Cyber Security Anomaly Detection In An Industry 4.0 Testbed – Results and Experiences

This study investigates Industry 4.0 cybersecurity challenges and how the interconnection of information technology (IT) and operational technology (OT) impacts industrial control systems (ICS) vulnerability to cyber-attacks. An ICS testbed, connected to an IT system for data processing and anomaly detection, was designed to examine monitoring and detecting cybersecurity threats using the Elastic Stack. The testbed comprises an OT environment featuring a FischerTechnik Industry 4.0 Training Factory controlled by a Siemens S7-1500 programmable logic controller (PLC). It also employs Elastic, a search-powered solution, for data collection and processing. Elastic "beats" (agents) were used for data collection, including Heartbeat, Machinebeat, Filebeat, and Packetbeat. The research employed the Microsoft Threat Modelling Tool to identify threats and vulnerabilities, generating a prioritised threat list. Based on this list, a security event was developed. We found that Elastic Beats and Security Information Event Management (SIEM) struggled to operate effectively in an ICS environment, with issues reading OT data protocols, such as OPC-UA and Siemens S7. In this paper, we examine the significance of choosing appropriate OT data to establish a baseline for cybersecurity and its potential impact. Additionally, we discuss challenges related to competence building in ICS security, TIA Portal functionality, PLC functionality, and OT data handling.

Keywords: Industrial control systems, Cybersecurity, Anomaly detection, IT-OT systems, Industry 4.0, IoT.

Download PDF