Taxonomy for Cybersecurity Threat Attributes and Countermeasures in Smart Manufacturing Systems

TL;DR

This paper introduces a comprehensive taxonomy for cybersecurity threats and countermeasures in smart manufacturing systems, addressing gaps in existing classifications by including threat actors, system impacts, and operational implications.

Contribution

It proposes a holistic attack taxonomy that characterizes threat actors, attack methods, system impacts, and countermeasures, supported by real-world scenarios and case studies.

Findings

Holistic classification of manufacturing cyber threats and countermeasures.

Illustration of taxonomy with realistic attack scenarios.

Guidance for designing protective and detective measures.

Abstract

An attack taxonomy offers a consistent and structured classification scheme to systematically understand, identify, and classify cybersecurity threat attributes. However, existing taxonomies only focus on a narrow range of attacks and limited threat attributes, lacking a comprehensive characterization of manufacturing cybersecurity threats. There is little to no focus on characterizing threat actors and their intent, specific system and machine behavioral deviations introduced by cyberattacks, system-level and operational implications of attacks, and potential countermeasures against those attacks. To close this pressing research gap, this work proposes a comprehensive attack taxonomy for a holistic understanding and characterization of cybersecurity threats in manufacturing systems. Specifically, it introduces taxonomical classifications for threat actors and their intent and potential alterations in system behavior due to threat events. The proposed taxonomy categorizes attack methods/vectors and targets/locations and incorporates operational and system-level attack impacts. This paper also presents a classification structure for countermeasures, provides examples of potential countermeasures, and explains how they fit into the proposed taxonomical classification. Finally, the implementation of the proposed taxonomy is illustrated using two realistic scenarios of attacks on typical smart manufacturing systems, as well as several real-world cyber-physical attack incidents and academic case studies. The developed manufacturing attack taxonomy offers a holistic view of the attack chain in manufacturing systems, starting from the attack launch to the possible damages and system behavior changes within the system. Furthermore, it guides the design and development of appropriate protective and detective countermeasures by leveraging the attack realization through observed system deviations.