Proceedings of the

The 33rd European Safety and Reliability Conference (ESREL 2023)
3 – 8 September 2023, Southampton, UK

Creating a Testbed for Cyber Security Assessment of Industrial 4.0 Factory Infrastructure

Per-Arne Jørgensena and Stine Aurora Mikkelsplassb

Risk & Security Department, Institute for Energy Technology / Østfold University College, Norway.


Addressing cyber security in Industry 4.0 is challenging, as it requires a holistic view of the perspectives of people, processes and technology. To understand how industrial control systems (ICS) are affected by cyberattacks, we must first understand how systems behave during normal operation. The emergence of Industry 4.0, and the upcoming Industry 5.0, results in industries deliberately connecting both new and legacy operational technology (OT) to the internet, i.e., information technology (IT). This interconnection between IT and OT is motivated by gaining data insights to increase efficiency and economic gain, as well as the opportunity to centralise both security monitoring and control over the factory floor. This convergence of IT and OT environments makes OT systems susceptible to external attacks. To obtain realistic insights into the introduced vulnerabilities, real systems should be exposed to cyber security event conditions in hardware in the loop environments. We are using an Industry 4.0 training factory for this purpose from the German company Fishertechnik. The setup of the ICS testbed was comprised of a training and learning environment that through learning can provide comprehends Industry 4.0 applications and demonstration. The Industry 4.0 factory environment is controlled by a real SIMATIC S7-1500 programmable logic controller (PLC) from SIEMENS. The components building up this out-of-the-box setup consist of different factory modules that replicate real components. In this paper, we present how we have established an ICS testbed, including the challenges experienced from aligning best practices, architecture designs and guidelines for network communication and integrating different agents (data beats) for data collection. We will also discuss the use of a SIEM solution, called Elasticstack, for data collection to provide these insights for further exploration of methods for anomaly detection and knowledge building.

Keywords: Industry 4.0, IACS, ICS, IT/OT, Cybersecurity, Monitoring, Elastic stack.

Download PDF