, this connection opens the gate for possible cyber-attacks and thus raises the question about providing security for these environments. Therefore, this paper used an adapted approach based on SixSigma to solve this security problem by investigating security standards. Security requirements were gathered and mapped to controls from well known security standards, formed into a catalog. This catalog includes assessment information to check how secure a solution for a use case is and also includes a link to an estimation method for implementation cost. Thus this papers outcome shows how to make Industry 4.0 use cases secure by fulfilling security standard controls and how to estimate the resulting implementation costs.