Cyber Security Framework for the Internet-of-Things in Industry 4.0

ASI, A. for strategic initiatives (2016) National Technology initiative, Agency for Strategic Initiatives, Government of Russia. Available at: https://asi.ru/eng/nti/ (Accessed: 10 May 2017). Buith, J. (2016) Cyber Value at Risk in the Netherlands. Available at: https://www2.deloitte.com/content/dam/Deloitte/nl/Documents/financial-services/deloitte-nl-fsi-cyber-value-at-risk.pdf (Accessed: 4 April 2017). Caralli, R. A., Stevens, J. F., Young, L. R. and Wilson, W. R. (2007) Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process. Hansom AFB, MA. Available at: http://www.sei.cmu.edu/publications/pubweb.html (Accessed: 25 December 2017). CMMI (2017) What Is Capability Maturity Model Integration (CMMI)®? | CMMI Institute, CMMI Institute. Available at: http://cmmiinstitute.com/capability-maturity-model-integration (Accessed: 26 December 2017). CVSS (2017) Common Vulnerability Scoring System SIG, FIRST.org. Available at: https://www.first.org/cvss/ (Accessed: 26 December 2017). DCMS (2017) UK Digital Strategy 2017 - GOV.UK; Department for Culture, Media and Sport. London. Available at: https://www.gov.uk/government/publications/uk-digital-strategy/uk-digital-strategy (Accessed: 24 May 2017). FAIR (2017a) Quantitative Information Risk Management | The FAIR Institute, Factor Analysis of Information Risk . Available at: http://www.fairinstitute.org/ (Accessed: 26 December 2017). FAIR (2017b) What is a Cyber Value-at-Risk Model? Available at: http://www.fairinstitute.org/blog/what-is-a-cyber-value-at-risk-model (Accessed: 26 December 2017). G20 (2016) G20 New Industrial Revolution Action Plan. Available at: http://g20chn.org/English/Documents/Current/201609/P020160908738867573193.pdf (Accessed: 9 May 2017). IIC (2016) The Industrial Internet of Things, Volume B01: Business Strategy and Innovation Framework; Industrial Internet Consortium. doi: IIC:PUB:B01:V1.0:PB:20161115. IIC (2017) The Industrial Internet of Things Volume G5: Connectivity Framework; Industrial Internet Consortium. Available at: http://www.iiconsortium.org/pdf/IIC_PUB_G5_V1.0_PB_20170228.pdf (Accessed: 4 May 2017). ISO (2017) ISO - International Organization for Standardization. Available at: https://www.iso.org/home.html (Accessed: 26 December 2017). IVI. Industrial Value Chain Initiative (2016) ‘An Outline of Smart Manufacturing Scenarios 2016’, in Monozukuri Nippon Conference. Tokyo. Available at: https://iv-i.org/en/docs/ScenarioWG_2016.pdf (Accessed: 4 May 2017). IVI (2017) Industrial Value Chain Reference Architecture; Industrial Value Chain Initiative. Hannover, Germany. Available at: https://iv-i.org/en/docs/Industrial_Value_Chain_Reference_Architecture_170424.pdf (Accessed: 4 May 2017). Jacobs, V., Bulters, J. and Van Wieren, M. (no date) ‘Modeling the Impact of Cyber Risk for Major Dutch Organizations’. Available at: https://search.proquest.com/openview/fa6d732a3ec5f3b03a7a15d3bfea2a81/1?pq-origsite=gscholar&cbl=396497 (Accessed: 16 November 2017). Liao, Y., Deschamps, F., Loures, E. de F. R. and Ramos, L. F. P. (2017) ‘Past, present and future of Industry 4.0 - a systematic literature review and research agenda proposal’, International Journal of Production Research. Taylor & Francis, 55(12), pp. 3609–3629. doi: 10.1080/00207543.2017.1308576. MEICA (2015) Industria Conectada 4.0: La transformación digital de la industria española Dossier de prensa; Ministry of Economy Industry and Competitiveness Accessibility. Madrid. Available at: http://www.lamoncloa.gob.es/serviciosdeprensa/notasprensa/Documents/081015 Dossier prensa Industria 4 0.pdf (Accessed: 9 May 2017). Nicolescu, R., Huth, M., Radanliev, P. and De Roure, D. (2018a) ‘Mapping the values of IoT’, Journal of Information Technology. Palgrave Macmillan UK, pp. 1–16. doi: 10.1057/s41265-018-0054-1. Nicolescu, R., Huth, M., Radanliev, P. and De Roure, D. (2018b) State of The Art in IoT - Beyond Economic Value. London. Available at: https://iotuk.org.uk/wp-content/uploads/2018/08/State-of-the-Art-in-IoT-–-Beyond-Economic-Value2.pdf (Accessed: 14 October 2018). NIST (2014) Framework for Improving Critical Infrastructure Cybersecurity. Available at: https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf (Accessed: 24 December 2017). Nurse, J., Creese, S. and De Roure, D. (2017) ‘Security Risk Assessment in Internet of Things Systems’, IT Professional, 19(5), pp. 20–26. doi: 10.1109/MITP.2017.3680959. Nurse, J. R. C., Radanliev, P., Creese, S. and De Roure, D. (2018) ‘Realities of Risk: “If you can”t understand it, you can’t properly assess it!’: The reality of assessing security risks in Internet of Things systems’, in Living in the Internet of Things: Cybersecurity of the IoT - 2018. 28 - 29 March 2018 | IET London: Savoy Place: The Institution of Engineering and Technology, pp. 1–9. doi: 10.1049/cp.2018.0001. Radanliev, P. (2014) A conceptual framework for supply chain systems architecture and integration design based on practice and theory in the North Wales slate mining industry. British Library. doi: ISNI: 0000 0004 5352 6866. Radanliev, P. (2015a) ‘Architectures for Green-Field Supply Chain Integration’, Journal of Supply Chain and Operations Management. GB, 13(2). Available at: https://www.csupom.com/uploads/1/1/4/8/114895679/2015n5p5.pdf (Accessed: 11 August 2016). Radanliev, P. (2015b) ‘Engineering Design Methodology for Green-Field Supply Chain Architectures Taxonomic Scheme’, Journal of Operations and Supply Chain Management. GB, 8(2), pp. 52–66. doi: 10.12660/joscmv8n2p52-66. Radanliev, P. (2015c) ‘Green-field Architecture for Sustainable Supply Chain Strategy Formulation’, International Journal of Supply Chain Management. GB, 4(2), pp. 62–67. Available at: http://ojs.excelingtech.co.uk/index.php/IJSCM/article/view/1060/pdf (Accessed: 11 August 2016). Radanliev, P. (2016) ‘Supply Chain Systems Architecture and Engineering Design: Green-field Supply Chain Integration’, Operations and Supply Chain Management: An International Journal, 9(1). Available at: http://www.journal.oscm-forum.org/journal/abstract/oscm-volume-9-issue-1-2016/supply-chain-systems-architecture-and-engineering-design-green-field-supply-chain-integration (Accessed: 21 July 2017). Radanliev, P., Roure, D. C. De, Nurse, J. R. C., Burnap, P., Anthi, E., Ani, U., Maddox, L., Santos, O. and Montalvo, R. M. (2019a) Cyber risk from IoT technologies in the supply chain – discussion on supply chains decision support system for the digital economy. Oxford. Radanliev, P., De Roure, D. C., Nurse, J. R. C., Burnap, P., Anthi, E., Ani, U., Santos, O. and Montalvo, R. M. (2019) Definition of Cyber Strategy Transformation Roadmap for Standardisation of IoT Risk Impact Assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart, Working paper. Oxford. Radanliev, P., De Roure, D. C., Nurse, J. R. C., Montalvo, R. M. and Burnap, P. (2019a) ‘Standardisation of cyber risk impact assessment for the Internet of Things (IoT)’, Working paper. Radanliev, P., De Roure, D. C., Nurse, J. R. C., Montalvo, R. M. and Burnap, P. (2019b) The Industrial Internet-of-Things in the Industry 4.0 supply chains of small and medium sized enterprises, Working paper. Oxford. Radanliev, P., De Roure, D. C., Nurse, J. R. C., Montalvo, R. M., Burnap, P., Roure, D. C. De, Nurse, J. R. C., Montalvo, R. M. and Stacy Cannady (2019) Design principles for cyber risk impact assessment from Internet of Things (IoT), Working paper. Oxford. Radanliev, P., De Roure, D., Cannady, S., Montalvo, R. M., Nicolescu, R. and Huth, M. (2018) ‘Economic impact of IoT cyber risk - analysing past and present to predict the future developments in IoT risk analysis and IoT cyber insurance’, in Living in the Internet of Things: Cybersecurity of the IoT - 2018. London: Institution of Engineering and Technology, p. 3 (9 pp.)-3 (9 pp.). doi: 10.1049/cp.2018.0003. Radanliev, P., De Roure, D., Maple, C., Nicolescu, R., Nurse, J. and Anie, U. (2019) ‘Cyber Risk in IoT Systems’, Journal of Cyber Policy, pp. 1–27. doi: 10.13140/RG.2.2.29652.86404. Radanliev, P., De Roure, D., Nicolescu, R. and Huth, M. (2019) A reference architecture for integrating the Industrial Internet of Things in the Industry 4.0, Working paper. Oxford. Radanliev, P., De Roure, D., Nicolescu, R., Huth, M., Montalvo, R. M., Cannady, S. and Burnap, P. (2018) ‘Future developments in cyber risk assessment for the internet of things’, Computers in Industry. Elsevier, 102, pp. 14–22. doi: 10.1016/J.COMPIND.2018.08.002. Radanliev, P., Roure, D. De, Nurse, J. R. C., Nicolescu, R., Huth, M., Cannady, S. and Montalvo, R. M. (2019b) Cyber risk impact assessment – discussion on assessing the risk from the IoT to the digital economy. Oxford. Radanliev, P., Roure, D. De, Nurse, J. R. C., Nicolescu, R., Huth, M., Cannady, S. and Montalvo, R. M. (2019c) New developments in Cyber Physical Systems, the Internet of Things and the Digital Economy – discussion on future developments in the Industrial Internet of Things and Industry 4.0. Oxford. Radanliev, P., Rowlands, H. and Thomas, A. (2014) ‘Supply Chain Paradox: Green-field Architecture for Sustainable Strategy Formulation’, in Setchi, R., Howlett, R. J., Naim, M., and Seinz, H. (eds) Cardiff: Sustainable Design and Manufacturing 2014, Part 2, International Conference. Cardiff: Future Technology Press, pp. 839–850. RiskLens (2017) Risk Analytics Platform | FAIR Platform Management. Available at: https://www.risklens.com/platform (Accessed: 26 December 2017). Ruan, K. (2017) ‘Introducing cybernomics: A unifying economic framework for measuring cyber risk’, Computers & Security, 65, pp. 77–89. doi: 10.1016/j.cose.2016.10.009. Taylor, P., Allpress, S., Carr, M., Lupu, E., Norton, J., Smith, L., Blackstock, J., Boyes, H., Hudson-Smith, A., Brass, I., Chizari, H., Cooper, R., Coulton, P., Craggs, B.,Davies, N., De Roure, D., Elsden, M., Huth, M., Lindley, J., Maple, C., Mittelstadt, B., Nicolescu, R., Nurse, J., Procter, R., Radanliev, P., Rashid, A., Sgandurra, D., Skatova, A., Taddeo, M., Tanczer, L., Vieira-Steiner, R., Watson, J.D.M., Wachter, S., Wakenshaw, S., Carvalho, G., T. and R.J., Westbury, P. S. (2018) Internet of Things realising the potential of a trusted smart world. London. Available at: www.raeng.org.uk/internetofthings (Accessed: 31 March 2018). U.S. Department of Energy (2014) Cybersecurity Capability Maturity Model (C2M2) | Department of Energy. Washington, DC. Available at: https://energy.gov/oe/services/cybersecurity/cybersecurity-capability-maturity-model-c2m2-program/cybersecurity (Accessed: 8 January 2018). Wahlster, W., Helbig, J., Hellinger, A., Stumpf, M. A. V., Blasco, J., Galloway, H. and Gestaltung, H. (2013) Recommendations for implementing the strategic initiative INDUSTRIE 4.0. Federal Ministry of Educationand Research. Available at: http://www.acatech.de/fileadmin/user_upload/Baumstruktur_nach_Website/Acatech/root/de/Material_fuer_Sonderseiten/Industrie_4.0/Final_report__Industrie_4.0_accessible.pdf (Accessed: 14 April 2017). Weyer, S., Schmitt, M., Ohmer, M. and Gorecky, D. (2015) ‘Towards Industry 4.0 - Standardization as the crucial challenge for highly modular, multi-vendor production systems’, IFAC-PapersOnLine, 48(3), pp. 579–584. doi: 10.1016/j.ifacol.2015.06.143. Wynn, J., Whitmore, G., Upton, L., Spriggs, D., McKinnon, R., McInnes, R., Graubart, L. and Clausen, J. (2011) Threat Assessment & Remediation Analysis (TARA) Methodology Description Version 1.0. Bedford, MA. Available at: https://www.mitre.org/sites/default/files/pdf/11_4982.pdf (Accessed: 25 December 2017).