Challenges of information security managementin the industrial sector: A systematic review

Shonerly Bustamante  Garcia; Pedro Castañeda; Ciro Rodríguez

doi:10.29019/enfoqueute.1152

Autores/as

Shonerly Bustamante Universidad Nacional de San Marcos https://orcid.org/0000-0002-8173-203X
Pedro Castañeda Universidad Nacional de San Marcos https://orcid.org/0000-0003-1865-1293
Ciro Rodríguezss Universidad Nacional de San Marcos https://orcid.org/0000-0003-2112-1349

DOI:

https://doi.org/10.29019/enfoqueute.1152

Palabras clave:

Sistemas de control industrial, cadena de suministro, ciberseguridad,, infraestructuras críticas

Resumen

Actualmente en el sector industrial, la tecnología tiene el potencial de impulsar la productividad y la eficiencia a niveles excepcionales, lo que trae consigo un sinnúmero de desafíos de seguridad de la información que deben ser superados. El objetivo de esta revisión sistemática es abordar los desafíos de la gestión de seguridad de la información en el sector industrial investigando tres preguntas que incluyen identificar cuáles son los modelos y metodologías de seguridad, los factores de vulnerabilidad en los sistemas de control industrial (ICS) y los riesgos cibernéticos en la cadena de suministro, para ello se analizaron 45 artículos publicados en revistas indexadas a base de datos como Scopus, Ebsco y ScienceDirect en los últimos 4 años. Los hallazgos demostraron que los modelos basados en Zero Trust, Shapley Additive Explanations (SHAP), algoritmos de Optimización Multiobjetivo Evolutiva (EMO), y IIoT presentan mayor efectividad en la protección de información. Además, la conectividad, los sistemas operativos obsoletos, acceso físico, configuraciones inadecuadas de los sistemas, inadecuado mantenimiento de equipos, ataques informáticos y el factor humano son los principales factores que aumentan la posibilidad de vulnerabilidad en los ICS; así mismo, los riesgos de ciberseguridad revelaron datos comunes, pues un ciberataque exitoso, los ataques de ransomware y el espionaje industrial son los principales riegos para la cadena de suministro industrial. En conclusión, los desafíos de seguridad van desde la interoperabilidad de los sistemas hasta la falta de personal especializado, el cual exige una vigilancia constante con un enfoque estratégico multidisciplinario.

Descargas

Los datos de descarga aún no están disponibles.

Referencias

[1] C. A. Silva-Giraldo, Y. M. Rueda-Mahecha, and A. M. Moreno-Suarez, “La innovación en las MIPYMES por medio de redes colaborativas y el uso de las TIC,” TECHNO REVIEW, vol. 14, no. 1, pp. 1–13, Feb. 2023. [Online]. Available: Document Link

[2] F. Kitsios, E. Chatzidimitriou, and M. Kamariotou, “The ISO/IEC 27001 Information Security Management Standard: How to Extract Value from Data in the IT Sector,” Sustainability, vol. 15, no. 7, Apr. 2023. [Online]. Available: Document Link

[3] M. Pontoan, J. Sihotang, and E. Lompoliu, “Information Security Analysis of Online Education Management System using ITIL v3,” MATRIK, vol. 22, no. 2, pp. 207–216, Mar. 2023. [Online]. Available: Document Link

[4] D. Tin, R. Hata, F. Granholm, R. G. Ciottone, R. Staynings, and G. R. Ciottone, “Cyberthreats: A primer for healthcare professionals,” Am. J. Emerg. Med., vol. 68, pp. 179–185, Jun. 2023. [Online]. Available: Document Link

[5] B. Coutinho, J. Ferreira, I. Yevseyeva, and V. Basto-Fernandes, “Integrated cybersecurity methodology and supporting tools for healthcare OIS,” Comput. Secur., vol. 129, Jun. 2023. [Online]. Available: Document Link

[6] Kaspersky, “La negligencia de los empleados es ahora tan preocupante para las empresas como las filtraciones de datos,” América Latina, Mar. 21, 2023. [Online]. Available: Document Link

[7] N. Ogbuke, Y. Yusuf, K. Dharma, and B. Mercangoz, “Big data supply chain analytics: ethical, privacy and security challenges,” Prod. Plann. & Control, vol. 33, no. 2-3, pp. 1–16, 2022. [Online]. Available: Document Link

[8] D. Afenu, M. Asiri, and N. Saxena, “ICS Security Validation Based on MITRE ATT&CK,” Electronics, vol. 13, no. 5, pp. 1–18, Mar. 2024. [Online]. Available: Document Link

[9] N. Rawindaran, A. Jayal, E. Prakash, and C. Hewage, “SME perspective overcoming cybersecurity challenges,” Int. J. Inf. Manage. Data Insights, vol. 3, no. 2, p. 100191, Nov. 2023. [Online]. Available: Document Link

[10] M. Figueredo, F. Martins, and B. Stiller, “A framework for cybersecurity projects in SMEs,” Gestão e Projetos, vol. 13, no. 3, pp. 10–37, 2022. [Online]. Available: Document Link

[11] M. Asiri, N. Saxena, R. Gjomemo, and P. Burnap, “Understanding Indicators of Compromise in ICS,” ACM Trans. Cyber-Phys. Syst., vol. 7, no. 2, p. 15, Apr. 2023. [Online]. Available: Document Link

[12] B. von, M. Raschke, and F. Teuteberg, “Modelling maximum cyber incident losses of German organisations,” Geneva Papers Risk Insurance, vol. 48, no. 2, pp. 463–501, Apr. 2023. [Online]. Available: Document Link

[13] Ö. Aslan, S. Aktuğ, M. Ozkan-Okay, A. Yilmaz, and E. Akin, “A comprehensive review of cyber security vulnerabilities, threats, attacks, and solutions,” Electronics, vol. 12, no. 6, pp. 1–42, Mar. 2023. [Online]. Available: Document Link

[14] M. Benmalek, “Ransomware on cyber-physical systems: Taxonomies and gaps,” IoT & CPS, vol. 4, pp. 186–202, Jan. 2024. [Online]. Available: Document Link

[15] B. Li, Y. Wu, J. Song, R. Lu, T. Li, and L. Zhao, “DeepFed: Federated Deep Learning for Intrusion Detection in ICS,” IEEE Trans. Ind. Inform., vol. 17, no. 8, pp. 5615–5624, Aug. 2021. [Online]. Available: Document Link

[16] A. Quispe, V. Hinojosa-Ticona, H. Miranda, and C. Sedano, “Serie de Redacción Científica: Revisiones Sistemáticas,” Rev. Cuerpo Médico HNAAA, vol. 14, no. 1, pp. 94–99, Mar. 2021. [Online]. Available: Document Link

[17] J. Sánchez-Meca, “Revisiones sistemáticas y meta-análisis en Educación: un tutorial,” RiiTE, pp. 5–40, Dec. 2022. [Online]. Available: Document Link

[18] A. Corallo, A. Crespino, V. Vecchio, M. Lazoi, and M. Marra, “Understanding and Defining Dark Data for Manufacturing,” IEEE Trans. Eng. Manag., vol. 70, no. 2, pp. 1–13, Feb. 2021. [Online]. Available: Document Link

[19] M. Jbair, B. Ahmad, C. Maple, and R. Harrison, “Threat modelling for industrial cyber physical systems in the era of smart manufacturing,” Comput Ind, vol. 137, pp. 1–14, May 2022. [Online]. Available: Document Link

[20] S. Bahadoripour, H. Karimipour, A. Jahromi, and A. Islam, “An explainable multi-modal model for advanced cyber-attack detection in industrial control systems,” Internet of Things, vol. 25, pp. 1–14, Apr. 2024. [Online]. Available: Document Link

[21] P. Biplob and R. Muzaffar, “Zero-Trust Model for Smart Manufacturing Industry,” Applied Sciences, vol. 13, no. 1, pp. 2–20, Dec. 2023. [Online]. Available: Document Link

[22] I. Khan, M. Keshk, D. Pi, N. Khan, Y. Hossain, and H. Soliman, “Enhancing IIoT networks protection: A robust security model for attack detection in ICS,” Ad Hoc Networks, vol. 134, pp. 1–11, Sep. 2022. [Online]. Available: Document Link

[23] N. Tuptuk and S. Hailes, “Identifying vulnerabilities of ICS using evolutionary multiobjective optimisation,” Comput. Secur., vol. 137, p. 103593, Feb. 2024. [Online]. Available: Document Link

[24] A. Alqudhaibi, M. Albarrak, A. Aloseel, S. Jagtap, and K. Salonitis, “Predicting Cybersecurity Threats in Critical Infrastructure for Industry 4.0,” Sensors, vol. 23, no. 9, pp. 1–17, May 2023. [Online]. Available: Document Link

[25] A. Ayodeji, M. Mohamed, L. Li, A. Di, I. Pierce, and H. Ahmed, “Cyber security in the nuclear industry: A closer look at digital control systems, networks and human factors,” Prog. Nucl. Energy, vol. 161, pp. 1–12, Jul. 2023. [Online]. Available: Document Link

[26] A. Corallo, M. Lazoi, M. Leezi, and A. Luperto, “Cybersecurity awareness in IIoT: A systematic literature review,” Comput. Ind., vol. 137, pp. 1–16, May 2022. [Online]. Available: Document Link

[27] M. Al-Hawawreh, E. Sitnikova, and N. Aboutorab, “X-IIoTID: A Connectivity-Agnostic Intrusion Data Set for IIoT,” IEEE Internet Things J., vol. 9, no. 5, pp. 3962–3977, Mar. 2022. [Online]. Available: Document Link

[28] M. Kravchik and A. Shabtai, “Efficient cyber attack detection in ICS using Lightweight Neural Networks and PCA,” IEEE Trans. Depend. Secure Comput., vol. 19, no. 4, pp. 2179–2197, 2022. [Online]. Available: Document Link

[29] M. Rahman, T. Wuest, and M. Shafae, “Manufacturing cybersecurity threat attributes and countermeasures,” J. Manuf. Syst., vol. 68, pp. 196–208, Jun. 2023. [Online]. Available: Document Link

[30] J. Hajda, R. Jakuszewski, and S. Ogonowski, “Security Challenges in Industry 4.0 PLC Systems,” Applied Sciences, vol. 11, no. 21, pp. 1–26, Oct. 2021. [Online]. Available: Document Link

[31] M. Nankya, R. Chataut, and R. Akl, “Securing ICS: Components, Cyber Threats, and ML-Driven Defense Strategies,” Sensors, vol. 23, no. 21, pp. 1–41, Oct. 2023. [Online]. Available: Document Link

[32] A. Clim, A. Toma, R. Zota, and R. Constantinescu, “The Need for Cybersecurity in Industry 4.0 and Smart Cities,” Sensors, vol. 23, no. 1, pp. 1–20, Dec. 2022. [Online]. Available: Document Link

[33] V. Pedreira, D. Barros, and P. Pinto, “A Review of attacks, vulnerabilities, and defenses in Industry 4.0,” Sensors, vol. 21, no. 15, p. 5189, Jul. 2021. [Online]. Available: Document Link

[34] J.-P. Yaacoub, H. Noura, O. Salman, and A. Chehab, “Robotics cybersecurity: vulnerabilities, attacks, countermeasures, and recommendations,” Int. J. Inf. Secur., vol. 21, no. 1, pp. 115–158, Mar. 2021. [Online]. Available: Document Link

[35] M. Iaiani, A. Tugnoli, S. Bonvicini, and V. Cozzani, “Analysis of Cybersecurity-related Incidents in the Process Industry,” Reliab. Eng. Syst. Saf., vol. 209, p. 107485, May 2021. [Online]. Available: Document Link

[36] N. Chowdhury, E. Nystad, K. Reegård, and V. Gkioulos, “Cybersecurity training in Norwegian Critical Infrastructure Companies,” Int. J. Safety Secur. Eng., vol. 12, no. 3, pp. 299–310, Jun. 2022. [Online]. Available: Document Link

[37] S. Saniuk, D. Caganova, and A. Saniuk, “Knowledge and Skills of Industrial Employees for Industry 4.0 Implementation,” Mobile Netw. Appl., vol. 28, no. 1, pp. 220–230, Feb. 2023. [Online]. Available: Document Link

[38] F. García, Í. Donoso, A. Flores, C. Pon, V. Flores, and R. Martínez-Peláez, “Examining cybersecurity culture in Leon city organizations,” Rev. chil. ing., vol. 32, pp. 1–16, 2024. [Online]. Available: Document Link

[39] T. Sawik, “A linear model for optimal cybersecurity investment in Industry 4.0 supply chains,” Int. J. Prod. Res., vol. 60, no. 4, pp. 1–91, Feb. 2022. [Online]. Available: Document Link

[40] Y. Qin, Y. Kaixing, C. Zhou, and Y.-C. Tian, “Association Analysis-Based Cybersecurity Risk Assessment for ICS,” IEEE Syst. J., vol. 15, no. 1, pp. 1423–1432, Mar. 2021. [Online]. Available: Document Link

[41] L. Dhirani, E. Armstrong, and T. Newe, “Industrial IoT, Cyber Threats, and Standards Landscape: Evaluation and Roadmap,” Sensors, vol. 21, no. 11, pp. 1–30, Jun. 2021. [Online]. Available: Document Link

[42] M. Gazzan and F. Sheldon, “Opportunities for Early Detection and Prediction of Ransomware Attacks against ICS,” Future Internet, vol. 15, no. 4, pp. 1–18, Apr. 2023. [Online]. Available: Document Link

[43] P. Phillips and G. Pohl, “Industrial espionage: window of opportunity,” Inf. Secur. J.: A Global Perspective, pp. 1–14, Jul. 2024. [Online]. Available: Document Link

[44] R.-C. Härting, L. Bühler, K. Winter, and A. Gugel, “The threat of industrial espionage for SMEs in digitalization,” Procedia Comput. Sci., vol. 207, pp. 2940–2949, Jan. 2022. [Online]. Available: Document Link

[45] M. Ibiyemi and D. Olutimehin, “Cybersecurity in supply chains: Addressing emerging threats with strategic measures,” Int. J. Manag. & Entrepreneurship Res., vol. 6, no. 6, pp. 2042–2047, Jun. 2024. [Online]. Available: Document Link