A Security Analysis Method for Industrial Internet of Things

The industrial Internet of Things (IIoT) provide an opportunity for industries to build large interconnected systems that utilize various technologies, such as personal computers, wireless devices, and sensor devices, and bring together the cyber and the physical worlds. Such systems provide us with huge advantages but they also introduce major security challenges at both the design and runtime stages. The literature argues for the need to introduce security-by-design methods, which enable security analysis and mitigation of security threats. This paper proposes a novel security-by-design method for IIoT environments across two different levels, design/modeling, and runtime/simulation. Our method supports the analysis of security requirements and identification of attack paths and their integration for the mitigation of potential vulnerabilities. We demonstrate its applicability through a real case study on a critical environment from the maritime sector, which demonstrates that our method helps to identify security mechanisms to mitigate attacks on critical assets.