Talks and Poster Presentations (with Proceedings-Entry):

M. Eckhart, A. Ekelhart, A. Lüder, S. Biffl, E. Weippl:
"Security Development Lifecycle for Cyber-Physical Production Systems";
Talk: 45th Annual Conference of the IEEE Industrial Electronics Society (IECON 2019), Lisbon, Portugal, Portugal; 2019-10-14 - 2019-10-18; in: "IEEE", IEEE, (2019), ISBN: 978-1-7281-4878-6.

English abstract:
As the connectivity within manufacturing processes
increases in light of Industry 4.0, information security becomes
a pressing issue for product suppliers, systems integrators, and
asset owners. Reaching new heights in digitizing the manufacturing industry also provides more targets for cyber attacks, hence,
cyber-physical production systems (CPPSs) must be adequately
secured to prevent malicious acts. To achieve a sufficient level of
security, proper defense mechanisms must be integrated already
early on in the systems´ lifecycle and not just eventually in the
operation phase. Although standardization efforts exist with the
objective of guiding involved stakeholders toward the establishment of a holistic industrial security concept (e.g., IEC 62443), a
dedicated security development lifecycle for systems integrators
is missing. This represents a major challenge for engineers who
lack sufficient information security knowledge, as they may not be
able to identify security-related activities that can be performed
along the production systems engineering (PSE) process. In
this paper, we propose a novel methodology named Security
Development Lifecycle for Cyber-Physical Production Systems
(SDL-CPPS) that aims to foster security by design for CPPSs,
i.e., the engineering of smart production systems with security
in mind. More specifically, we derive security-related activities
based on (i) security standards and guidelines, and (ii) relevant
literature, leading to a security-improved PSE process that can
be implemented by systems integrators. Furthermore, this paper
informs domain experts on how they can conduct these securityenhancing activities and provides pointers to relevant works that
may fill the potential knowledge gap. Finally, we review the
proposed approach by means of discussions in a workshop setting
with technical managers of an Austrian-based systems integrator
to identify barriers to adopting the SDL-CPPS.

Cyber-physical production systems, information security, security development lifecycle, security by design

Created from the Publication Database of the Vienna University of Technology.