Concept for Software-Supported Automated Security Risk Assessments for Industrial Components

In view of the dynamic cybersecurity threat land-scape and the increasingly interconnected information technol-ogy (IT) and operational technology (OT) environments, the management of security risks to both IT and OT systems becomes paramount, including efficient and comprehensive risk assessment. S...

Full description

Saved in:
Bibliographic Details
Main Authors: Gebauer, Lisa, Ehrlich, Marco, Wolf, Sebastian, Harder, Dimitri, Schafer, Luca, Trsek, Henning, Moriz, Natalia
Format: Conference Proceeding
Language:English
Subjects:
automated
Computer security
industrial components
Manuals
Manufacturing automation
Manufacturing industries
Personnel
Prototypes
Risk management
security risk assessment
Software
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In view of the dynamic cybersecurity threat land-scape and the increasingly interconnected information technol-ogy (IT) and operational technology (OT) environments, the management of security risks to both IT and OT systems becomes paramount, including efficient and comprehensive risk assessment. Such risk assessments, however, require extensive manual work, the availability of trained security personnel as well as considerable time and financial resources. Additionally, a consistent quality of results often cannot be guaranteed due to a dependency on individual expert knowledge and experience. A promising approach to alleviate these challenges is to use software-based support to automate risk assessment processes and increase efficiency and consistency. This work proposes a con-cept for software-supported automated security risk assessments with a focus on industrial components and the manufacturing industry. It presents key challenges, solution approaches, and further research directions that need to be considered in order to practically implement the concept. Additionally, current research that is already in process towards a practical implementation and a preliminary software prototype are presented.
ISSN:1946-0759
DOI:10.1109/ETFA61755.2024.10710980