---
_id: '12831'
abstract:
- lang: eng
  text: The overall Industry 4.0 developments and the highly dynamic threat landscape
    enhance the need for continuous security engineering of industrial components,
    modules, and systems. Security risk assessments play a major role to ensure a
    secure operation of Industrial Automation and Control Systems (IACSs) but are
    mostly neglected due to missing resources and a lack of human experts for the
    sophisticated manual tasks. Therefore, a method for information and process modelling
    regarding the automation of security risk assessments has been previously designed,
    but not yet evaluated. This work in progress begins the evaluation of the automated
    security risk assessment concept by investigating the related work and identifying
    the main deficits. The results include a requirements analysis for the verification
    and an outlook towards future evaluation aspects.
author:
- first_name: Marco
  full_name: Ehrlich, Marco
  id: '61562'
  last_name: Ehrlich
- first_name: Georg
  full_name: Lukas, Georg
  last_name: Lukas
- first_name: Henning
  full_name: Trsek, Henning
  id: '1486'
  last_name: Trsek
  orcid: 0000-0002-0133-0656
- first_name: Jürgen
  full_name: Jasperneite, Jürgen
  id: '1899'
  last_name: Jasperneite
- first_name: Wolfgang
  full_name: Kastner, Wolfgang
  last_name: Kastner
- first_name: Christian
  full_name: Diedrich, Christian
  last_name: Diedrich
citation:
  ama: Ehrlich M, Lukas G, Trsek H, Jasperneite J, Kastner W, Diedrich C. <i>Requirements
    Analysis for the Evaluation of Automated Security Risk Assessments</i>. IEEE;
    2024:180-183. doi:<a href="https://doi.org/10.1109/wfcs60972.2024.10540830">10.1109/wfcs60972.2024.10540830</a>
  apa: Ehrlich, M., Lukas, G., Trsek, H., Jasperneite, J., Kastner, W., &#38; Diedrich,
    C. (2024). Requirements Analysis for the Evaluation of Automated Security Risk
    Assessments. In <i>2024 IEEE 20th International Conference on Factory Communication
    Systems (WFCS)</i> (pp. 180–183). IEEE. <a href="https://doi.org/10.1109/wfcs60972.2024.10540830">https://doi.org/10.1109/wfcs60972.2024.10540830</a>
  bjps: '<b>Ehrlich M <i>et al.</i></b> (2024) <i>Requirements Analysis for the Evaluation
    of Automated Security Risk Assessments</i>. [Piscataway, NJ]: IEEE.'
  chicago: 'Ehrlich, Marco, Georg Lukas, Henning Trsek, Jürgen Jasperneite, Wolfgang
    Kastner, and Christian Diedrich. <i>Requirements Analysis for the Evaluation of
    Automated Security Risk Assessments</i>. <i>2024 IEEE 20th International Conference
    on Factory Communication Systems (WFCS)</i>. IEEE International Workshop on Factory
    Communication Systems. [Piscataway, NJ]: IEEE, 2024. <a href="https://doi.org/10.1109/wfcs60972.2024.10540830">https://doi.org/10.1109/wfcs60972.2024.10540830</a>.'
  chicago-de: 'Ehrlich, Marco, Georg Lukas, Henning Trsek, Jürgen Jasperneite, Wolfgang
    Kastner und Christian Diedrich. 2024. <i>Requirements Analysis for the Evaluation
    of Automated Security Risk Assessments</i>. <i>2024 IEEE 20th International Conference
    on Factory Communication Systems (WFCS)</i>. IEEE International Workshop on Factory
    Communication Systems. [Piscataway, NJ]: IEEE. doi:<a href="https://doi.org/10.1109/wfcs60972.2024.10540830">10.1109/wfcs60972.2024.10540830</a>,
    .'
  din1505-2-1: '<span style="font-variant:small-caps;">Ehrlich, Marco</span> ; <span
    style="font-variant:small-caps;">Lukas, Georg</span> ; <span style="font-variant:small-caps;">Trsek,
    Henning</span> ; <span style="font-variant:small-caps;">Jasperneite, Jürgen</span>
    ; <span style="font-variant:small-caps;">Kastner, Wolfgang</span> ; <span style="font-variant:small-caps;">Diedrich,
    Christian</span>: <i>Requirements Analysis for the Evaluation of Automated Security
    Risk Assessments</i>, <i>IEEE International Workshop on Factory Communication
    Systems</i>. [Piscataway, NJ] : IEEE, 2024'
  havard: M. Ehrlich, G. Lukas, H. Trsek, J. Jasperneite, W. Kastner, C. Diedrich,
    Requirements Analysis for the Evaluation of Automated Security Risk Assessments,
    IEEE, [Piscataway, NJ], 2024.
  ieee: 'M. Ehrlich, G. Lukas, H. Trsek, J. Jasperneite, W. Kastner, and C. Diedrich,
    <i>Requirements Analysis for the Evaluation of Automated Security Risk Assessments</i>.
    [Piscataway, NJ]: IEEE, 2024, pp. 180–183. doi: <a href="https://doi.org/10.1109/wfcs60972.2024.10540830">10.1109/wfcs60972.2024.10540830</a>.'
  mla: Ehrlich, Marco, et al. “Requirements Analysis for the Evaluation of Automated
    Security Risk Assessments.” <i>2024 IEEE 20th International Conference on Factory
    Communication Systems (WFCS)</i>, IEEE, 2024, pp. 180–83, <a href="https://doi.org/10.1109/wfcs60972.2024.10540830">https://doi.org/10.1109/wfcs60972.2024.10540830</a>.
  short: M. Ehrlich, G. Lukas, H. Trsek, J. Jasperneite, W. Kastner, C. Diedrich,
    Requirements Analysis for the Evaluation of Automated Security Risk Assessments,
    IEEE, [Piscataway, NJ], 2024.
  ufg: '<b>Ehrlich, Marco u. a.</b>: Requirements Analysis for the Evaluation of Automated
    Security Risk Assessments, [Piscataway, NJ] 2024 (IEEE International Workshop
    on Factory Communication Systems).'
  van: 'Ehrlich M, Lukas G, Trsek H, Jasperneite J, Kastner W, Diedrich C. Requirements
    Analysis for the Evaluation of Automated Security Risk Assessments. 2024 IEEE
    20th International Conference on Factory Communication Systems (WFCS). [Piscataway,
    NJ]: IEEE; 2024. (IEEE International Workshop on Factory Communication Systems).'
conference:
  end_date: 2024-04-19
  location: Toulouse, FRANCE
  name: 20th International Conference on Factory Communication Systems (WFCS)
  start_date: 2024-04-17
date_created: 2025-04-23T07:50:00Z
date_updated: 2025-06-25T12:59:44Z
department:
- _id: DEP5023
doi: 10.1109/wfcs60972.2024.10540830
keyword:
- Industry 4.0
- Security
- Risk Assessment
- Automation
- Requirements
- Evaluation
- Verification
language:
- iso: eng
page: 180-183
place: '[Piscataway, NJ]'
publication: 2024 IEEE 20th International Conference on Factory Communication Systems
  (WFCS)
publication_identifier:
  eisbn:
  - 979-8-3503-1934-7
  isbn:
  - 979-8-3503-1935-4
  - 979-8-3503-1933-0
  issn:
  - 2835-8511
publication_status: published
publisher: IEEE
series_title: IEEE International Workshop on Factory Communication Systems
status: public
title: Requirements Analysis for the Evaluation of Automated Security Risk Assessments
type: conference_editor_article
user_id: '83781'
year: '2024'
...
---
_id: '12875'
abstract:
- lang: eng
  text: 'Manufacturing systems based on Industry 4.0 concepts provide a greater availability
    of data and have modular characteristics enabling frequent changes. This raises
    the need for new security engineering concepts that cover the increasing complexity
    and frequency of mandatory security risk assessments. In contrast, the current
    standardization landscape used for the assessment of these systems only offers
    abstract, static, manual, and resource-intensive procedures. Therefore, this work
    proposes a method that further specifies the IEC 62443 aiming to automate the
    security risk assessments in such a way that manual efforts can be reduced and
    a consistent quality can be achieved. The methodology is presented using network
    segmentation as a guiding example and consists of four main steps: Information
    collection based on a process analysis, information formalisation with a semi-formal
    model, information usage applying first order logic to extract expert knowledge,
    and information access using the concept of the digital twin. In addition, the
    applicability of the IEC 62443 standard to the risk assessment of modular manufacturing
    systems is evaluated.'
alternative_title:
- Process analysis and information model proposal
author:
- first_name: Marco
  full_name: Ehrlich, Marco
  id: '61562'
  last_name: Ehrlich
- first_name: Andre
  full_name: Bröring, Andre
  id: '65130'
  last_name: Bröring
- first_name: Christian
  full_name: Diedrich, Christian
  last_name: Diedrich
- first_name: Jürgen
  full_name: Jasperneite, Jürgen
  id: '1899'
  last_name: Jasperneite
citation:
  ama: 'Ehrlich M, Bröring A, Diedrich C, Jasperneite J. Towards automated risk assessments
    for modular manufacturing systems. <i>Automatisierungstechnik : AT </i>. 2023;71(6):453-466.
    doi:<a href="https://doi.org/10.1515/auto-2022-0098">10.1515/auto-2022-0098</a>'
  apa: 'Ehrlich, M., Bröring, A., Diedrich, C., &#38; Jasperneite, J. (2023). Towards
    automated risk assessments for modular manufacturing systems. <i>Automatisierungstechnik :
    AT </i>, <i>71</i>(6), 453–466. <a href="https://doi.org/10.1515/auto-2022-0098">https://doi.org/10.1515/auto-2022-0098</a>'
  bjps: '<b>Ehrlich M <i>et al.</i></b> (2023) Towards Automated Risk Assessments
    for Modular Manufacturing Systems. <i>Automatisierungstechnik : AT </i> <b>71</b>,
    453–466.'
  chicago: 'Ehrlich, Marco, Andre Bröring, Christian Diedrich, and Jürgen Jasperneite.
    “Towards Automated Risk Assessments for Modular Manufacturing Systems.” <i>Automatisierungstechnik :
    AT </i> 71, no. 6 (2023): 453–66. <a href="https://doi.org/10.1515/auto-2022-0098">https://doi.org/10.1515/auto-2022-0098</a>.'
  chicago-de: 'Ehrlich, Marco, Andre Bröring, Christian Diedrich und Jürgen Jasperneite.
    2023. Towards automated risk assessments for modular manufacturing systems. <i>Automatisierungstechnik :
    AT </i> 71, Nr. 6: 453–466. doi:<a href="https://doi.org/10.1515/auto-2022-0098">10.1515/auto-2022-0098</a>,
    .'
  din1505-2-1: '<span style="font-variant:small-caps;">Ehrlich, Marco</span> ; <span
    style="font-variant:small-caps;">Bröring, Andre</span> ; <span style="font-variant:small-caps;">Diedrich,
    Christian</span> ; <span style="font-variant:small-caps;">Jasperneite, Jürgen</span>:
    Towards automated risk assessments for modular manufacturing systems. In: <i>Automatisierungstechnik :
    AT </i> Bd. 71. Berlin, Walter de Gruyter GmbH (2023), Nr. 6, S. 453–466'
  havard: 'M. Ehrlich, A. Bröring, C. Diedrich, J. Jasperneite, Towards automated
    risk assessments for modular manufacturing systems, Automatisierungstechnik :
    AT . 71 (2023) 453–466.'
  ieee: 'M. Ehrlich, A. Bröring, C. Diedrich, and J. Jasperneite, “Towards automated
    risk assessments for modular manufacturing systems,” <i>Automatisierungstechnik :
    AT </i>, vol. 71, no. 6, pp. 453–466, 2023, doi: <a href="https://doi.org/10.1515/auto-2022-0098">10.1515/auto-2022-0098</a>.'
  mla: 'Ehrlich, Marco, et al. “Towards Automated Risk Assessments for Modular Manufacturing
    Systems.” <i>Automatisierungstechnik : AT </i>, vol. 71, no. 6, 2023, pp. 453–66,
    <a href="https://doi.org/10.1515/auto-2022-0098">https://doi.org/10.1515/auto-2022-0098</a>.'
  short: 'M. Ehrlich, A. Bröring, C. Diedrich, J. Jasperneite, Automatisierungstechnik :
    AT  71 (2023) 453–466.'
  ufg: '<b>Ehrlich, Marco u. a.</b>: Towards automated risk assessments for modular
    manufacturing systems, in: <i>Automatisierungstechnik : AT </i> 71 (2023), H.
    6,  S. 453–466.'
  van: 'Ehrlich M, Bröring A, Diedrich C, Jasperneite J. Towards automated risk assessments
    for modular manufacturing systems. Automatisierungstechnik : AT . 2023;71(6):453–66.'
date_created: 2025-04-29T07:17:44Z
date_updated: 2025-06-25T13:14:59Z
department:
- _id: DEP5023
doi: 10.1515/auto-2022-0098
external_id:
  isi:
  - '001004217900004'
intvolume: '        71'
isi: '1'
issue: '6'
keyword:
- sasset administration shell
- automation
- information model
- modular manufacturing system
- risk assessment
- security
language:
- iso: eng
page: 453-466
place: Berlin
publication: 'Automatisierungstechnik : AT '
publication_identifier:
  eissn:
  - 2196-677X
  issn:
  - 0178-2312
publication_status: published
publisher: Walter de Gruyter GmbH
status: public
title: Towards automated risk assessments for modular manufacturing systems
type: scientific_journal_article
user_id: '83781'
volume: 71
year: '2023'
...