Ethical issues invoked by Industry 4.0

Industry 4.0 is universally referred to as the fourth industrial revolution. It is a current trend of automation and data exchange in manufacturing technologies. The computerisation of manufacturing includes, amongst other, cyber-physical systems, the Internet of Things (IoT), cloud computing and cognitive computing. There are many challenges in the realisation of Industry 4.0. In order to adopt a "smart factory" and improved (software) processes many ethical considerations need to be identified and considered if a company is to obtain an ethical development and deployment of Industry 4.0. The purpose of normative ethics is to scrutinise standards about the rightness and wrongness of actions, the ultimate goal being the identification of the true human good. A rational appeal can be made to normative defensible ethical rules in order to arrive at a judicious, ethically justifiable judgement. In this position and constructive design research paper our steps are: First we report on the findings of a broad literature review of related research, which refers to the current challenges in the realisation of Industry 4.0. Second, we identify and list some basic generic Deontological and Teleological ethical principles and theories that can serve as normative guidelines for addressing the challenges identified in the initial step. Third, we prescribe a set of ethical rights and duties that must be exercised and fulfilled by protagonists/stakeholders in Industry 4.0 implementation in order for them to exhibit ethical behaviour. Each of these suggested actions are substantiated via an appeal to one, or a number of the normative guidelines, identified in the second step. By identifying and recommending a set of defensible ethical obligations that must be fulfilled in the development and deployment of smart factories, protagonists such as: employers, project managers, technology suppliers, trade unions, (on a microscopic level) and chambers of commerce, local and national government (on a macroscopic level) and other can fulfil their ethical duties. Thus, a deployed Industry 4.0 solution can result in technological change, social change and changes in the business paradigm, which are all ethically justifiable. Ultimately all the improvement processes of Industry 4.0 implementation must be underpinned with ethical consideration

Ethical issues invoked by Industry 4.0

Industry 4.0 is universally referred to as the fourth industrial revolution. It is a current trend of automation and data exchange in manufacturing technologies. The computerisation of manufacturing includes, amongst other, cyber-physical systems, the Internet of Things (IoT), cloud computing and cognitive computing. There are many challenges in the realisation of Industry 4.0. In order to adopt a "smart factory" and improved (software) processes many ethical considerations need to be identified and considered if a company is to obtain an ethical development and deployment of Industry 4.0. The purpose of normative ethics is to scrutinise standards about the rightness and wrongness of actions, the ultimate goal being the identification of the true human good. A rational appeal can be made to normative defensible ethical rules in order to arrive at a judicious, ethically justifiable judgement. In this position and constructive design research paper our steps are: First we report on the findings of a broad literature review of related research, which refers to the current challenges in the realisation of Industry 4.0. Second, we identify and list some basic generic Deontological and Teleological ethical principles and theories that can serve as normative guidelines for addressing the challenges identified in the initial step. Third, we prescribe a set of ethical rights and duties that must be exercised and fulfilled by protagonists/stakeholders in Industry 4.0 implementation in order for them to exhibit ethical behaviour. Each of these suggested actions are substantiated via an appeal to one, or a number of the normative guidelines, identified in the second step. By identifying and recommending a set of defensible ethical obligations that must be fulfilled in the development and deployment of smart factories, protagonists such as: employers, project managers, technology suppliers, trade unions, (on a microscopic level) and chambers of commerce, local and national government (on a macroscopic level) and other can fulfil their ethical duties. Thus, a deployed Industry 4.0 solution can result in technological change, social change and changes in the business paradigm, which are all ethically justifiable. Ultimately all the improvement processes of Industry 4.0 implementation must be underpinned with ethical consideration

Personalization, Cognition, and Gamification-based Programming Language Learning: A State-of-the-Art Systematic Literature Review

Programming courses in computing science are important because they are often the first introduction to computer programming for many students. Many university students are overwhelmed with the information they must learn for an introductory course. The current teacher-lecturer model of learning commonly employed in university lecture halls often results in a lack of motivation and participation in learning. Personalized gamification is a pedagogical approach that combines gamification and personalized learning to motivate and engage students while addressing individual differences in learning. This approach integrates gamification and personalized learning strategies to inspire and involve students while addressing their unique learning needs and differences. A comprehensive literature search was conducted by including 81 studies that were analyzed based on their research design, intervention, outcome measures, and quality assessment. The findings suggest that personalized gamification can enhance student cognition in programming courses by improving motivation, engagement, and learning outcomes. However, the effectiveness of personalized gamification varies depending on various factors, such as the type of gamification elements used, the degree of personalization, and the characteristics of the learners. This paper provides insights into designing and implementing effective personalized gamification interventions in programming courses. The findings could inform educational practitioners and researchers in programming education about the potential benefits of personalized gamification and its implications for educational practice

Requirements Engineering that Balances Agility of Teams and System-level Information Needs at Scale

Context: Motivated by their success in software development, large-scale systems development companies are increasingly adopting agile methods and their practices. Such companies need to accommodate different development cycles of hardware and software and are usually subject to regulation and safety concerns. Also, for such companies, requirements engineering is an essential activity that involves upfront and detailed analysis which can be at odds with agile development methods. Objective: The overall aim of this thesis is to investigate the challenges and solution candidates of performing effective requirements engineering in an agile environment, based on empirical evidence. Illustrated with studies on safety and system-level information needs, we explore RE challenges and solutions in large-scale agile development, both in general and from the teams’ perspectives. Method: To meet our aim, we performed a secondary study and a series of empirical studies based on case studies. We collected qualitative data using interviews, focus groups and workshops to derive challenges and potential solutions from industry. Findings: Our findings show that there are numerous challenges of conducting requirements engineering in agile development especially where systems development is concerned. The challenges discovered sprout from an integration problem of working with agile methods while relying on established plan-driven processes for the overall system. We highlight the communication challenge of crossing the boundary of agile methods and system-level (or plan-driven) development, which also proves the coexistence of both methods. Conclusions: Our results highlight the painful areas of requirements engineering in agile development and propose solutions that can be explored further. This thesis contributes to future research, by establishing a holistic map of challenges and candidate solutions that can be further developed to make RE more efficient within agile environments

Sim2real and Digital Twins in Autonomous Driving: A Survey

Safety and cost are two important concerns for the development of autonomous driving technologies. From the academic research to commercial applications of autonomous driving vehicles, sufficient simulation and real world testing are required. In general, a large scale of testing in simulation environment is conducted and then the learned driving knowledge is transferred to the real world, so how to adapt driving knowledge learned in simulation to reality becomes a critical issue. However, the virtual simulation world differs from the real world in many aspects such as lighting, textures, vehicle dynamics, and agents' behaviors, etc., which makes it difficult to bridge the gap between the virtual and real worlds. This gap is commonly referred to as the reality gap (RG). In recent years, researchers have explored various approaches to address the reality gap issue, which can be broadly classified into two categories: transferring knowledge from simulation to reality (sim2real) and learning in digital twins (DTs). In this paper, we consider the solutions through the sim2real and DTs technologies, and review important applications and innovations in the field of autonomous driving. Meanwhile, we show the state-of-the-arts from the views of algorithms, models, and simulators, and elaborate the development process from sim2real to DTs. The presentation also illustrates the far-reaching effects of the development of sim2real and DTs in autonomous driving

Implementing a data protection impact assessment for the web-application on the piloting phase

Abstract. The General Data Protection Regulation (GDPR) contains several obligations for the ones that are processing personal data of the EU citizens. The major obligations are to take data protection by design and by default, and to carry out a data protection impact assessment (DPIA) whenever there is a high risk to breach privacy. Some organizations and companies are still struggling to achieve these obligations. Violating these obligations may cause sanctions that are up to 4% of the annual turnover. This created the motivation to research how these obligations should be implemented to achieve better compliance with the GDPR. The objective of this thesis work was to research how the GDPR should be considered in applications that are processing personal data. Based on the related work, it was possible to recognize that DPIA process was recommended to cover the obligations of the GDPR. Therefore, the purpose was to research how the DPIA process would affect to the case application. Case application was a web-application that was on the piloting phase. Design science research was applied as a research method. It was decided to carry out a DPIA by applying the guidelines of the Information commissioner’s office (ICO). The DPIA process was applied to the case application. After the DPIA was completed, it was possible to evaluate its impact on the case application. Evaluation was completed in three parts, by evaluating how well the process of the DPIA covered the requirements of the GDPR, by evaluating the technical advantages and costs of the process, and by evaluating how the DPIA was applied in practice. The results of this thesis showed that applying the DPIA process improved data protection, privacy and technical features of the case application. It was possible to reduce the privacy risks associated with data processing activities. In addition, DPIA process improved the technical side of the case application. The data model was simplified and unnecessary information flows were eliminated. These improvements were estimated to increase the workload of the developers for 2.7%. This meant that DPIA process was suitable way to cover the obligations of the GDPR

Challenges of DevSecOps

Software development speed has significantly increased in recent years with methodologies like Agile and DevOps that use automation, among other technics, to enable continuous delivery of new features and software updates to the market. This increased speed has given rise to concerns over guaranteeing security at such a pace. To improve security in today’s fast-paced software development, DevSecOps was created as an extension of DevOps. This thesis focuses on the experiences and challenges of organizations and teams striving to implement DevSecOps. We first view our concepts through existing literature. Then, we conduct an online survey of 37 professionals from both security and development backgrounds. The results present the participants’ overall sentiments towards DevSecOps and the challenges they struggle with. We also investigate what kind of solutions have been tried to mitigate these issues and if these solutions have indeed worked

Automating Security Risk and Requirements Management for Cyber-Physical Systems

Cyber-physische Systeme ermöglichen zahlreiche moderne Anwendungsfälle und Geschäftsmodelle wie vernetzte Fahrzeuge, das intelligente Stromnetz (Smart Grid) oder das industrielle Internet der Dinge. Ihre Schlüsselmerkmale Komplexität, Heterogenität und Langlebigkeit machen den langfristigen Schutz dieser Systeme zu einer anspruchsvollen, aber unverzichtbaren Aufgabe. In der physischen Welt stellen die Gesetze der Physik einen festen Rahmen für Risiken und deren Behandlung dar. Im Cyberspace gibt es dagegen keine vergleichbare Konstante, die der Erosion von Sicherheitsmerkmalen entgegenwirkt. Hierdurch können sich bestehende Sicherheitsrisiken laufend ändern und neue entstehen. Um Schäden durch böswillige Handlungen zu verhindern, ist es notwendig, hohe und unbekannte Risiken frühzeitig zu erkennen und ihnen angemessen zu begegnen. Die Berücksichtigung der zahlreichen dynamischen sicherheitsrelevanten Faktoren erfordert einen neuen Automatisierungsgrad im Management von Sicherheitsrisiken und -anforderungen, der über den aktuellen Stand der Wissenschaft und Technik hinausgeht. Nur so kann langfristig ein angemessenes, umfassendes und konsistentes Sicherheitsniveau erreicht werden. Diese Arbeit adressiert den dringenden Bedarf an einer Automatisierungsmethodik bei der Analyse von Sicherheitsrisiken sowie der Erzeugung und dem Management von Sicherheitsanforderungen für Cyber-physische Systeme. Das dazu vorgestellte Rahmenwerk umfasst drei Komponenten: (1) eine modelbasierte Methodik zur Ermittlung und Bewertung von Sicherheitsrisiken; (2) Methoden zur Vereinheitlichung, Ableitung und Verwaltung von Sicherheitsanforderungen sowie (3) eine Reihe von Werkzeugen und Verfahren zur Erkennung und Reaktion auf sicherheitsrelevante Situationen. Der Schutzbedarf und die angemessene Stringenz werden durch die Sicherheitsrisikobewertung mit Hilfe von Graphen und einer sicherheitsspezifischen Modellierung ermittelt und bewertet. Basierend auf dem Modell und den bewerteten Risiken werden anschließend fundierte Sicherheitsanforderungen zum Schutz des Gesamtsystems und seiner Funktionalität systematisch abgeleitet und in einer einheitlichen, maschinenlesbaren Struktur formuliert. Diese maschinenlesbare Struktur ermöglicht es, Sicherheitsanforderungen automatisiert entlang der Lieferkette zu propagieren. Ebenso ermöglicht sie den effizienten Abgleich der vorhandenen Fähigkeiten mit externen Sicherheitsanforderungen aus Vorschriften, Prozessen und von Geschäftspartnern. Trotz aller getroffenen Maßnahmen verbleibt immer ein gewisses Restrisiko einer Kompromittierung, worauf angemessen reagiert werden muss. Dieses Restrisiko wird durch Werkzeuge und Prozesse adressiert, die sowohl die lokale und als auch die großräumige Erkennung, Klassifizierung und Korrelation von Vorfällen verbessern. Die Integration der Erkenntnisse aus solchen Vorfällen in das Modell führt häufig zu aktualisierten Bewertungen, neuen Anforderungen und verbessert weitere Analysen. Abschließend wird das vorgestellte Rahmenwerk anhand eines aktuellen Anwendungsfalls aus dem Automobilbereich demonstriert.Cyber-Physical Systems enable various modern use cases and business models such as connected vehicles, the Smart (power) Grid, or the Industrial Internet of Things. Their key characteristics, complexity, heterogeneity, and longevity make the long-term protection of these systems a demanding but indispensable task. In the physical world, the laws of physics provide a constant scope for risks and their treatment. In cyberspace, on the other hand, there is no such constant to counteract the erosion of security features. As a result, existing security risks can constantly change and new ones can arise. To prevent damage caused by malicious acts, it is necessary to identify high and unknown risks early and counter them appropriately. Considering the numerous dynamic security-relevant factors requires a new level of automation in the management of security risks and requirements, which goes beyond the current state of the art. Only in this way can an appropriate, comprehensive, and consistent level of security be achieved in the long term. This work addresses the pressing lack of an automation methodology for the security-risk assessment as well as the generation and management of security requirements for Cyber-Physical Systems. The presented framework accordingly comprises three components: (1) a model-based security risk assessment methodology, (2) methods to unify, deduce and manage security requirements, and (3) a set of tools and procedures to detect and respond to security-relevant situations. The need for protection and the appropriate rigor are determined and evaluated by the security risk assessment using graphs and a security-specific modeling. Based on the model and the assessed risks, well-founded security requirements for protecting the overall system and its functionality are systematically derived and formulated in a uniform, machine-readable structure. This machine-readable structure makes it possible to propagate security requirements automatically along the supply chain. Furthermore, they enable the efficient reconciliation of present capabilities with external security requirements from regulations, processes, and business partners. Despite all measures taken, there is always a slight risk of compromise, which requires an appropriate response. This residual risk is addressed by tools and processes that improve the local and large-scale detection, classification, and correlation of incidents. Integrating the findings from such incidents into the model often leads to updated assessments, new requirements, and improves further analyses. Finally, the presented framework is demonstrated by a recent application example from the automotive domain