A Review of Attacks, Vulnerabilities, and Defenses in Industry 4.0 with New Challenges on Data Sovereignty Ahead.
Vítor PedreiraDaniel BarrosPedro PintoPublished in: Sensors (Basel, Switzerland) (2021)
The concepts brought by Industry 4.0 have been explored and gradually applied.The cybersecurity impacts on the progress of Industry 4.0 implementations and their interactions with other technologies require constant surveillance, and it is important to forecast cybersecurity-related challenges and trends to prevent and mitigate these impacts. The contributions of this paper are as follows: (1) it presents the results of a systematic review of industry 4.0 regarding attacks, vulnerabilities and defense strategies, (2) it details and classifies the attacks, vulnerabilities and defenses mechanisms, and (3) it presents a discussion of recent challenges and trends regarding cybersecurity-related areas for Industry 4.0. From the systematic review, regarding the attacks, the results show that most attacks are carried out on the network layer, where dos-related and mitm attacks are the most prevalent ones. Regarding vulnerabilities, security flaws in services and source code, and incorrect validations in authentication procedures are highlighted. These are vulnerabilities that can be exploited by dos attacks and buffer overflows in industrial devices and networks. Regarding defense strategies, Blockchain is presented as one of the most relevant technologies under study in terms of defense mechanisms, thanks to its ability to be used in a variety of solutions, from Intrusion Detection Systems to the prevention of Distributed dos attacks, and most defense strategies are presented as an after-attack solution or prevention, in the sense that the defense mechanisms are only placed or thought, only after the harm has been done, and not as a mitigation strategy to prevent the cyberattack. Concerning challenges and trends, the review shows that digital sovereignty, cyber sovereignty, and data sovereignty are recent topics being explored by researchers within the Industry 4.0 scope, and GAIA-X and International Data Spaces are recent initiatives regarding data sovereignty. A discussion of trends is provided, and future challenges are pointed out.