Interoperability enablers for cyber-physical enterprise systems

BG05М2ОР001-1.002-0002publishersversionpublishe

ENHANCING THE OPERATIONAL RESILIENCE OF CYBER- MANUFACTURING SYSTEMS (CMS) AGAINST CYBER-ATTACKS

Cyber-manufacturing systems (CMS) are interconnected production environments comprised of complex and networked cyber-physical systems (CPS) that can be instantiated across one or many locations. However, this vision of manufacturing environments ushers in the challenge of addressing new security threats to production systems that still contain traditional closed legacy elements. The widespread adoption of CMS has come with a dramatic increase in successful cyber-attacks. With a myriad of new targets and vulnerabilities, hackers have been able to cause significant economic losses by disrupting manufacturing operations, reducing outgoing product quality, and altering product designs. This research aims to contribute to the design of more resilient cyber-manufacturing systems. Traditional cybersecurity mechanisms focus on preventing the occurrence of cyber-attacks, improving the accuracy of detection, and increasing the speed of recovery. More often neglected is addressing how to respond to a successful attack during the time from the attack onset until the system recovery. We propose a novel approach that correlates the state of production and the timing of the attack to predict the effect on the manufacturing key performance indicators. Then a real-time decision strategy is deployed to select the appropriate response to maintain availability, utilization efficiency, and a quality ratio above degradation thresholds until recovery. Our goal is to demonstrate that the operational resilience of CMS can be enhanced such that the system will be able to withstand the advent of cyber-attacks while remaining operationally resilient. This research presents a novel framework to enhance the operational resilience of cyber-manufacturing systems against cyber-attacks. In contrast to other CPS where the general goal of operational resilience is to maintain a certain target level of availability, we propose a manufacturing-centric approach in which we utilize production key performance indicators as targets. This way we adopt a decision-making process for security in a way that is aligned with the operational strategy and bound to the socio-economic constraints inherent to manufacturing. Our proposed framework consists of four steps: 1) Identify: map CMS production goals, vulnerabilities, and resilience-enhancing mechanisms; 2) Establish: set targets of performance in production output, scrap rate, and downtime at different states; 3) Select: determine which mechanisms are needed and their triggering strategy, and 4) Deploy: integrate into the operation of the CMS the selected mechanisms, threat severity evaluation, and activation strategy. Lastly, we demonstrate via experimentation on a CMS testbed that this framework can effectively enhance the operational resilience of a CMS against a known cyber-attack

The Severity and Effects of Cyber-breaches in SMEs: a Machine Learning Approach

In this paper, we investigate cyber breaches and their effects on small and medium entreprises (SMEs). This is an important gap that exists in the literature, considering the controversial role that SMEs play with cybersecurity and the importance that SMEs have in the economy. For the empirical study, we make use of the Cyber Security Breaches Survey data, which collects information on the management of cybersecurity in UK companies (Cyber Security Breaches Survey, 2016, 2017). The final sample consists of 1,348 UK SMEs in the period 2016–2017. From a cybersecurity point of view, our first group of contributions extends the literature on SMEs’ security. We extend previous works confirming that SMEs receive a wide variety of breaches, through malware in automated and non-automated attacks, followed by attacks of social enginering, exploiting staff vulnerabilities, even those derived from the misuse of the information systems (IS) in SMEs. Secondly, unlike previous works, we have characterized the degree of severity of breaches in SMEs, based on disruption time and their cost. Our last contribution consists of determining the effect and severity of breaches in SMEs in terms of economic, financial and management impacts, highlighting the differential aspects with large companies

Systemic formalisation of Cyber-Physical-Social System (CPSS): A systematic literature review

peer reviewedThe notion of Cyber-Physical-Social System (CPSS) is an emerging concept developed as a result of the need to understand the impact of Cyber-Physical Systems (CPS) on humans and vice versa. This paradigm shift from CPS to CPSS was mainly attributed to the increasing use of sensor enabled smart devices and the tight link with the users. The concept of CPSS has been around for over a decade and it has gained an increasing attention over the past few years. The evolution to incorporate human aspects in the CPS research has unlocked a number of research challenges. Particularly human dynamics brings additional complexity that is yet to be explored. The exploration to conceptualise the notion of CPSS has been partially addressed in few scientific literatures. Although its conceptualisation has always been use-case dependent. Thus, there is a lack of generic view as most works focus on specific domains. Furthermore the systemic core and design principles linking it with the theory of systems are loose. This work aims at addressing these issues by first exploring and analysing scientific literatures to understand the complete spectrum of CPSS through a Systematic Literature Review (SLR). Thereby identifying the state-of-the-art perspectives on CPSS regarding definitions, underlining principles and application areas. Subsequently, based on the findings of the SLR, we propose a domain-independent definition and a meta-model for CPSS, grounded in the Theory of Systems. Finally a discussion on feasible future research directions is presented based on the systemic notion and the proposed meta-models