Determining the Target Security Level for Automated Security Risk Assessments
Marco Ehrlich , André Bröring , Christian Diedrich , Jürgen Jasperneite , Wolfgang Kastner and Henning Trsek,Due to Industry 4.0 developments, the demanded modularity of manufacturing systems generates additional manual efforts for security experts to guarantee a secure operation. The rising utilization of information and the frequent changes of system structures necessitate a continuous and automated security engineering, especially by application of the mandatory security risk assessments. Collecting the required information for these assessments and formalising expert knowledge shall improve the security of modular manufacturing systems in the future. In order to automate the security risk assessment process, this work proposes a method to determine the Target Security Level (SL-T) in conformance to the IEC 62443 standard based on the MITRE ATT&CK framework and the Intel Threat Agent Library (TAL).
author | = | {Ehrlich, Marco and Bröring, André and Diedrich, Christian and Jasperneite, Jürgen and Kastner, Wolfgang and Trsek, Henning}, |
title | = | {Determining the Target Security Level for Automated Security Risk Assessments}, |
booktitle | = | {International Conference on Industrial Informatics (INDIN)}, |
year | = | {2023}, |
editor | = | {}, |
volume | = | {}, |
series | = | {}, |
pages | = | {0}, |
address | = | {Lemgo, Germany}, |
month | = | {Jul}, |
organisation | = | {}, |
publisher | = | {IEEE}, |
note | = | {}, |