A Cybersecurity Prospective on Industry 4.0: Enabler Role of Identity and Access Management

Rapid development of intelligent machinery is expected to be foundational to prospective evolution of Industry 4.0, especially for traditional industries such as the energy sector. Nanodevices, context-aware sensors, and advanced forms of robotics are expected to formulate fully autonomous cyber-physical systems capable of replacing contemporary human-operated machinery used to perform significant construction activities in hydrocarbon facilities projects. For instance, oil & gas pipeline construction projects may transform into autonomous processes through means of such intelligent cyber-physical machines leveraging contextual awareness, data mining, and analytics techniques. Such projects typically present production lifecycle vectors comprising of material procurement, logistics, and customer demand, in consistency with typical Industry 4.0 business structuring. The intelligence introduced within such vectors present significant impacts on cybersecurity factors, including production integrity, availability, and relevant confidentiality. In this paper, we study influencing factors of cybersecurity on prospective Industry 4.0's main subjects: Industrial Internet of Things (IIoT), extending to those playing role in hydrocarbon construction management. We present the status quo in IIoT cybersecurity challenges and mitigations mechanisms and strategies, in sync with potential developments of advanced cyber-physical industrial machines. The relationship of prospective IIoT advances in tandem with possible cybersecurity challenges is explored. Consequently, a gap analysis is conducted to highlight essential cybersecurity controls and whether they are already present or to be developed. We use identified gaps as engineering elements for a suggested Identity and Access Management (IAM) framework capable of: devising appropriate physical and logical controls, meeting predefined business risk profile, and assuring compliance with state or industrial compliance criteria. To qualitatively ensure validity of the framework, we draw similarity of cybersecurity challenges from similar manufacturing disciplines - to infer applicability, and apply our framework to similar challenges in these industries. We ultimately conclude effectiveness of IAM as an enabler safeguard of Industry 4.0 against relevant cybersecurity issues. The summary of our research results is presented as follows: an inventory of major categories of risks applicable to Industry 4.0 cyber-physical subjects, potential gaps in relevant cybersecurity controls, and an IAM framework made of factors designed to address the associated risks. We present a set of effectively implementable blueprints of the IAM framework developed using the Open Group Architecture Framework (TOGAF) technique, a premier methodology in the enterprise architecture modeling. Novelty of our work is primarily stemmed from the idea of targeting the hydrocarbon construction management domain with firm forms of cyber-physical subjects, along with demonstrating roles of IAM in protecting the subjects’ intelligent capabilities by enforcing IAM’s cybersecurity controls. Our IAM framework will be flexible to adapt to theoretically all roles that intelligent cyber-physical machines can be designed for, and across the entire lifecycle vectors.