Framework for Identifying Cybersecurity Risks in Manufacturing

Hutchins, Margot J.; Bhinge, Raunak; Micali, Maxwell K.; Robinson, Stefanie L.; Sutherland, John W.; Dornfeld, David

doi:10.1016/j.promfg.2015.09.060

Cited by 39 publications

(19 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Risk can be defined as the possibility of something bad happening [12]. Threat can be defined as an action or event which occur naturally or intentionally and has the potential to harm information, property, people, and the environment [13]. Vulnerability is the point of weakness or the state of being susceptible to an attack.…”

Section: Risk Threat Vulnerability and Outcomementioning

confidence: 99%

See 1 more Smart Citation

Cyber security challenges and vulnerability assessment in the construction industry

Mantha¹,

Soto²

2019

Proceedings of the Creative Construction Conference 2019

View full text Add to dashboard Cite

The construction industry is making a shift towards digitization and automation (known as Construction 4.0) due to the rapid growth of information and communication technologies as well as 3D printing, mechatronics, machine learning, big data, and the Internet of Things (IoT). These technologies will transform the design, planning, construction, operation and maintenance of the civil infrastructure systems, with a positive impact on the overall project time, cost, quality, and productivity. These new technologies will also make the industry more connected, and the consideration of cybersecurity of paramount importance. Although many studies have proposed frameworks and methodologies to develop such technologies, investigation of cybersecurity implications and related challenges have received very less attention. Some work has focused on security-minded BIM, but it lacks generality or does not consider an approach to determine the vulnerability of the different project participants, construction processes, and products involved during the different phases of construction projects. To address these limitations, this study a) develops a framework to identify cybersecurity risks in the construction industry, and b) assesses the vulnerability of traditional and hybrid delivery methods based on an agent based model (ABM). That is, the vulnerability of different project participants and construction entities during the different phases of the life-cycle of construction projects as a consequence of Construction 4.0. The findings from this study help to identify potential risks and provide a basis to assess the impact of interactions in a digital environment among different project participants. Future work aims to thoroughly investigate the proposed ABM approach and extend the same to other project delivery methods and information exchange networks in construction projects. IntroductionAfter a long history of under -digitization , the construction industry is making a shift towards digitization and automation due to rapidly growing information and communication technologies such as 3D printing , blockchain , and robotics. This is referred to as Construction 4.0, which is the construction industry's surrogate of Industry 4.0. The aim is to have connected systems at every stage in the life-cycle of a construction project , starting from the bidding phase to the end of life, including operation and maintenance. One of the key benefits of Construction 4.0 is the utilization of data as a result of digitization and connected systems during different life-cycle stages. Due to the nature of construction projects, large amounts of data are generated, such as competitive bidding information , design specifications , engineered calculations , intellectual property related information , pricing , profit /loss data, banking records , employee information , quality , safety , and productivity related standards and practices . In most cases, this data contains highly confidential, sensitive, or proprietary information.

show abstract

Section: Risk Threat Vulnerability and Outcomementioning

confidence: 99%

“…It can be physical or psychological, such as a computing element (e.g., weak software program) or a behavioral trait (e.g., sharing sensitive files without encryption). This has the potential to make an enterprise, person, project, or equipment susceptible to an attack [13]. The result of an attack is the outcome.…”

Section: Risk Threat Vulnerability and Outcomementioning

confidence: 99%

Cyber security challenges and vulnerability assessment in the construction industry

Mantha¹,

Soto²

2019

Proceedings of the Creative Construction Conference 2019

View full text Add to dashboard Cite

show abstract

“…This covers technical risks and attacks as well as all other risks which occur at interfaces (human, enterprises, supply chains, etc.). For risk mitigation, it is necessary to understand the possible threats of data-processing systems and assess them by considering the whole system as opposed to focusing only on risks for single components [35,36]. Hence, risk management should be discussed across the value chain and should be shared so that barriers to adoption will be reduced.…”

Section: Industry 40 and Cyberphysical Systems (Cps): Anmentioning

confidence: 99%

Collaborative Cloud Manufacturing: Design of Business Model Innovations Enabled by Cyberphysical Systems in Distributed Manufacturing Systems

Rauch

Seidenstricker

Dallasega

et al. 2016

Journal of Engineering

View full text Add to dashboard Cite

Collaborative cloud manufacturing, as a concept of distributed manufacturing, allows different opportunities for changing the logic of generating and capturing value. Cyberphysical systems and the technologies behind them are the enablers for new business models which have the potential to be disruptive. This paper introduces the topics of distributed manufacturing as well as cyberphysical systems. Furthermore, the main business model clusters of distributed manufacturing systems are described, including collaborative cloud manufacturing. The paper aims to provide support for developing business model innovations based on collaborative cloud manufacturing. Therefore, three business model architecture types of a differentiated business logic are discussed, taking into consideration the parameters which have an influence and the design of the business model and its architecture. As a result, new business models can be developed systematically and new ideas can be generated to boost the concept of collaborative cloud manufacturing within all sustainable business models.

show abstract

“…Within a computer system, a vulnerability is typically defined as a weakness that can be exploited by an attacker to perform unauthorized actions. In the context of this paper, vulnerability is referred to as a state or quality of being attacked or harmed because of a weakness in the system or user actions (e.g., weak software, unencrypted file sharing) [1]. Consequently, the actions performed by taking undue advantage of these vulnerabilities are referred to as attacks [2].…”

Section: Introductionmentioning

confidence: 99%

Implementation of the Common Vulnerability Scoring System to Assess the Cyber Vulnerability in Construction Projects

Bharadwaj¹,

Yeojin²,

Borja³

2020

Proceedings of the Creative Construction E-Conference 2020

View full text Add to dashboard Cite

The utilization of new technologies coupled with the digitization and automation of the construction industry (known as Construction 4.0) comes with many advantages. For example, it will make the Architecture Engineering and Construction (AEC) industry more connected, accessible, and transparent. However, the inherent nature of these connected systems will make construction networks more vulnerable and prone to cyberattacks. That will compromise not only the confidentiality of sensitive information but also the security of physical assets and project participants. With this background in mind, it is crucial to measure the security of construction networks. There are different systems to evaluate security vulnerabilities of a system, network, organization, or process; one of the most common is the Common Vulnerability Scoring System (CVSS), which provides a numerical score that reflects the severity of a given vulnerability based on specific identified metrics. This paper examines the application of CVSS to quantify and evaluate the vulnerability of project participants that can be used as the groundwork to determine the security vulnerability of construction networks. The objectives of this paper are 1) to examine the advantages and disadvantages of different scoring systems and their applicability to the AEC industry, 2) to systematically apply the identified system to determine scores for some of the most significant construction participants such as the owner, contractor, and worker. The proposed approach will help to assess the vulnerability of project participants and, eventually, the security level of construction networks.

show abstract

Framework for Identifying Cybersecurity Risks in Manufacturing

Cited by 39 publications

References 5 publications

Cyber security challenges and vulnerability assessment in the construction industry

Cyber security challenges and vulnerability assessment in the construction industry

Collaborative Cloud Manufacturing: Design of Business Model Innovations Enabled by Cyberphysical Systems in Distributed Manufacturing Systems

Implementation of the Common Vulnerability Scoring System to Assess the Cyber Vulnerability in Construction Projects

Contact Info

Product

Resources

About