工业4.0环境下OT网络安全静态与动态风险评估方法综述

IF 6.8 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computers & Security Pub Date : 2025-03-01 Epub Date: 2024-12-21 DOI:10.1016/j.cose.2024.104295
Nourhan Halawi Ghoson , Vincent Meyrueis , Khaled Benfriha , Thomas Guiltat , Stéphane Loubère
{"title":"工业4.0环境下OT网络安全静态与动态风险评估方法综述","authors":"Nourhan Halawi Ghoson ,&nbsp;Vincent Meyrueis ,&nbsp;Khaled Benfriha ,&nbsp;Thomas Guiltat ,&nbsp;Stéphane Loubère","doi":"10.1016/j.cose.2024.104295","DOIUrl":null,"url":null,"abstract":"<div><div>The inherent vulnerabilities of Operational Technology (OT) systems to cyberattacks have historically been mitigated through the practice of air-gapping, effectively isolating them from broader industrial networks and thereby maintaining a level of security. However, the beginning of the fourth industrial revolution (Industry 4.0) signs a concept shift towards increased interconnectivity, enhanced visibility, and digital continuity. The transition towards Industry 4.0 has been characterized by a marked increase in security breaches within industrial settings, leading to a variety of hazardous outcomes. These incidents underscore the importance of cybersecurity within OT environments, necessitating the development and implementation of strict cybersecurity measures to safeguard against potential threats. In response to this emerging threat landscape, there has been a notable shift from static risk assessment methodologies towards more dynamic approaches, particularly with the incorporation of Artificial Intelligence (AI) technologies. This paper presents a comprehensive literature review that explores various risk assessment approaches within the context of Industry 4.0, focusing on industrial systems. It outlines the transition from traditional, static risk assessment methods to innovative, dynamic risk assessment strategies facilitated by the integration of AI.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104295"},"PeriodicalIF":6.8000,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A review on the static and dynamic risk assessment methods for OT cybersecurity in industry 4.0\",\"authors\":\"Nourhan Halawi Ghoson ,&nbsp;Vincent Meyrueis ,&nbsp;Khaled Benfriha ,&nbsp;Thomas Guiltat ,&nbsp;Stéphane Loubère\",\"doi\":\"10.1016/j.cose.2024.104295\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The inherent vulnerabilities of Operational Technology (OT) systems to cyberattacks have historically been mitigated through the practice of air-gapping, effectively isolating them from broader industrial networks and thereby maintaining a level of security. However, the beginning of the fourth industrial revolution (Industry 4.0) signs a concept shift towards increased interconnectivity, enhanced visibility, and digital continuity. The transition towards Industry 4.0 has been characterized by a marked increase in security breaches within industrial settings, leading to a variety of hazardous outcomes. These incidents underscore the importance of cybersecurity within OT environments, necessitating the development and implementation of strict cybersecurity measures to safeguard against potential threats. In response to this emerging threat landscape, there has been a notable shift from static risk assessment methodologies towards more dynamic approaches, particularly with the incorporation of Artificial Intelligence (AI) technologies. This paper presents a comprehensive literature review that explores various risk assessment approaches within the context of Industry 4.0, focusing on industrial systems. It outlines the transition from traditional, static risk assessment methods to innovative, dynamic risk assessment strategies facilitated by the integration of AI.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"150 \",\"pages\":\"Article 104295\"},\"PeriodicalIF\":6.8000,\"publicationDate\":\"2025-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824006011\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"2024/12/21 0:00:00\",\"PubModel\":\"Epub\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824006011","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2024/12/21 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

运营技术(OT)系统面对网络攻击的固有漏洞,历来通过气隙的做法得到缓解,有效地将其与更广泛的工业网络隔离开来,从而保持一定程度的安全。然而,第四次工业革命(工业4.0)的开始标志着一个概念的转变,即增强互联性、增强可见性和数字连续性。向工业4.0过渡的特点是工业环境中的安全漏洞显着增加,导致各种危险后果。这些事件强调了OT环境中网络安全的重要性,需要制定和实施严格的网络安全措施来防范潜在的威胁。为了应对这种新兴的威胁形势,从静态风险评估方法到更动态的方法已经发生了显著的转变,特别是与人工智能(AI)技术的结合。本文介绍了一篇全面的文献综述,探讨了工业4.0背景下的各种风险评估方法,重点是工业系统。它概述了从传统的静态风险评估方法到人工智能集成促进的创新的动态风险评估策略的转变。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
A review on the static and dynamic risk assessment methods for OT cybersecurity in industry 4.0
The inherent vulnerabilities of Operational Technology (OT) systems to cyberattacks have historically been mitigated through the practice of air-gapping, effectively isolating them from broader industrial networks and thereby maintaining a level of security. However, the beginning of the fourth industrial revolution (Industry 4.0) signs a concept shift towards increased interconnectivity, enhanced visibility, and digital continuity. The transition towards Industry 4.0 has been characterized by a marked increase in security breaches within industrial settings, leading to a variety of hazardous outcomes. These incidents underscore the importance of cybersecurity within OT environments, necessitating the development and implementation of strict cybersecurity measures to safeguard against potential threats. In response to this emerging threat landscape, there has been a notable shift from static risk assessment methodologies towards more dynamic approaches, particularly with the incorporation of Artificial Intelligence (AI) technologies. This paper presents a comprehensive literature review that explores various risk assessment approaches within the context of Industry 4.0, focusing on industrial systems. It outlines the transition from traditional, static risk assessment methods to innovative, dynamic risk assessment strategies facilitated by the integration of AI.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Computers & Security
Computers & Security 工程技术-计算机:信息系统
CiteScore
12.40
自引率
7.10%
发文量
365
审稿时长
10.7 months
期刊介绍: Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
期刊最新文献
A Multi-Frequency Temporal Spatio-Transformer for adversarially robust IoT intrusion detection Debapt: Ontology-driven multi-agent debate for APT adversary profile construction from cyber threat intelligence CoolTest: Randomness test suited for small data volumes ODHD: On-Demand Helper Data generation for reliable NVM-free key derivation from SRAM PUF From Systematic Threat Search to pentesting: Industrial Control Systems threat models
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1