Please enable JavaScript.
Coggle requires JavaScript to display documents.
Conclusion - Coggle Diagram
Conclusion
What did we find out/results
systems can be clustered according to VDI
attacks can be clustered
Specific attack patterns
Specific assets that are most vulnerable
Without much effort organizational countermeasures can be really effective to prevent attacks
other way around also applies: without organizational measures, company is at risk
Security must be made an objective to successfully prevent attacks at early stage
Transition to industry 4.0/ connected system needs security as a means to counter willfull/unwillful wrongdoing early on
Atttacks dont have to come from the outside
Attacks dont need to be initiated by evil doers, errors by trained personal is possible, regardless of wether it is done in in the development phase of the system or by cleaning staff
Limitations
Multilayered attacks
Standardization
to be fair it is standardized
Verification/Falsification
Only guideline to actions
Audit/Documentation on company part
Multiple points of view necesarry
Costs for countermeasures
Digital reprasentation would help
Started Applying the general model as UML diagrams
Proclamation of functioning system
Requires
Company input as repr. of structure analysis
Database of attacks as Class
Database of assets
Database of countermeasures
Function
Connecting Databases/Class with one another
Which attacks can be derived from which assets
Connecting strings with one another
Mapping company input to the general model
Goal
Quick queck, which attacks may be possible, what can be done about it, what it would cost
Where to go from here
Transfer to other systems
General model
Digital model necessary
UML/AutomationML model
Integration into communication infrastructure
Security as an objective
Stiwa integration
Other points of view necessary
guideline to possible actions
Benefits
A general model can be generated from this documentation
Stiwa modules represent reoccuring models in engineering environment
With specific assets, threats, etc...
Documentation + VDI provides guideline that can be used for other system
Table with reprasentations