Computers in Industry 114 (2020) 103165

Contents lists available at ScienceDirect

Computers in Industry
journal homepage: www.elsevier.com/locate/compind

Cybersecurity in the context of industry 4.0: A structured

classification of critical assets and business impacts
Angelo Corallo, Mariangela Lazoi, Marianna Lezzi ∗
Università del Salento, Dipartimento di Ingegneria dell’Innovazione, Campus Ecotekne, Via per Monteroni, s.n. 73100, Lecce Italy

a r t i c l e i n f o a b s t r a c t

Article history: An increasing number of cybersecurity breaches adversely affect business performance, by leveraging the
Received 14 June 2019 vulnerabilities of networked manufacturing machines. In some cases, cyber-attacks on critical industrial
Received in revised form 7 October 2019 equipment are able to undermine the corporate business model. Knowing and evaluating in advance the
Accepted 9 November 2019
main critical assets to be protected from potential cyber-attacks and the business impacts that could
Available online 16 November 2019
occur is a source of competitive advantage.
Through the analysis of literature and an ethnographic research approach, this study proposes a struc-
Keywords:
tured classification of critical industrial assets within Industry 4.0 and potential adverse impacts on
Industry 4.0
Networked manufacturing
business performance due to breaches of cybersecurity. In particular, cybersecurity is analysed in terms
Cyber-attack of loss of confidentiality, integrity and availability of data associated with networked manufacturing
Cybersecurity breach machines. It is also suggested how critical assets and business impacts are correlated and how business
Business impact impacts can be assessed. The proposed results can be organized in four steps for supporting companies
in making decisions on cybersecurity policies. Moreover, both industry and academia can benefit from
these results to conduct future analysis and investigation activities in the field of cybersecurity.
© 2019 Elsevier B.V. All rights reserved.

Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. State of the art . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1. Cybersecurity in industry 4.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.2. Standards and guidance documents for cybersecurity in Industry 4.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.3. Methodological solutions for cybersecurity in Industry 4.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Research design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.1. Research aim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.2. Research method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.3. Ethnographic context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
4.1. Critical assets analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
4.1.1. Data categories identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
4.2. Business impacts analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4.2.1. Assessment methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4.3. Impact matrix definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
4.3.1. Loss of data confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
4.3.2. Loss of data integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
4.3.3. Loss of data availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

∗ Corresponding author.
E-mail address: [email protected] (M. Lezzi).

https://doi.org/10.1016/j.compind.2019.103165
0166-3615/© 2019 Elsevier B.V. All rights reserved.
2 A. Corallo, M. Lazoi and M. Lezzi / Computers in Industry 114 (2020) 103165

4.4.
Business impact level assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.4.1. Quantitative method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.4.2. Qualitative method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
4.4.3. Example of application in a hypothetical scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
5. Discussion for future analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Declaration of competing interest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

1. Introduction security in 4.0 industrial contexts, little importance is given to the

analysis of critical assets to be protected and the related assessment
In the era of Industry 4.0, where working machines are con- of business impacts.
nected into the network and each other by the use of smart Following the asset/impact-oriented approach of NIST (Ross,
devices, the scale and variety of cyber-attacks have grown exponen- 2012), this paper proposes a structured classification of critical
tially (MForesight and Computing Community Consortium (CCC), assets to be protected against cyber-attacks in the context of
2017). In such an interconnected manufacturing environment, Industry 4.0 and the potential impacts on business performance.
it is known that cybersecurity breaches may negatively affect Moreover, the relationship between assets and impacts, as well as
business performance (Cisco, 2017). As an evidence, the study the methods for assessing business impacts, are also analysed. It
undertaken by Engineering Employers’ Federation (EEF) (EEF (The is expected that these activities help companies understand which
manufactureres’ organisation), 2018) on cybersecurity shows that, industrial assets to invest their own economic efforts, in what order
of the 48 % of manufacturers declaring to have been affected by of priority and to what extent.
cyber-attacks, around half of them have suffered financial or other The proposed results are rooted in the literature studies and
business losses. In general, the cyber-crime cost varies depend- are strengthen by an ethnographic study on a representative
ing on the country, the organizational dimension, the industry, 4.0-manufacturing context represented by a series of networked
the type of cyber-attack, as well as the maturity and effective- Computer Numerical Control (CNC) machines in an aerospace fac-
ness of the organization’s security posture (Ponemon Institute tory where cybersecurity issues are an emerging and relevant
LLC (jointly developed by Accenture), 2017). Ponemon Institute challenge to be faced (Marketsand Markets, 2015).
(Ponemon Institute LLC (jointly developed by Accenture), 2017) The next section of the paper provides an overview of the main
estimates that the average annualized cost in the manufacturing cybersecurity standards, guidance documents and methodologi-
industry was about of $10 million in 2017. cal solutions that can be used to manage cybersecurity in the
According to Lezzi et al. (2018), cyber-attacks to manufacturing Industry 4.0. Section 3 describes the research aim, as well as the
systems may entail a certain number of negative business impacts. research method and context analysed. The results of the study are
In particular, these impacts involve (i) sabotage of the entire criti- detailed in Section 4, where the critical asset analysis, the business
cal infrastructure or target machines and components, (ii) denial impacts analysis, the impact matrix definition, and the business
of service of networks and computers, (iii) theft of industrial impact level assessment are respectively proposed referring to 4.0-
trade secrets and intellectual property, (iv) violation of regulations manufacturing contexts. In a further discussion section, to lead
in the fields of safety and pollution, (v) until the occurrence of future studies and applications, the steps and methods for col-
life-threatening situations for workers. In dealing with such diffi- lecting information in other industrial contexts are treated. A final
cult situations, companies incur significant economic damages for section concerning conclusion ends the paper.
restoring normal working conditions (which translates into a drop
in productivity), as well as facing the loss of competitive power in
2. State of the art
the relevant market.
Being able to face in a proactive way cybersecurity issues is a key
This section highlights the current role of cybersecurity in the
driver for preserving companies’ competitive advantage (in terms
context of Industry 4.0. In particular, the focus will be on the
of economic growth and market position strengthening) (Barbier
main standards, guidance documents and methodological solu-
et al., 2016). Moreover, cybersecurity strategies should be fully
tions available to address cybersecurity issues in these industrial
integrated with organizational and information technology strate-
contexts.
gies in order to increase performance of the entire manufacturing
value chain (Waslo et al., 2017). However, according to a 2018 sur-
vey study (Deloitte, 2018) carried out by Deloitte, 64 % of leaders 2.1. Cybersecurity in industry 4.0
of organisations have declared that cybersecurity and technology
related risks are currently managed in an “inadequate” or “to be Cybersecurity is one of the main challenges for companies that
improved” way. approach the Industry 4.0 paradigm.
In line with existing security standards and guidance documents Industry 4.0 means making use of intelligent, interconnected
(European Network and Information Security Agency (ENISA), Cyber-Physical Systems (CPS) with the aim to automate all phases
2011; E.C.S. Organisation, 2017), some attempts to manage cyber- of industrial operations (from design and manufacturing to sup-
security issues have already been done (Lezzi et al., 2018). Some of ply chain and service maintenance) (European Union Agency for
them aim at providing high-level guidance (mainly in the manage- Networked and Information Security (ENISA), 2018). In other
ment area) useful to address the argument; some others, instead, words, Industry 4.0 connects production to information and com-
propose more structured solutions (targeted to IT staff), which munication technologies, merges product and process data with
however need to be customized to the specific industrial scenario. machine data and enables machines to communicate with each
Moreover, although there are a certain number of methodological other.
solutions that companies can currently adopt to deal with cyber- Industry 4.0 transformations have the potential to create value
for companies with efficiency improvements of 15–20 percent
 A. Corallo, M. Lazoi and M. Lezzi / Computers in Industry 114 (2020) 103165
(Behrendt et al., 2017). In particular, Industry 4.0 performance
improvements are achieved by (i) maximizing asset utilization and
minimizing machine downtime through remote monitoring and
predictive maintenance, (ii) increasing labour productivity thanks
to manual labour automation, (iii) reducing inventory levels and
improving the quality of services and products by leveraging anal-
ysis of data produced in real-time by machine sensors.
However, the presence of connected Cyber-Physical Systems in
industrial environments poses a considerable security challenge
since most systems of this type were not designed with cybersecu-
rity in mind (Tuptuk and Hailes, 2018).
In the past, the manufacturing systems were closed and secu-
rity was ensured by their isolation and physical access control.
Today, on the contrary, modern manufacturing machines are
equipped with a number of smart devices (e.g., sensors and actua-
tors) and are connected via wireless networks or wired Ethernet
to other machines and data processing systems. Manufacturing
components communicate over private industrial networks using
specific protocols, but these do not provide adequate protec-
tion against cyber-threats (European Union Agency for Networked
and Information Security (ENISA), 2018). Such insecure network
connections make manufacturing systems vulnerable to an increas-
ingly number of cyber-attacks (Wu et al., 2018), so that the data
associated with these systems can be accessed by unauthorized
users.
According to the study conducted by the European Network and
Information Security Agency (ENISA) (European Union Agency for
Networked and Information Security (ENISA), 2018), the most crit-
ical assets in terms of cybersecurity in Industry 4.0 are Industrial
Control Systems (ICS), followed by Industrial Internet of Things
(IIoT) gateways, and sensors and actuators.
In particular, Industrial Control Systems ensure the automatic
operation of technical industrial facilities, controlling and monitor-
ing business processes. These systems include Supervisory Control
and Data Acquisition (SCADA) systems and Distributed Control Sys-
tems (DCS), the core components of which are the Programmable
Logic Controller (PLC), Remote Terminal Unit (RTU), Intelligent
Electronic Device (IED) and the interface technologies (Sullivan
et al., 2016). IIoT gateways manage multiple communication tech-
nologies (wired and wireless) using different protocols, as well as
performing advanced data analysis (e.g., machine learning algo-
rithms and big data analysis) and real-time controls on the system
by leveraging connected sensors and actuators. At last, sensors and
actuators are IIoT devices that respectively measure system param-
eters (e.g., temperature, vibrations, motion, and so on) and execute
specific actions on it.
2.2. Standards and guidance documents for cybersecurity in
Industry 4.0
In the context of Industry 4.0, cybersecurity standards and guid-
ance documents help companies create a common understanding
of industry security controls and methods for assessing the effec-
tiveness of such controls. Over the last decade, bodies such as the
European Cyber Security Organization (ESCO) and the European
Network and Information Security Agency (ENISA) have gathered
existing standards and guidelines, as well as best practices and
procedures to address cybersecurity issues in relation to indus-
trial systems (European Network and Information Security Agency
(ENISA), 2011; E.C.S. Organisation, 2017). Some of the most rele-
vant standards and specifications are described below. These can
be adopted in the Industry 4.0 era to assess the general cyberse-
curity attitude of a system or organization. The main features are
shown in the following Table 1.
The ISA/IEC 62443 series of standards addresses the issue of
security for Industrial Automation and Control Systems (IACS)
3
(ISA, 2016). In particular, the objective of the application of these
standards is to improve the safety, availability, integrity and con-
fidentiality of components of Industrial Automation and Control
Systems and to provide criteria for the procurement and imple-
mentation of secure industrial automation and control systems. In
this way, compliance with the requirements of the 62443 series
can lead companies to improve electronic security and identify
and address vulnerabilities, reducing the risk of compromising
confidential information or causing degradation or failure of the
equipment or processes under control.
On the other hand, the IACS Cybersecurity Certification
Framework (ICCF) (Theron and Lazari, 2018) proposes four
IACS cybersecurity certification schemes (i.e., self-declaration of
compliance, independent compliance assessment, product cyber
resilience certification and full cyber resilience certification), which
involve three different evaluation activities such as compliance
assessment, cyber resilience testing and development process eval-
uation. The objective of the ICCF is to encourage the provision
of certified components in order to improve the in-depth cyber-
defence of the IACS.
Moreover, the French Network and Information Security
Agency, the ANSII, published some guides (ANSSI, 2012; ANSSI,
2014a; ANSSI, 2014b) about cybersecurity for Industrial Control
Systems. These guides play a key role in helping all industry stake-
holders to consider cybersecurity issues. The ANSII assumption is
that cybersecurity in industry means analysing system vulnerabil-
ities (hardware, software, procedures and human factors) in order
to implement measures to safeguard the continuity of core business
functions.
Although API Standard 1164 (American Petroleum Institute
(API), 2016) offers guidance to operators of oil and liquid gas
pipeline systems to improve SCADA cybersecurity, the use of this
standard is not limited to pipelines. As an evidence, the stan-
dard analyses the vulnerabilities of the SCADA systems that can be
exploited by unauthorized entities and defines the processes to be
implemented in the company to achieve this goal; it also provides
a list of practices to harden the system architecture and examples
of industry best practices.
The Industrial Control System (ICS) Security Compendium
(Bundesamt für Sicherheit in der Informationstechnik (BSI), 2013),
proposed by the German Federal Office for Information Security
(Bundesamt fv̈r Sicherheit in der Informationstechnik - BSI), provides
a set of architectural, technical and organisational best practices for
owners of ICS assets on: security-specific processes and policies;
selection of systems and components, as well as service providers
and integrators; constructional and physical securing; and techni-
cal measures. Moreover, the ICS Security Compendium describes a
methodology for auditing the ICS, although it does not define any
evaluation scheme.
At the same way, the Catalog of Control Systems Security (U.S.
Department of Homeland Security, 2011) collects a large sampling
of recommendations and guidelines to increase the security of con-
trol systems from physical and cyber-attacks. The catalogue does
not refer to a specific industry, but provides a master list of refer-
ence information to be used for the revision and development of
standards for any control system.
Furthermore, the Industrial Control Systems Cyber Emergency
Response Team (ICS-CERT) conducts security assessments with ref-
erence to critical infrastructure and provides options in view of
mitigating and managing cybersecurity risks. In particular, the ICS-
CERT Assessments (Industrial Control Systems Cyber Emergency
Response Team (2016)) are focused on design and network archi-
tecture areas. Such assessments provide stakeholders with the
understanding and context necessary to build effective defence-
in-depth processes for enhancing cybersecurity.
4 A. Corallo, M. Lazoi and M. Lezzi / Computers in Industry 114 (2020) 103165

Table 1
Cybersecurity standards and guideline documents in Industry 4.0.

Standard/Guidance Industrial asset involved Keywords Year of publication Reference

document

ISA/IEC 62443
IACS Cybersecurity
Certification Framework
(ICCF)
ANSSI Cybersecurity for
Industrial Control
Systems
API Standard 1164
ICS Security Compendium
Catalog of Control Systems
Security
ICS-CERT Assessments
NIST 800-82
Industrial Automation and
Control Systems (IACS)
Industrial Automation and
Control Systems (IACS)
Industrial Control Systems
(ICS)
Supervisory Control and
Data Acquisition (SCADA)
Industrial Control Systems
(ICS)
Control Systems of critical
infrastructures and key
resources
Industrial Control Systems
(ICS)
Industrial Control Systems
(ICS)
Standard; IACS safety, 2016 ISA (2016)
availability, integrity and
confidentiality; Electronic
security
Framework; Cybersecurity 2018 Theron and Lazari (2018)
certification schemes; IACS’
in-depth cyber defence
Guide; ICS cybersecurity; 2012 and 2014 ANSSI (2012); ANSSI
System vulnerabilities; (2014a); ANSSI (2014b)
Business function
continuity
Standard; Oil and liquid 2009 (Second Edition) American Petroleum
gas pipeline; SCADA Institute (API) (2016)
cybersecurity; Best
practices
Compendium; ICS security; 2013 Bundesamt für Sicherheit
Best practices; Audit in der Informationstechnik
methodology (BSI) (2013)
Catalogue; Guidelines; 2011 U.S. Department of
Control Systems Homeland Security (2011)
cybersecurity
Assessment; ICS 2016 Industrial Control Systems
cybersecurity risks; Critical Cyber Emergency Response
infrastructure Team (2016)
Guide; ICS security 2015 Stouffer et al. (2015)
program; NIST SP 800-53
security controls

Finally, the NIST 800-82 (Stouffer et al., 2015) gives a guide to the
security of Industrial Control Systems by developing and deploying
an ICS security program, integrating security into network archi-
tectures, and implementing the security controls of the NIST SP
800-53 (NIST, 2013). These security controls, targeted at organiza-
tions and information systems supporting the executive agencies,
include information security program management controls and
privacy controls.
2.3. Methodological solutions for cybersecurity in Industry 4.0
The study of the literature has revealed the presence of a certain
number of methodological solutions that companies can adopt as
a guide in dealing with cybersecurity issues in 4.0 industrial envi-
ronments. In the following Table 2, an overview of the frameworks,
methodologies and approaches are collected and listed.
In particular, the NIST framework (NIST, 2018) for improv-
ing critical infrastructure cybersecurity is aimed at managing the
cybersecurity risks associated with Information Technology (IT),
Industrial Control Systems (ICS), Cyber-Physical Systems (CPS) and,
more generally, connected devices. The Framework includes five
core functions (i.e., identification, protection, detection, response,
and recovery) to be implemented through a set of security controls;
its objective is to support organizations by providing a common lan-
guage for understanding, managing and expressing cybersecurity
risk to internal and external stakeholders.
Moreover, (Babiceanu and Seker (2017)) propose a framework
for addressing systems cybersecurity and resilience for Software-
Defined Networks-based (SDN-based) manufacturing applications.
This framework pays attention to the identification of the system,
the definition of resilience objectives, the analysis of vulnerabili-
ties and the involvement of stakeholders, as important aspects to
be considered in order to maintain the manufacturing system in a
required state of security.
The DevOps approach (based on software development for
information technology operations) enables, instead, new scenar-
ios for monitoring industrial security (Jansen and Jeschke, 2018).
In particular, this approach consists of five steps (each of them
requires a high degree of automation): (1) Planning develop-
ment activities, based on user stories that rely on requirements
from customers and operations; (2) Developing and testing new
service features; (3) Releasing and deploying new software ver-
sions/features; (4) Operating the service and related software
within the operational environment; (5) Monitoring effectiveness
and efficiency. In general, the DevOps approach has proved to be
an appropriate framework for improving the quality of software
throughout its lifecycle.
On the other hand, with the aim to visually express security
risks of Industrial Control Systems, (Kobara (2016)) presents a new
attack tree approach, in which the problem is shown as root and
its sources as leaves. The proposed attack tree also allows to rep-
resent the severity level of each stage (node), the transferability
from one stage to another, and the countermeasures with their
effects.
There are different methods of risk assessment and identifi-
cation of potential threats to smart manufacturing systems (Wu
et al., 2018; Ren et al., 2017). For example, a typical risk assess-
ment method is the hierarchical model proposed by Zhu and
Basar (2011), which defines the boundaries of the system to assess
the risks and identifies the potential vulnerabilities on six layers:
physical, control, communication, network, supervisory and man-
agement.
Radanliev et al. (2018a); Radanliev et al. (2018b) propose an
impact assessment model for articulating possible impacts and cal-
culating the economic impact of Internet of Things (IoT) cyber risk.
In the proposed model, Monte Carlo simulation plays a key role in
reducing the IoT cyber risk uncertainty and in enabling the approx-
imation and estimation of the economic impact.
Lastly, (Januario et al. (2016)) propose a methodology for
assessing vulnerabilities in the context of SCADA systems. The
methodology entails: (i) for each component, a complete network
representation; (ii) for each subsystem, the definition of the func-
tions and decomposition of the components in each subsystem that
implements them; (iii) for each operation, the list of resources used
and the operations that can affect them.
 A. Corallo, M. Lazoi and M. Lezzi / Computers in Industry 114 (2020) 103165 5

Table 2
Cybersecurity methodological solutions in Industry 4.0.

Methodological Solution Industrial asset involved Keywords Year of Reference

publication

NIST Framework for
Improving Critical
Infrastructure
Cybersecurity
Cybersecurity and
resilience framework
DevOps approach
Attack tree approach
Hierarchical model for risk
assessment
Impact assessment model
Vulnerability assessment
methodology
Information Technology (IT), Framework; Critical 2018 NIST (2018)
Industrial Control Systems infrastructure cybersecurity;
(ICS), Cyber-Physical Systems Five core functions based
(CPS) and any other connected
devices
Software-defined Framework; Manufacturing 2017 Babiceanu and Seker
networking-based systems security; SDN-based (2017)
manufacturing applications
Cyber-Physical System (CPS), Approach; Industrial security 2018 Jansen and Jeschke (2018)
industrial automation monitoring; five step based
and control systems IACS
Industrial Control System (ICS) Approach; ICS security risks; 2016 Kobara (2016)
Attack tree
Industrial Control System (ICS) Model; Risk assessment 2011 Zhu and Basar (2011)
method; Smart manufacturing
systems; Six layers
vulnerabilities
Internet of Things (IoT) devices Model; IoT cyber risk; 2018 Radanliev et al. (2018a),
economic risk assessment Radanliev et al.(2018b)
Supervisory Control and Data Methodology; SCADA systems 2016 Januario et al. (2016)
Acquisition (SCADA) system vulnerabilities

3. Research design
3.1. Research aim
A significant number of methodological solutions have already
been developed in order to address cybersecurity issues in the
Industry 4.0. However, not much emphasis is placed on the analysis
of critical assets to protect against cyber-attacks and the result-
ing business impacts. On the other hand, this kind of analyses in
the context of networked manufacturing could play a strategic
role for companies to understand which industrial assets to invest
their efforts in terms of security, in what order of priority and to
what extent. With the aim to support company management in
dealing with such cybersecurity issues, in this study the focus is
on the assessment of the adverse business impacts resulting from
cybersecurity breaches to networked manufacturing machines. In
particular, the following research questions are addressed:
• RQ1. What are the critical assets that if affected by cyber threats
prevent the company from doing business?
• RQ2. What are the adverse business impacts due to cybersecurity
breaches?
• RQ3. What is the relationship between essential assets and busi-
ness impacts?
• RQ4. How to evaluate the business impact level?
3.2. Research method
Furthermore, with the aim to make this study strictly related
to industrial practice, ethnography has been used as research
method. Using field-notes, ethnography allows to collect evidence
and obtain results concerning the analysed context (Creswell and
Creswell, 2018). Several studies (Butlewski et al., 2016; Blomberg
et al., 2003; Mohedas et al., 2015; Kosaka, 2012) use ethnography
for supporting the activities of ideas definition, feedback collec-
tion and different alternatives evaluation for the design of products,
services and methods. Through the application of ethnography, the
context awareness increases and the research results achieved have
a higher level of suitability for the context explored (Jones, 2006).
Therefore, the field-notes (Bryma and Bell, 2015) were collected
by observing the operations of a manufacturing cell composed of
CNC machines. In particular, field-notes were taken on the work-
cycles performed within the manufacturing cell and on the input
and output data associated with the networked machine tools. The
focus was on data flow generated by the machines, the security
issues to be managed and the technologies used. The field-notes
were then re-read, coded and analysed in accordance with the pur-
poses of this study.
In conclusion, on the basis of the evidence collected in the liter-
ature, the NIST guidelines and the ethnography research method,
a structured classification of critical assets to be protected from
cyber-attacks and their business impacts has been defined. More-
over, the relationship between critical assets and business impact
was identified, as well as the methods of assessing business
impacts. The search schema, with the procedures and results, is
shown in Fig. 1.

The analysis of the state of the art has highlighted the lack of
an impact assessment methodology focused on the deep under-
standing and measurement of the impacts’ value in the context
of Industry 4.0. The literature analysis suggested some areas of
action and a gap to be filled in order to support companies in the
implementation of proper measures on cybersecurity.
In order to satisfy the research aim and answer research ques-
tions, the NIST 800-30 asset/impact-oriented approach (Ross, 2012)
has been considered as reference for addressing cybersecurity risks
in 4.0 industrial contexts. The NIST’s approach has as starting point
for risks assessment the identification of assets affected by threat
events and the impacts that could occur, possibly using the results
of a mission or business impact analysis and identifying threat
events that cause those impacts.
3.3. Ethnographic context
The ethnographic observations took place during the second half
of year 2018, in conjunction with the activities of TOREADOR Euro-
pean project1 and related industrial scenarios. The ethnography
context was that of manufacturing cells (see Fig. 2) of aeronautical
components, where there are a certain number of networked Com-
puter Numerical Control (CNC) machines equipped with sensors
and actuators. In particular, CNC machine tools are connected in the
network through sensors that record in real time a large amount
1
For more information on TOREADOR project see http://www.toreador-project.
eu/.
6 A. Corallo, M. Lazoi and M. Lezzi / Computers in Industry 114 (2020) 103165
Fig. 1. Search pattern.
Fig. 2. A simplified version of the manufacturing cell data flow.
of data on the machines health status and the workpieces’ prop-
erties. Machine information is sent through the OPC-UA protocol
towards some server in order to be processed and analysed; while,
workpieces data are provided by using the MTConnect standard to a
real-time software, in charge of collecting and displaying measure-
ment results and handing gauges without operator intervention.
Finally, the corrective commands, which are sent from the control
units to the machine tools, are implemented in the manufacturing
work cycles via the actuators.
The ethnographic context observed is representative of 4.0-
industrial environments. Actually, the manufacturing industry
of aeronautical components, like other manufacturing industries
where the production is supported by advanced technologies (such
as, cloud computing, big data analytics and machine learning) and
networked smart devices, is addressing the emerging challenges of
cybersecurity. In this case, attackers can take control of the manu-
facturing process to interface with the production or even alter the
quality of the products. In addition, confidential data associated
with the manufacturing process can be stolen, causing significant
economic damage to the company. Therefore, the flow of input and
output data associated with aeronautical manufacturing machines
represents a strategical knowledge for the company that needs to
be protected from any breach of cybersecurity.
4. Results
In the next subsections, the critical assets and business impacts
are classified, referring to the networked manufacturing machines
within Industry 4.0. Subsequently, with the aim of linking a specific
critical asset violated by a cyber-attack with its business impact, a
matrix of impacts is defined. Finally, the methods of evaluating the
business impacts are examined and some indicators are proposed.
4.1. Critical assets analysis
In order to assess the impacts of cyber threats on business per-
formance, one of the main points to focus on is the characterization
of the essential assets to be protected (Pfleeger et al., 2015).
With reference to the results of the literature review (Lezzi et al.
(2018)), based on the characterization of cybersecurity issues in
Industry 4.0 contexts, Cyber-Physical Systems (CPS) and Industrial
Control Systems (ICS) are considered the main industrial assets
involved in cybersecurity issues. These systems could be affected
by a number of vulnerabilities, potentially placed in every inter-
faces between different components where there is information
exchange (He et al., 2016). For instance, vulnerabilities of SCADA
systems (that are a subset of ICS) may concern the communica-
tion infrastructure and network protocols, application server and
database server, human machine interfaces, program logic con-
trollers and remote terminal units (Corbò et al., 2017; Januario
et al., 2016). At the same way, since modern Internet-connected
manufacturing machines (such as those in the bevel gears man-
ufacturing cell) are smart computing systems taking part of the
so-called Operational Technologies (OT), they may have the fol-
lowing vulnerabilities (Wu et al., 2018):
• Operating systems or firmware, which enable machine opera-
tions;
• Application software (e.g. CAD, CAM and CAE software, machine
control software, other general-purpose software), which allow
the machine to execute its work-cycles according to design, man-
ufacturing and engineering specifications.
• Industrial communication protocols (such as, MTconnect, Mod-
bus, Profibus, EtherNet/IP and OPC-UA), which enable digital data
communication between machine devices (sensors and actua-
tors) and other entities/devices through a network;
• Smart devices (such as sensors and actuators) embedded into
machines, which manage input and output data flow via wired
or wireless network.
Exploiting these vulnerabilities through cyber-attacks means
acting on data. In particular, data may be improperly intercepted
(data confidentiality breach), modified or falsified (data integrity
breach), or their flow may be interrupted (data availability breach).
4.1.1. Data categories identification
Data are the critical assets to be protected from cyber-attacks in
the context of Industry 4.0.
A number of data is associated with modern CNC machines,
equipped with smart devices that monitor in real time the machine
performance in reference to the entire production process (Tao et al.
(2018); Turner et al. (2015)). Fig. 3 shows the networked machines’
input and output data flow; this allows the following data cate-
gories (DCs) to be recognized:
• DC1: Product design information (e.g., dimension, weight and
material);
• DC2: Machine setting parameters (e.g., spindle speed, depth of
cut, feed rate, etc.);
• DC3: Machine operations sequence (e.g. the set of instructions for
tool position);
• DC4: Machine working parameters (e.g. spindle speed and motor
power, tools position, vibrations and temperature, and so on);
• DC5: Machine components’ status (e.g. actual tool wear);
• DC6: Workpiece properties (e.g. dimensional and geometric
accuracy, as well as surface roughness, texture and finish);
• DC7: Corrective instructions on machine setting parameters.
In particular, product geometrical information, machine setting
parameters and operation sequence are machine input data; they
go from a data processing system to the machine controller. On the
 A. Corallo, M. Lazoi and M. Lezzi / Computers in Industry 114 (2020) 103165
Fig. 3. Input and output data flow.
other hand, the machine working parameters and the status of its
components, as well as the workpiece properties are machine out-
put data, which go from smart sensors (embedded on machine) to
a control system (such as a SCADA system). Finally, the corrective
instruction on the machine setting parameters represent the feed-
back sent by the control system to the actuators installed on the
machine.
In general, the input and output data flow associated with net-
worked manufacturing machines is a strategical knowledge to be
preserved from any cybersecurity breaches.
4.2. Business impacts analysis
The adverse impact of a cybersecurity event can be described
in terms of loss or degradation of one or more of the following
data security requirements: confidentiality, integrity and availabil-
ity (Stoneburmer et al., 2002).
In particular, confidentiality requirement refers to the protec-
tion of information from unauthorized disclosure. In the context of
Industry 4.0, the business impact due to unauthorized disclosure
of confidential manufacturing information entails the loss of trade
secrets and intellectual property. This could undermine the com-
pany’s competitive advantage as the sole data owner, damage the
company’s image and reputation, as well as entail financial penal-
ties for having breached commercial agreements in the field of data
confidentiality. In this context, the loss of competitive advantage
in favour of competitors means to lose strategical knowledge on
processes or products (Ahmad et al., 2014); while, image and rep-
utation damages negatively impact on behaviour of stakeholder
(customers, suppliers/contractors, investors and potential employ-
ees) (Gatzert, 2015).
The integrity requirement, instead, refers to protect information
from improper modification so that the trustworthiness of data and
IT systems can be guaranteed. In Industry 4.0, when manufactur-
ing information is improperly manipulated, the business impact
results in the sabotage of the entire critical infrastructure or spe-
cific machines and components. In this way, there could be a quality
degradation of products realized, damage to working machines
and, more generally, a violation of standards and regulations in the
field of safety and pollution, as well as of commercial agreements
with customers on product specifications. In the worst case, life-
threatening situations for workers may occur (Tuptuk and Hailes,
2018).
Finally, the availability requirement guarantees that data are
accessible and usable on demand. If this security requirement is not
satisfied in Industry 4.0 environments, there is a denial of service of
networks, system devices or any other computational resource cor-
related to the manufacturing environment. This negatively affects
the business in terms of loss of system functionality and opera-
tional effectiveness, that is to say loss of production time (Hovav
7
and D’Arcy, 2019). All that may cause the breach of commercial
agreements with customers on delivery time, but also a quality
degradation of the workpieces for some types of manufacturing
processes.
4.2.1. Assessment methods
Business impacts can be classified as tangible or intangible if
respectively they can be measured quantitatively (e.g., loss of rev-
enue) or cannot be measured in specific units of measurement
but qualified (e.g., in terms of high, medium and low impacts)
(Stoneburmer et al., 2002).
In particular, tangible impacts are measured by evaluating the
costs to repair the system and correct problems when a cyber-
attack succeeds. For this reason, the theft of industrial trade secrets
and intellectual property means to sustain financial penalties due
to the violation of data confidentiality agreements with industrial
partners. On the other hand, the sabotage of the entire critical
infrastructure or specific machines and components entails a sig-
nificant expenditure for repairing the physical systems, greater
production waste due to degradation of product quality and loss
of sales due to machine downtime. Furthermore, the company can
face in financial penalties caused by the violation of regulations and
standards in the field of safety and pollution, and of commercial
agreements with customers on product specifications. In addition,
substantial financial penalties may be imposed on the company
when life-threatening situations for workers occur. Finally, denial
of service of networks, system devices or any other computational
resource involves a series of costs for restoring the system func-
tionalities, higher inventory levels for raw materials (or supplies)
and semi-finished goods, loss of sales due to machine downtime,
financial penalties for breaching of commercial agreements with
customers on delivery time and greater production waste due to
the quality degradation of the workpieces.
In the case of non-tangible impacts, such as reduction of compet-
itive advantage and damage to the company image and reputation
due to the theft of intellectual property after a cyber-attack, a
qualitative assessment can be made. This assessment concerns
the definition of the impacts magnitude according to the high,
medium and low three-dimensional scale. In particular, the loss
of competitive advantage in favour of competitors means to eval-
uate the impact magnitude for the loss of strategical knowledge
on manufacturing processes or products; while, image and rep-
utation damages can be evaluated in terms of negative impact
on behaviour of stakeholder (customers, suppliers/contractors,
investors or potential employees).
Based on the literature, the NIST guide and the ethnographic
observations, Table 3 provides an overview on the relationship
between the loss or degradation of data and systems security
requirements, the resulting business impacts and the methods to
assess them, in reference to Industry 4.0 contexts.
8 A. Corallo, M. Lazoi and M. Lezzi / Computers in Industry 114 (2020) 103165
4.3. Impact matrix definition
With the aim to relate the data categories (DC), identified in
4.1.1, with the loss of data security requirements, according to the
different types of business impacts (BI) described in section 4.2, an
impacts matrix is proposed (see Table 4). The matrix was populated
as a result of ethnographic observations conducted in the indus-
trial scenario of reference. In particular, the assignment of specific
business impacts to each data category is addressed to estimate
the business impacts level (in terms of Impact Magnitude - IM or
Impact Cost - IC).
4.3.1. Loss of data confidentiality
The loss of confidentiality of product design information (DC1)
could affect the reduction of competitive advantage in favour of
competitors due to the loss of distinctive knowledge about the
products and their making process (IM.1). At the same time, a dam-
age to company image and reputation (IM.2) could occur, so that
customers lose confidence in manufacturers and decide to change
supplier. In fact, it is reasonable to think that customers do not want
information about their products to be detected in an unauthorized
manner. Finally, the company may also incur financial penalties
(IC.4) due to the violation of data confidentiality agreements with
customers.
In the event of a loss of confidentiality of data relating to
the machine setting parameters (DC2) or the machine operations
sequence (DC3), it is expected that no significant business impact
will be observed. In fact, in the manufacturing industry, these data
categories, if taken individually, do not represent strategical knowl-
edge (which could affect the company competitive advantage), and
their unauthorized disclosure does not have significant negative
impacts on the behaviour of stakeholders or financial penalties in
favour of industrial partners.
On the other hand, losing confidentiality of data related to the
machine working parameters (DC4) or the status of its components
(DC5) could undermine the company image and reputation (IM.2)
since these data provide information on the health status of the
entire manufacturing system. Thus, if the machine malfunctions
were revealed, the company reliability would be compromised,
resulting in loss of customers and investors.
The loss of confidentiality of data on the properties of work-
pieces (DC6), as indicators of the product quality, could have a
negative impact on the company competitive advantage in favour
of its competitors (IM.1). In fact, in case of product defects, com-
petitors could take advantage of the situation, by adopting ad hoc
market strategies to gain a greater market share.
Finally, no significant business impact is expected to be observed
if there is a loss of confidentiality of data concerning corrective
instructions on machine setting parameters (DC7). As in the case
of data relating to machine setting parameters and operations
sequence, also these data, if taken individually, do not represent
strategical knowledge such as to influence the company com-
petitive advantage, neither their disclosure can cause significant
negative impacts on stakeholder behaviour or financial penalties
for the company.
4.3.2. Loss of data integrity
Concerning data integrity, unauthorized modification of prod-
uct design information (DC1) could lead to degradation of product
quality, as well as violation of commercial agreements with cus-
tomers about product specifications. Consequently, in the first case,
there will be increased production waste (IC.2) and sales losses
(IC.3) will occur; while, in the second case, the manufacturer will
incur financial penalties (IC.4).
The loss of integrity of data on the machine setting parameters
(DC2) could cause a quality degradation of the products and a vio-
lation both of the standards and regulations in the field of safety
and pollution (until the occurrence of life-threating situations for
workers) and of the commercial agreements with customers on
product specifications. Thus, greater production waste (IC.2) and
sales losses (IC.3) will characterize the first scenario; while, addi-
tional financial penalties (IC.4) will be applied for violation of safety
and pollution standards and regulations, or commercial agree-
ments.
Moreover, the loss of data integrity on the operations sequence
(DC3) that the machine has to run in the work-cycle could damage
the working machine itself, or cause the violation of standards and
regulations in the field of safety and pollution, until create life-
threatening situations for workers. Therefore, it will be necessary
to repair the physical systems (IC.1) and make financial efforts (IC.4)
to compensate for the violation of standards and regulations and
personal injury.
On the other hand, unauthorized modifications of data relating
to the machine working parameters (DC4) and the status of its com-
ponents (IC.5), as well as the workpieces’ properties (IC.6) do not
have significant business impacts. In fact, these are machine out-
put data that provide an overview of the health status of the entire
manufacturing system and the quality of the products realized,
so that their alteration could only increase controls on machines
and products before making other more impactful decisions on the
business.
Finally, with regard to the loss of integrity of data relating
to corrective instructions on machine setting parameters (IC.7),
the situation is similar to that of DC2 where significant business
impacts could occur in terms of quality degradation of products,
violation of standards and regulations in the field of safety and
pollution, and commercial agreements with customers. Therefore,
manufacturers will incur greater production waste (IC.2) and sales
losses (IC.3) due to the poor quality of products produced, as well
as financial penalties (IC.4) for having breached standards and reg-
ulations, or commercial agreements on product specifications.
4.3.3. Loss of data availability
The loss of availability of one or more categories of machine
input data, such as product design information (DC1), machine set-
ting parameters (DC2) and operations sequence (DC3), could result
in loss of productive time, as all these data are necessary to start
and run the manufacturing process. Moreover, there may be a con-
sequent violation of commercial agreements with customers on
product delivery time, as well as a quality degradation of work-
pieces due to the manufacturing process interruption. Therefore, it
will be required time-and-money consuming activities to restore
the system functionalities (IC.5) and to deal with the increased
inventory levels of raw materials (IC.6), which are waiting to be
processed. Moreover, costs for lost sales (IC.3) due to the block of
manufacturing operations, financial penalties (IC.4) for having vio-
lated commercial agreements, and greater production waste (IC.2)
in the event of quality degradation of workpieces will have to be
taken into account.
At the same way, by focusing on machine output data, such as
machine working parameters (DC4), machine components’ status
(DC5) and workpiece properties (DC6), and on machine correc-
tive instructions (DC7), their loss of availability could cause a loss
of production time due to unexpected machine downtime. As a
result, there may be a possible violation of commercial agreements
with customers on delivery time. This depends on the fact that no
predictive maintenance activity on machines can be carried out.
Therefore, manufacturers will incur financial efforts for restoring
system functionalities (IC.5), loss of sales (IC.3) and higher inven-
tory levels (IC.6) due to machines downtime, and non-compliance
 A. Corallo, M. Lazoi and M. Lezzi / Computers in Industry 114 (2020) 103165 9

Table 3
Security requirements, related business impacts and impacts assessment methods in I-4.0 contexts.

Security requirements Business impacts (BI) Assessment methods

Confidentiality:
protection of information from
unauthorized disclosure
Integrity:
Protection of information from
improper modification
Availability:
Protection of data in order to be
accessible and usable on demand
BI.1. Theft of industrial trade secrets and intellectual Qualitative assessment of Impacts Magnitude (IM):
property: IM.1. Loss of strategical knowledge on processes and
BI.1.1 Reduction of company competitive advantage. products
BI.1.2 Damage to company image and reputation. IM.2.Negative impact on stakeholder behaviour
BI.1.3 Violation of commercial agreements with industrial Quantitative assessment of Impacts Cost (IC):
partners on data confidentiality. IC.4. Financial penalties
BI.2. Sabotage of the entire critical infrastructure or Quantitative assessment of Impacts Cost (IC):
specific machines and components: IC.1. Repairing the physical systems
BI.2.1 Damages to working machines. IC.2. Higher production waste
BI.2.2 Quality degradation of products. IC.3. Lost sales
BI.2.3 Violation of standard and regulations in the field of IC.4. Financial penalties
safety and pollution.
BI.2.4 Violation of the commercial agreements with
customers on product specifications.
BI.2.5 Life-threatening situations for workers.
BI.3. Denial of service of networks, system devices or any Quantitative assessment of Impacts Cost (IC):
other computational resource: IC.5. Restoring the system functionalities
BI.3.1 Loss of productive time. IC.6. Higher inventory levels
BI.3.2 Violation of the commercial agreements with IC.3. Lost sales
customers on delivery time. IC.4. Financial penalties
BI.3.3 Quality degradation of the workpieces. IC.2. Higher production waste

with commercial agreements with customers on delivery time
(IC.4).
4.4. Business impact level assessment
Once the impact matrix has been defined, which provides an
overview of the business impacts associated with the loss of data
security requirements in the context of Industry 4.0, the level of
such impacts needs to be assessed. In order to achieve this goal,
the focus is on the matrix values definition (i.e., Impacts Cost and
Impacts Magnitude).
According to the NIST’s Guide for Conducting Risk Assessments
• IC.6. Higher inventory levels.
For each of these impact costs, a classification of the main terms
associated with them is provided (see Table 5).
In particular, repairing the physical systems (IC.1) includes a set
of direct costs related to the machine repairing, such as those of
removing broken parts, their disposal, the cost of spare parts, as
well as the costs of installing and testing new parts. In other words,
these costs are calculated as the sum of costs of all spare parts and
man-hours spent in replacement activities:

n

(Ross, 2012), the level of impact of a threat event can be defined as IC.1. = (cr i + chi )
“the magnitude of harm that can be expected to result from the con- i=1
sequences of unauthorized disclosure of information, unauthorized
where, cr is the cost for the spare part, ch is the cost of the man-
modification of information, unauthorized destruction of informa-
hours used to replace the part (such as the sum of the time needed
tion, or loss of information or information system availability”.
to remove and dispose of the broken parts, install and test the new
Although the way to calculate the different business impacts can
ones); while, i represents the number of parts to be replaced in a
be formalized, the impacts level (i.e. the matrix values) depends
given timeframe.
on the company, and in particular on the type and complexity
Then, if the production waste, due to the quality degradation of
of the manufacturing processes and products realized, or on the
products or workpieces, is higher than the normal working condi-
market strategies adopted into the referring industry. Moreover, in
tions (IC.2), some additional costs must be considered relating to
line with the impact matrix, the values related to the impact costs
the scrap materials produced for each defective product and the
change according to the combination of the data category under
inventory need for defective products.
evaluation and the security requirements being breached (confi-
dentiality, integrity or availability). For instance, IC.4 in BI.2.4 will 
n
be calculated using the same formula as IC.4 in BI.3.2 but will lead IC.2. = (cmj + cij )
to different results. j=1
In the following, the main points to focus on in order to esti-
mate the business impacts level are treated; they are based on In the IC.2 formula, cm is the cost of the scrap materials asso-
the quantitative and qualitative assessment methods introduced ciated with each product, ci is the cost for storing the defective
in sub-section 4.2.1. product; while, j represents the number of defective products real-
ized in a given timeframe.
4.4.1. Quantitative method On the other hand, loss of sales (IC.3) means taking into consid-
As emerged in 4.2.1, the quantitative method to be adopted for eration the costs associated with loss of profit for each product that
evaluating the business impacts level in the context of Industry 4.0 is not sold because of an interruption in production.
involves the assessment of the following impact costs:

n
IC.3. = cpk
• IC.1. Repairing the physical systems;
k=1
• IC.2. Higher production waste;
• IC.3. Lost sales; In this case, cp is the cost equal to the selling price of each prod-
• IC.4. Financial penalties; uct realized and k is the number of products realized in a given
• IC.5. Restoring the system functionalities; timeframe.
10 A. Corallo, M. Lazoi and M. Lezzi / Computers in Industry 114 (2020) 103165

Table 4
Impacts matrix.

Data categories Loss of confidentiality Loss of integrity Loss of availability

DC1 BI.1.1 Reduction of company BI.2.2 Quality degradation of products. BI.3.1 Loss of productive time.
Product design competitive advantage. IC.2. Higher production waste IC.5. Restoring the system functionalities
information IM.1. Loss of strategical IC.3. Lost sales IC.6. Higher inventory levels for raw materials
knowledge on products and BI.2.4 Violation of the commercial agreements (or supplies)
their making process. with customers on product specifications. IC.3. Lost sales
BI.1.2 Damage to company IC.4. Financial penalties BI.3.2 Violation of the commercial agreements
image and reputation. with customers on delivery time.
IM.2. Negative impact on IC.4. Financial penalties
customers’ behaviour. BI.3.3 Quality degradation of the workpieces.
BI.1.3 Violation of commercial IC.2. Higher production waste
agreements with customers on
data confidentiality
IC.4. Financial penalties
DC2 / BI.2.2 Quality degradation of products. BI.3.1 Loss of productive time.
Machine setting IC.2. Higher production waste IC.5. Restoring the system functionalities
parameters IC.3. Lost sales IC.6. Higher inventory levels for raw materials
BI.2.3 Violation of standard and regulations in (or supplies)
the field of safety and pollution. IC.3. Lost sales
IC 4. Financial penalties BI.3.2 Violation of the commercial agreements
BI.2.4 Violation of the commercial agreements with customers on delivery time.
with customers on product specifications. IC.4. Financial penalties
IC.4. Financial penalties BI.3.3 Quality degradation of the workpieces.
BI.2.5 Life-threatening situations for workers. IC.2. Higher production waste
IC.4. Financial penalties
DC3 / BI.2.1 Damages to working machines. BI.3.1 Loss of productive time.
Machine IC.1. Repairing the physical systems IC.5. Restoring the system functionalities
operations BI.2.3 Violation of standard and regulations in IC.6. Higher inventory levels for raw materials
sequence the field of safety and pollution. (or supplies)
IC.4. Financial penalties IC.3. Lost sales
BI.2.5 Life-threatening situations for workers. BI.3.2 Violation of the commercial agreements
IC.4. Financial penalties with customers on delivery time.
IC.4. Financial penalties
BI.3.3 Quality degradation of the workpieces.
IC.2. Higher production waste
DC4 BI.1.2 Damage to company / BI.3.1 Loss of productive time (no predictive
Machine working image and reputation. maintenance on machines)
parameters IM.2. Negative impact on IC.5. Restoring the system functionalities
customers and investors IC.6. Higher inventory levels for semi-finished
behaviour. goods
IC.3. Lost sales
BI.3.2 Violation of the commercial agreements
with customers on delivery time.
IC.4. Financial penalties
DC5 BI.1.2 Damage to company / BI.3.1 Loss of productive time (no predictive
Machine image and reputation. maintenance on machines)
components’ IM.2. Negative impact on IC.5. Restoring the system functionalities
status customers and investors IC.6. Higher inventory levels for semi-finished
behaviour. goods
IC.3. Lost sales
BI.3.2 Violation of the commercial agreements
with customers on delivery time.
IC.4. Financial penalties
DC6 BI.1.1 Reduction of company / BI.3.1 Loss of productive time (no predictive
Workpiece competitive advantage. maintenance on machines)
properties IM.1. Loss of strategical IC.5. Restoring the system functionalities
knowledge on products quality. IC.6. Higher inventory levels for semi-finished
goods
IC.3. Lost sales
BI.3.2 Violation of the commercial agreements
with customers on delivery time.
IC.4. Financial penalties
DC7 / BI.2.2 Quality degradation of products. BI.3.1 Loss of productive time (no predictive
Corrective IC.2. Higher production waste maintenance on machines)
instructions on IC.3. Lost sales IC.5. Restoring the system functionalities
machine setting BI.2.3 Violation of standard and regulations in IC.6. Higher inventory levels for semi-finished
parameters the field of safety and pollution. goods
IC 4. Financial penalties IC.3. Lost sales
BI.2.4 Violation of the commercial agreements BI.3.2 Violation of the commercial agreements
with customers on product specifications. with customers on delivery time.
IC.4. Financial penalties IC.4. Financial penalties
 A. Corallo, M. Lazoi and M. Lezzi / Computers in Industry 114 (2020) 103165 11

Table 5
Impact costs description.

Impact cost

Formula Description


n

IC 1. (Repairing the physical systems) = (cr i + chi ) cr = spare part cost

ch = cost of the man-hours spent for the replacement of parts (removal and disposal of broken
i=1
parts, installation and testing of new parts)
i = number of parts to be replaced

n

IC 2. (Higher production waste) = (cmj + cij ) cm = cost of the scrap materials associated with each product
ci = cost of storage of the defective product
j=1
j = number of defective products realized

n

IC 3. (Lost sales) = cpk cp = product selling price

k = number of products realized
k=1

n

m

IC 4. (Financial penalties) = csl + caq cs = fees paid for having breached safety and pollution regulations
ca = fees paid for having breached agreements with customers
l=1 q=1
l = number of safety and pollution regulations breached
q = number of agreements with customers breached
IC 5. (Restoring the system functionalities) = cj + ce + co cj = cost of man-hours spent on restoring the system
ce = cost for the purchase of hardware and software
co = cost of training the staff and/or outsourcing of the system maintenance service

n

IC 6. (Higher inventory levels) = (cc + ct p + cd p ) cc = cost for the space required for the storage of the single component or semi-finished good
ct = cost for the transport and handling that component or semi-finished good
p=1
cd = cost of taking risks of deterioration and/or obsolescence of that component or
semi-finished good
p = number of surplus parts to be stored

With regard to the financial penalties (IC.4) imposed on compa- and to transport and handle it; while, cd is the cost for taking risks
nies for breaching safety and pollution regulations (until creating of deterioration and/or obsolescence of that component or semi-
life-threatening situations for workers), or for failing to comply finished good. In this case, p is the number of surplus parts to be
agreements with customers regarding data confidentiality, prod- stored, in a given timeframe.
uct specifications or delivery time, you can refer to the following
formula: 4.4.2. Qualitative method

n 
m With the aim at qualitatively assessing the business impacts
IC.4. = csl + caq level in the context of Industry 4.0, the impacts magnitude has to
l=1 q=1 be considered with reference to:

where, cs and ca are respectively the fees paid by the company
for breaching safety and pollution regulations, and agreements
with industrial partners; while, l is the number of safety and pollu-
tion regulations breached and q is the number of agreements with
partners not respected, in a given timeframe.
Moreover, the restoration of system functionalities (IC.5)
includes the costs of man-hours used in the restoring tasks, and the
purchase of system hardware or software licenses (if necessary).
Where advanced technical skills not available within the company
are required, additional costs for staff training and/or outsourcing
of the system maintenance service have to be taken into consider-
ation.
IC.5. = cj + ce + co
where, cj is the cost for the man-hours spent in the system restoring
activities, ce is the cost for purchasing hardware and software, and
co is the cost for the training of personnel and/or outsourcing of the
system maintenance service, in a given timeframe.
Finally, when inventory levels of raw materials (or supplies),
semi-finished goods are higher than expected (IC.6), some addi-
tional costs are incurred for the space needed to store surplus
inventory, for transport and handling them, as well as for taking
risks of deterioration and/or obsolescence of parts.

n
IC.6. = (cc p + ct p + cdp )
p=1
The terms cc and ct are respectively the costs associated with
the space required to store each component (as surplus inventory)
• IM 1. Loss of strategical knowledge on processes and products;
• IM 2. Negative impact on stakeholder behaviour.
It is necessary to underline that the impact magnitude depends
on the specific data category.
In general, the impacts magnitude can be “low”, “medium” or
“high”. The NIST’s Risk Management Guide for Information Tech-
nology Systems (Stoneburmer et al., 2002) provides the following
description of the three main impact categories:
• High level of impact: exercise of the vulnerability (1) may result
in the highly costly loss of major tangible assets or resources;
(2) may significantly violate, harm, or impede an organization’s
mission, reputation, or interest; or (3) may result in human death
or serious injury.
• Medium level of impact: exercise of the vulnerability (1) may
result in the costly loss of tangible assets or resources; (2) may
violate, harm, or impede an organization’s mission, reputation,
or interest; or (3) may result in human injury.
• Low level of impact: exercise of the vulnerability (1) may result in
the loss of some tangible assets or resources or (2) may noticeably
affect an organization’s mission, reputation, or interest.
In this study, the expression “exercise of the vulnerability”
defines the condition for which one or more security requirements
(i.e., confidentiality, integrity, or availability) related to the specific
data category have been breached.
12 A. Corallo, M. Lazoi and M. Lezzi / Computers in Industry 114 (2020) 103165

Fig. 4. Business Impacts Summary Report for Machine Operations Sequence.

4.4.3. Example of application in a hypothetical scenario

For supporting the meaning and value of the proposed indica-
tors, their application in a hypothetical scenario is provided. The
reference scenario is represented by a manufacturing line consist-
ing of three CNC machines.
In this industrial scenario, the Program Manager decides to make
an evaluation of the business impacts due to cyber-attacks violat-
ing the integrity and availability of data related to the sequence of
machine operations (DC3). For this reason, he asks the Product Plan-
ning and Control unit to collaborate with the Finance and Business Fig. 5. Proposal of a flow of steps for future analysis.
unit in order to provide a summary of these impacts in the second
quarter of the year. At this time of the year, the production inten-
analysis in other Industry 4.0 contexts similar to or different from
sity is very high and customer requests are usually very restrictive,
the analysed manufacturing cell.
so the company needs to operate with maximum efficiency. In par-
To provide preliminary suggestions to this end to scientists,
ticular, the company is concerned about a loss of data availability
practitioners, consultants and industrial managers in cybersecurity,
that can prevent access and use of data when necessary, follow-
we suggest structuring the results into a four-step methodology
ing production planning. On the other hand, this can determine a
(see Fig. 5). In particular, each step can represent an element to
loss of production time, a violation of the commercial agreements
assess the business impact level, making companies aware of the
with customers on delivery time and a deterioration in the qual-
critical assets on which to focus their defensive efforts.
ity of parts. Moreover, the company is also concerned about a loss
As first step, we suggest the analysis of critical assets involved in
of data integrity related to the inability to protect the sequence of
cybersecurity issues in the industrial context of reference. Indeed,
the machine operations from inadequate modifications. This can
any cybersecurity breach of such assets, by exploiting systems’ vul-
cause damages to operating machines, violation of standard and
nerabilities, may negatively affect the business performance.
regulations in the field of safety and pollution and life-threatening
Parallel to the first, a second step can consist in characteriz-
situations for workers using machines.
ing the business impacts for each security requirement (i.e., data
The impact costs for loss of data availability on the machine
confidentiality, integrity and availability) breached in reference to
operations sequence can be summarized in the costs of restoring
manufacturing data and systems.
system functionalities, higher inventory levels for raw materials,
In a third step, instead, essential assets affected by cyber threats
loss of sales, financial penalties and higher production waste, as
to the specific business impacts can be related. Business impacts
calculated in table below (Table 6).
may occur in case of a breach of security requirements. This analysis
Considering, instead, the loss of integrity of data related to the
suggests the definition of an impact matrix.
sequence of operations of the machine, the impacts costs can be
Finally, the goal of a fourth step should be to define the business
the result of the costs of repair of physical systems and financial
impacts level, by adopting the proposed quantitative and qualita-
penalties paid as shown in the following table (Table 7).
tive assessment indicators.
The Production Planning and Control unit has synthesized these
For implementing each step in an industrial environment, dif-
values for the Program Manager in the summary report shown in
ferent types of analysis can be suggested (Table 8). In particular, for
Fig. 4.
the first and second steps, it is relevant the involvement of company
The Program Manager will use these data to evaluate the busi-
key informants in focus groups in order to detail the critical data
ness impacts that can be generated by a cyber-attack to the machine
categories and business impacts introduced in this study. Instead,
operations sequence and to address the appropriate actions in
for the third step, an on-line survey can be conducted for address-
terms of planning the next project activities and defining company
ing the company key informants with the aim to match critical data
strategies for the protection of these data.
with the business impacts that could occur in case of cybersecu-
rity breaches. Finally, the fourth and last step could be based on
semi-structured interviews with company experts to estimate the
5. Discussion for future analysis business impacts’ costs and magnitude, according to the indicators
proposed in this study. In order to gather information relevant to
The results described in the previous section provide a prag- define the impact costs, semi-structured interviews should be used
matic and complete picture of the assets/impacts and their to learn about product and manufacturing process information, fea-
relationship based on the explored context. These results are also an tures of Information and Technology systems, inventory levels and
important source of reference and starting point for leading future sales strategies from a supply chain management perspective, as
 A. Corallo, M. Lazoi and M. Lezzi / Computers in Industry 114 (2020) 103165 13

Table 6
Impact costs calculus for business impacts due to loss of availability.

Business impact: loss of productive time (BI.3.1)

Illustrative input Data Indicators

cj = 10 kD IC 5. (Restoring the system functionalities) = 37 kD
ce = 4 kD
co = 23 kD
p=3 IC 6. (Higher inventory levels) = 19 kD
cc = 5 kD
ct = 1 kD , 1 kD , 2 kD
cd = 2 kD , 3 kD , 2 kD
k=2 IC 3. (Lost sales) = 125 kD
cp = 60kD , 65kD

Business impact: violation of the commercial agreements with customers on delivery time (BI.3.2)

Illustrative input Data Indicator

l=2 IC 4. (Financial penalties) = 140kD
cs = 15kD , 25kD
q=1
ca = 100kD

Business impact: quality degradation of the workpieces (BI.3.3)

Illustrative Input Data Indicator

j=2 IC 2. (Higher production waste) = 7.5kD
cm = 1kD , 1.5kD
ci = 2kD , 3kD

Table 7
Impact costs calculus for business impacts due to loss of integrity.

Business impact: damages to working machines (BI.2.1)

Illustrative input Data Indicator

cr = 1kD , 0.5kD , 1kD ch = 3kD , 2kD , 3kD i = 3 IC 1. (Repairing the physical systems) = 10.5kD

Business impact: violation of standard and regulations in the field of safety and pollution (BI.2.3)

Illustrative input Data Indicator

l = 2cs = 15kD , 25kD q = 1ca = 100kD IC 4. (Financial penalties) = 140kD

Business impact: life-threatening situations for workers (BI.2.5)

Illustrative input Data Indicator

l = 2cs = 15kD , 25kD q = 1ca = 100kD IC 4. (Financial penalties) = 140kD

Table 8
Insights for steps accomplishment.

Type of analysis 1 – Results for industrial applications 2 - How they will be achieved

Step 1. Critical Assets Analysis Critical manufacturing data categories to be protected Focus groups
Step 2. Business Impact Analysis Business impacts to focus on Focus groups
Step 3. Impact Matrix Definition Business impacts associated with the specific data category On-line survey
Step 4. Business Impact Level Assessment Business impacts cost and magnitude estimates Semi-structured interviews

well as to investigate on legislative, system and security-related 6. Conclusion

documentation of the company. On the other hand, with the aim to
collect information relevant for evaluating the impact magnitude,
the semi-structured interviews should be carried out with techni-
cal and nontechnical management staff. The management, in fact,
has an overall view of the confidential data owned by the company,
which if known by other actors (i.e. suppliers, customers or com-
petitors) in the industry could cause a loss of competitive advantage
or a damage to the image and reputation of the company.
Therefore, taking advantage of the results obtained from this
study, companies could benefit from it as follows: characteriz-
ing the proper critical manufacturing data to be protected from
cyber-attacks; isolating the business impacts to focus on in case of
cybersecurity breaches; defining the business impacts due to the
specific data category breach; and estimating the business impacts’
costs and magnitude. To achieve these benefits, appropriate steps
of application and methods of analysis can be defined and carried
out, as discussed above.
Nowadays, cybersecurity is one of the main challenges that com-
panies approaching the Industry 4.0 paradigm have to deal with in
order to preserve their competitiveness.
Over the last years, European and international standard bodies
have defined standards and guidance documents in order to cre-
ate a common vision of the cybersecurity controls needed in the
industry, as well as methods to assess the effectiveness of these
controls.
The management of cybersecurity in Industry 4.0 is also an
emerging and relevant topic in the recent literature. In fact,
although the literature analysis suggests that there are a signifi-
cant number of methodological solutions to address cybersecurity
issues in the context of Industry 4.0, none of them focuses on
security issues by linking the critical assets to be protected from
cyber-attacks and the resulting business impacts providing also
a measure of them. For instance, the hierarchical model for risks
14 A. Corallo, M. Lazoi and M. Lezzi / Computers in Industry 114 (2020) 103165
assessment proposed by Zhu and Basar (2011) details the bound-
aries of the system to be protected based on six layers of analysis
(physical, control, communication, network, supervisory and man-
agement), but does not pay attention to the business impacts
related to the cybersecurity breach of each layer. In the same
way, the framework proposed by Babiceanu and Seker (2017) for
addressing systems’ cybersecurity and resilience focuses on system
identification, resilience objective setting, vulnerability analysis,
and stakeholder engagement, but does not analyse the business
impacts of cyber-attacks.
Instead, the impact assessment model of (Radanliev et al.
(2018a); Radanliev et al. (2018b)) calculates the economic impact
of the Internet of Things (IoT) cyber risk, but does not correlate
such impact cost with the loss of critical data associated with the
Cyber-Physical System affected by cyber threats.
Therefore, the ethnographic observation of the aeronautical
manufacturing cells (considered a case study representative of the
Industry 4.0), as well as the literature review, have made it possible
to obtain a four-steps methodology to assess the business impact
level due to cybersecurity breaches in 4.0-manufacturing environ-
ments. The proposed impacts assessment methodology provides
useful guidance for companies in addressing cybersecurity issues in
the context of Industry 4.0, assessing cyber risks according to NIST’s
asset/impact-oriented approach. The methodology is based on the
analysis of critical assets to be protected against cyber-attacks, neg-
ative business impacts due to cybersecurity breaches and the way in
which these two elements are related, providing companies with a
useful approach for assessing the cost/level of impacts and support
the decision making process.
It is expected that the results of this paper will support com-
panies in facing cybersecurity issues affecting the Industry 4.0,
while involving technical and nontechnical management staff in
the decision making process. In particular, the application of the
methodology within networked manufacturing contexts could
steer companies towards targeted investments in the field of cyber-
security.
However, the methodology does not take into account the
exploitable weaknesses/deficits of networked manufacturing sys-
tems, nor does it identify the cyber threat events that could exercise
such vulnerabilities. The next step of research will consist in
extending the methodology to include new steps of action also in
this direction.
Moreover, since this study focuses on CNC manufacturing
systems, the application of the methodology in industrial environ-
ments based on different production technologies (such as additive
manufacturing) could give rise to different results in the assess-
ment of business impacts. In fact, if the critical data associated
with different types of manufacturing machines are the same, as
well as the potential business impacts due to the loss of confiden-
tiality, integrity and availability of such data, their combination in
the impacts matrix changes depending on the production technol-
ogy and business strategy. Similarly, the cost and magnitude of
the impacts identified in the matrix changes. In order to expand
the study, future research will apply the methodology in a 4.0-
manufacturing environment where the business impacts level due
to cybersecurity breaches can be assessed as a function of the
change in the type of machines connected to the network. Finally,
the application of the methodology requires the involvement of the
company’s key informants in a series of activities, such as partici-
pation in focus groups, filling in online questionnaires, carrying out
semi-structured interviews. In order to obtain a good response rate,
and therefore consistent results, it is necessary to have the support
of top management. In other words, the management of cyberse-
curity issues will need to be a strategic and operational priority for
the company.
Declaration of competing interest
None declared.
References
MForesight, Computing Community Consortium (CCC), 2017. Cybersecurity for
Manufacturers: Securing the Digitized and Connected Factory. Thomas Mahoney
- MForesight.
Cisco, 2017. “Cisco 2017 Midyear Cybersecurity Report,” Cisco and/or Its Affiliates.
EEF (The Manufactureres’ Organisation), 2018. Cyber Security for Manufacturing.
EEF.
Ponemon Institute LLC (jointly developed by Accenture), 2017. “2017 Cost of Cyber
Crime Study,” Accenture.
Lezzi, M., Lazoi, M., Corallo, A., 2018. Cybersecurity for Industry 4.0 in the current
literature: a reference framework. Comput. Ind. 103, 97–110.
Barbier, J., Buckalew, L., Loucks, J., Moriarty, R., O’Connell, K., Riegel, M., 2016. Cyber-
security As a Growth Advantage. CISCO.
Waslo, R., Lewis, T., Hajj, R., Carton, R., 2017. Industry 4.0 and Cybersecurity. Man-
aging Risk in an Age of Connected Production. Deloitte University Press.
Deloitte, 2018. Risk Survey 2018. Transforming Risks into Opportunities. Deloitte.
European Network and Information Security Agency (ENISA), 2011. Protecting
Industrial Control Systems - Annex III: ICS Security Related Standards, Guide-
lines and Policy Documents. ENISA.
E.C.S. Organisation, 2017. State of the Art Syllabus - Overview of Existing Cyberse-
curity Standards and Certification Schemes. ECSO.
Ross, R.S., 2012. “NIST Special Publication 800-30. Guide for Conducting Risk Assess-
ments. National Institute of Standards and Technology.
Marketsand Markets, 2015. Aviation Cyber Security Market by Component (Service,
Solution), by Deployment (On-Cloud, On-premise), & by Region (North America,
Europe, Asia-pacific, Middle East & Africa, Latin America) - Forecast to 2020.
Marketsand Markets.
European Union Agency for Networked and Information Security (ENISA), 2018.
“Good Practice for Security of Internet of Things in the Context of Smart Manu-
facturing,” ENISA.
Behrendt, A., Müller, N., Odenwälder, P., Schmitz, C., 2017. Industry 4.0
demystified—lean’s next level,” McKinsey&Company, March [Online].
Available: https://www.mckinsey.com/business-functions/operations/our-
insights/industry-4-0-demystified-leans-next-level. [Accessed 12 June
2018].
Tuptuk, N., Hailes, S., 2018. Security of smart manufacturing systems. J. Manuf. Syst.
47, 93–106.
Wu, D., Ren, A., Zhang, W., Fan, F., Liu, P., Fu, X., 2018. Cybersecurity for digital
manufacturing. J. Manuf. Syst. 48, 3–12.
Sullivan, D., Luiijf, E., Colbert, E.J.M., 2016. Components of Industrial Control Systems.
In: Cyber-security of SCADA and Other Industrial Control Systems. Springer,
Cham, pp. 15–28.
ISA, North Carolina 2016. “The 62443 Series of Standards,” ISA.
Theron, P., Lazari, A., 2018. The IACS Cybersecurity Certification Framework (ICCF):
Lessons from the 2017 Study of the State of the Art. European Commission.
ANSSI, 2012. “Managing Cybersecurty for Industrial Control Systems,” ANSSI.
ANSSI, 2014a. Classification Method and Key Measures,” ANSSI.
ANSSI, 2014b. “Detailed Measures,” ANSSI.
American Petroleum Institute (API), 2016. API STD 1164,” American Petroleum Insti-
tute (API).
Bundesamt für Sicherheit in der Informationstechnik (BSI), 2013. ICS Security Com-
pendium. Federal Office for Information Security (BSI).
U.S. Department of Homeland Security, 2011. Catalog of Control System Security:
Reccommendations for Standards Developers. Homeland Security.
Industrial Control Systems Cyber Emergency Response Team, 2016. ICS-CERT Annual
Assessment Report,” National Cybersecurity and Communications Integration
Center (NCCIC).
Stouffer, k., Pillitteri, V., Lightman, S., Abrams, M., Hahn, A., 2015. “NIST Special Pub-
lication 800-82. Guide to Industrial Control Systems (ICS) Security,” National
Institute of Standard and Technology (NIST).
NIST, 2013. NIST Special Publication 800-53. Security and Privacy Controls for Fed-
eral Information Systems and Organizations. National Institute of Standards and
Technology.
NIST, 2018. Framework for Improving Critical Infrastructure Cybersecurity. National
Institute of Standards and Technology.
Babiceanu, R.F., Seker, R., 2017. Cybersecurity and resilience modelling for software-
defined networks-based manufacturing application. In: Service Orientation in
Holonic and Multi-Agent Manufacturing. Studies in Computational Intelligence.
Springer, Cham, pp. 167–176.
Jansen, C., Jeschke, S., 2018. Mitigating risks of digitalization through managed
industrial security services. AI Soc. J., 1–11.
Kobara, K., 2016. Cyber physical security for industrial control systems and IoT. IEICE
Trans. Inf. Syst. E99D (4), 787–795.
Zhu, Q., Craig, R., Basar, T., 2011. “A hierarchical security architecture for cyber-
physical systems. In: 2011 4th International Symposium on Resilient Control
Systems, Boise, ID, USA.
Radanliev, P., De Roure, D., Nurse, J.R., Nicolescu, R., Huth, H., Cannady, S., Montalvo,
R.M., 2018a. Integration of cyber security frameworks, models and approaches
 A. Corallo, M. Lazoi and M. Lezzi / Computers in Industry 114 (2020) 103165
for building design principles for the internet-of-things in industry 4.0. In: Living
in the Internet of Things: Cybersecurity of the IoT - 2018, London.
Radanliev, P., De Roure, D.C., Nicolescu, R., Michael, H., Montalvo, R.M., Cannady, S.,
Burnap, P., 2018b. Future developments in cyber risk assessment for the internet
of things. Comput. Ind. 102, 14–22.
Januario, F., Carvalho, C., Cardoso, A., Gil, P., 2016. Security challenges in SCADA
systems over wireless sensor and actuator networks. International Congress on
Ultra Modern Telecommunications and Control Systems and Workshops 2016.
Ren, A., Wu, D., Zhang, W., Terpenny, J., Liu, P., 2017. Cyber security in smart manufac-
turing: survey and challenges. 67th Annual Conference and Expo of the Institute
of Industrial Engineers.
Creswell, J.W., Creswell, J.D., 2018. Research Design, Los Angeles. SAGE.
Butlewski, M., Misztal, A., Belu, N., 2016. An analysis of the benefits of ethnography
design methods for product modelling. IOP Conference Series: Materials Science
and Engineering, vol. 145.
Blomberg, J., Burrel, M., Guest, G., 2003. An ethnographic approach to design. In: The
Human-Computer Interaction Handbook. Fundamentals, Evolving Technologies
and Emerging Applications. Lawrence Erlbaum Associates, Publishers.
Mohedas, I.S.S.A., Daly, S.R., Sienko, K.H., 2015. Applying design ethnography to prod-
uct evaluation: a case example of a medical device in a low-resource setting. In:
International Conference on Engineering Design, ICED15, Milan.
Kosaka, M., 2012. In: Naidoo, Loshini (Ed.), A Service Value Creation Model and
the Role of Ethnography. An Ethnography of Global Landscapes and Corridors.
InTech.
Jones, R., 2006. Experience models: where ethnography and design meet. Ethno-
graphic Praxis in Industry Conference Proceedings.
Bryman, A., Bell, E., 2015. Business Research Methods. Oxford University Press,
Oxford.
Pfleeger, C.P., P. S. L, M. J, 2015. Security in Computing. Prentice Hall.
He, H., Maple, C., Watson, T., Tiwari, A., Mehnen, J., Jin, Y., Gabrys, B., 2016. The
security challenges in the IoT enabled cyber-physical systems and opportunities
for evolutionary computing & other computational intelligence. In: 2016 IEEE
Congress on Evolutionary Computation.
Corbò, G., Foglietta, C., Palazzo, C., Panzieri, S., 2017. Smart behavioral filter for
industrial internet of things. In: Mobile Networks and Application. Springer, pp.
1–8.
Tao, F., Qi, Q., Liu, A., Kusiak, A., 2018. Data-driven smart manufacturing. J. Manuf.
Syst. 48, 157–169.
Turner, H., White, J., Camelio, J.A., Williams, C., Amos, B.P.R., 2015. Bad parts: are our
manufacturing systems at risk of silent cyberattacks? IEEE Secur. Priv. 13 (3),
40–47.
Stoneburmer, G., Goguen, A., Feringa, A., 2002. Risk management guide for informa-
tion technology systems. NIST Spec. Publ., 800–830.
Ahmad, A., Bosua, R., Scheepers, R., 2014. Protecting organizational competitive
advantage: a knowledge perspective. Comput. Secur. 42, 27–39.
15
Gatzert, N., 2015. The impact of corporate reputation and reputation damaging
events on financial performance: empirical evidence from the literature. Eur.
Manag. J. 33 (no. 6), 485–499.
Hovav, A., D’Arcy, J., 2003. The impact of denial-of-Service attack announcements
on the market value of firms. Risks Manage. Insurance Rev. 6 (2), 97–121.
Marianna Lezzi is a PhD candidate in Complex System Engineering at the Univer-
sity of Salento. Her research is about the management of cybersecurity risks within
Industry 4.0 contexts. She has been involved in European research projects (such as
PRACTICE and TOREADOR) based on the development of models for the management
of Big Data belonging to aeronautical companies. She has experience in the defini-
tion of innovative business management methodologies and secure collaborative
processes within the aeronautical supply chain.
Mariangela Lazoi, PhD, is Researcher at the Department of Innovation Engineering,
University of Salento. She received the Ph.D. degree in eBusiness from the University
of Salento, Lecce, in 2009. She is scientific responsible of national research projects
about new technologies implementation in manufacturing and creative industries
and is involved in European research projects about big-data management and
product-service system implementation. She is responsible of the area Digital Engi-
neering for Industry in the CORELab (Collaborative hOlistic Research Approach) in the
University of Salento and collaborates with different companies addressing tecno-
organizational solutions. Her research interests are product design methods and
tools, product lifecycle management, business process management and collabora-
tive tools.
Angelo Corallo received the M.Sc. degree in physics from the University of Lecce,
Lecce, Italy, in 1999. He is an Associated Professor with the Department of Inno-
vation Engineering, University of Salento, Lecce, and is responsible of CORELab
(Collaborative hOlistic Research Approach Laboratory) in the same University.
His main research interests include technologies and organizational strategies in
complex industries, knowledge management, and collaborative working environ-
ments in project and process-based organizations, with specific reference to the
aerospace industry and languages, methodologies, and technologies for knowledge
modelling. He is coordinator or scientific responsible of several research projects
such as: X@Work, Open Philosophies for Associative Autopoietic Digital Ecosys-
tems (OPAALS), Distributed Information Systems for Co-ordinated Service Oriented
interoperability (DISCORSO), Multichannel Adaptive Information system (MAIS),
Knowledge-based Innovation for the Web Infrastructure (KIWI), Towards Evolving
Knowledge-based internetworked Enterprise (TEKNE) Extended Net-Lab (X-Net-
Lab), Digital Business Ecosystem (DBE), Privacy-Preserving Computation in the
Cloud (PRACTICE), Secure Supply Chain Management (SecureSCM), Collaborative &
Robust Engineering using Simulation Capability Enabling Next Design Optimisation
(CRESCENDO), and TrustwOrthy model-awaRE Analytics Data platfORm (TORE-
ADOR).