Energy-efficient through-life smart design, manufacturing and operation of ships in an industry 4.0 environment

Energy efficiency is an important factor in the marine industry to help reduce manufacturing and operational costs as well as the impact on the environment. In the face of global competition and cost-effectiveness, ship builders and operators today require a major overhaul in the entire ship design, manufacturing and operation process to achieve these goals. This paper highlights smart design, manufacturing and operation as the way forward in an industry 4.0 (i4) era from designing for better energy efficiency to more intelligent ships and smart operation through-life. The paper (i) draws parallels between ship design, manufacturing and operation processes, (ii) identifies key challenges facing such a temporal (lifecycle) as opposed to spatial (mass) products, (iii) proposes a closed-loop ship lifecycle framework and (iv) outlines potential future directions in smart design, manufacturing and operation of ships in an industry 4.0 value chain so as to achieve more energy-efficient vessels. Through computational intelligence and cyber-physical integration, we envision that industry 4.0 can revolutionise ship design, manufacturing and operations in a smart product through-life process in the near future

Security Incident Response Criteria: A Practitioner's Perspective

Industrial reports indicate that security incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security incident response process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security incident response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security incident response solutions and second, as a guide, to support future security incident response improvement initiatives

Evaluation of Cognitive Architectures for Cyber-Physical Production Systems

Cyber-physical production systems (CPPS) integrate physical and computational resources due to increasingly available sensors and processing power. This enables the usage of data, to create additional benefit, such as condition monitoring or optimization. These capabilities can lead to cognition, such that the system is able to adapt independently to changing circumstances by learning from additional sensors information. Developing a reference architecture for the design of CPPS and standardization of machines and software interfaces is crucial to enable compatibility of data usage between different machine models and vendors. This paper analysis existing reference architecture regarding their cognitive abilities, based on requirements that are derived from three different use cases. The results from the evaluation of the reference architectures, which include two instances that stem from the field of cognitive science, reveal a gap in the applicability of the architectures regarding the generalizability and the level of abstraction. While reference architectures from the field of automation are suitable to address use case specific requirements, and do not address the general requirements, especially w.r.t. adaptability, the examples from the field of cognitive science are well usable to reach a high level of adaption and cognition. It is desirable to merge advantages of both classes of architectures to address challenges in the field of CPPS in Industrie 4.0

Connected vehicles:organizational cybersecurity processes and their evaluation

Abstract. Vehicles have become increasingly network connected cyber physical systems and they are vulnerable to cyberattacks. In the wake of multiple vehicle hacks, automotive industry and governments have recognized the critical need of cybersecurity to be integrated into vehicle development framework and get manufactures involved in managing whole vehicle lifecycle. The United Nations Economic Commission for Europe (UNECE) WP.29 (World Forum for Harmonization of Vehicle Regulations) committee published in 2021 two new regulations for road vehicles type approval: R155 for cybersecurity and R156 for software update. The latter of these influence also to agricultural vehicle manufacturers, which is the empirical context of this study. Also new cybersecurity engineering standard from International Standardization Organization (ISO) and Society of Automotive Engineers (SAE) organizations change organizations risk management framework. The vehicle manufacturers must think security from an entirely new standpoint: how to reduce vehicle cybersecurity risk to other road users. This thesis investigates automotive regulations and standards related to cybersecurity and cybersecurity management processes. The methodology of the empirical part is design science that is a suitable method for the development of new artifacts and solutions. This study developed an organization status evaluation tool in the form of a questionnaire. Stakeholders can use the tool to collect information about organizational capabilities for comprehensive vehicles cybersecurity management process. As a main result this thesis provides base information for cybersecurity principles and processes for cybersecurity management, and an overview of current automotive regulation and automotive cybersecurity related standards.Verkotetut ajoneuvot : organisaation kyberturvallisuusprosessit ja niiden arviointi. Tiivistelmä. Ajoneuvoista on tullut kyberhyökkäyksille alttiita tietoverkkoon yhdistettyjä kyberfyysisiä järjestelmiä. Ajoneuvojen hakkeroinnit herättivät hallitukset ja ajoneuvoteollisuuden huomaamaan, että kyberturvallisuus on integroitava osaksi ajoneuvojen kehitysympäristöä ja valmistajat on saatava mukaan hallitsemaan ajoneuvon koko elinkaarta. Yhdistyneiden Kansakuntien Euroopan talouskomission (UNECE) WP.29 (World Forum for Harmonization of Vehicle Regulations) -komitean jäsenet julkaisivat vuonna 2021 kaksi uutta tyyppihyväksyntäsäädöstä maantiekäyttöön tarkoitetuille ajoneuvoille. Nämä ovat kyberturvallisuuteen R155 ja ohjelmistopäivitykseen R156 liittyvät säädökset, joista jälkimmäinen vaikuttaa myös maatalousajoneuvojen valmistajiin. Myös uusi International Standardization Organization (ISO) ja Society of Automotive Engineers (SAE) organisaatioiden yhdessä tekemä kyberturvallisuuden suunnittelustandardi muuttaa organisaatioiden riskienhallintaa. Ajoneuvovalmistajien on pohdittava turvallisuutta aivan uudesta näkökulmasta; kuinka pienentää ajoneuvojen kyberturvallisuusriskiä muille tienkäyttäjille. Tämä opinnäytetyö tutkii kyberturvallisuuteen liittyviä autoalan säädöksiä ja standardeja sekä kyberturvallisuuden johtamisprosesseja. Työn empiirinen osa käsittelee maatalousajonevoihin erikoistunutta yritystä. Empiirisen osan metodologia on suunnittelutiede, joka soveltuu uusien artefaktien ja ratkaisujen kehittämiseen. Tutkimuksen empiirisessä osassa kehitettiin uusi arviointityökalu, jolla sidosryhmät voivat kerätä tietoja organisaation valmiuksista ajoneuvojen kyberturvallisuuden hallintaan. Tämä opinnäytetyö tarjoaa pohjatietoa kyberturvallisuuden periaatteista ja kyberturvallisuuden hallinnan prosesseista sekä yleiskatsauksen nykyiseen autoalan sääntelyyn ja kyberturvallisuuteen liittyviin ajoneuvostandardeihin

Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things

Previous generations of safety-related industrial control systems were ‘air gapped’. In other words, process control components including Programmable Logic Controllers (PLCs) and smart sensor/actuators were disconnected and isolated from local or wide area networks. This provided a degree of protection; attackers needed physical access to compromise control systems components. Over time this ‘air gap’ has gradually been eroded. Switches and gateways have subsequently interfaced industrial protocols, including Profibus and Modbus, so that data can be drawn from safety-related Operational Technology into enterprise information systems using TCP/IP. Senior management uses these links to monitor production processes and inform strategic planning. The Industrial Internet of Things represents another step in this evolution – enabling the coordination of physically distributed resources from a centralized location. The growing range and sophistication of these interconnections create additional security concerns for the operation and management of safety-critical systems. This paper uses lessons learned from recent attacks on Ukrainian critical infrastructures to guide a forensic analysis of an IIoT switch. The intention is to identify and mitigate vulnerabilities that would enable similar attacks to be replicated across Europe and North America