@misc{11158,
  abstract     = {{Due to Industry 4.0 developments, the demanded modularity of manufacturing systems generates additional manual efforts for security experts to guarantee a secure operation. The rising utilization of information and the frequent changes of systems necessitate continuous security engineering. Therefore, this work in progress presents the specification and prototypical implementation for automated security risk assessments. In addition, an outlook towards the associated validation, verification, evaluation, and hypothesis testing is given.}},
  author       = {{Ehrlich, Marco and Bröring, Andre and Trsek, Henning and Jasperneite, Jürgen and Diedrich, Christian}},
  booktitle    = {{2023 IEEE 28th International Conference on Emerging Technologies and Factory Automation (ETFA)}},
  isbn         = {{979-8-3503-3992-5}},
  location     = {{ Sinaia, Romania }},
  publisher    = {{IEEE}},
  title        = {{{Evaluation Concept for Prototypical Implementation towards Automated Security Risk Assessments}}},
  doi          = {{10.1109/etfa54631.2023.10275455}},
  year         = {{2023}},
}

@misc{12875,
  abstract     = {{Manufacturing systems based on Industry 4.0 concepts provide a greater availability of data and have modular characteristics enabling frequent changes. This raises the need for new security engineering concepts that cover the increasing complexity and frequency of mandatory security risk assessments. In contrast, the current standardization landscape used for the assessment of these systems only offers abstract, static, manual, and resource-intensive procedures. Therefore, this work proposes a method that further specifies the IEC 62443 aiming to automate the security risk assessments in such a way that manual efforts can be reduced and a consistent quality can be achieved. The methodology is presented using network segmentation as a guiding example and consists of four main steps: Information collection based on a process analysis, information formalisation with a semi-formal model, information usage applying first order logic to extract expert knowledge, and information access using the concept of the digital twin. In addition, the applicability of the IEC 62443 standard to the risk assessment of modular manufacturing systems is evaluated.}},
  author       = {{Ehrlich, Marco and Bröring, Andre and Diedrich, Christian and Jasperneite, Jürgen}},
  booktitle    = {{Automatisierungstechnik : AT }},
  issn         = {{2196-677X}},
  keywords     = {{sasset administration shell, automation, information model, modular manufacturing system, risk assessment, security}},
  number       = {{6}},
  pages        = {{453--466}},
  publisher    = {{Walter de Gruyter GmbH}},
  title        = {{{Towards automated risk assessments for modular manufacturing systems}}},
  doi          = {{10.1515/auto-2022-0098}},
  volume       = {{71}},
  year         = {{2023}},
}

@misc{12995,
  abstract     = {{Due to Industry 4.0 developments, the demanded modularity of manufacturing systems generates additional manual efforts for security experts to guarantee a secure operation. The rising utilization of information and the frequent changes of system structures necessitate a continuous and automated security engineering, especially by application of the mandatory security risk assessments. Collecting the required information for these assessments and formalising expert knowledge shall improve the security of modular manufacturing systems in the future. In order to automate the security risk assessment process, this work proposes a method to determine the Target Security Level (SL-T) in conformance to the IEC 62443 standard based on the MITRE ATT&CK framework and the Intel Threat Agent Library (TAL).}},
  author       = {{Ehrlich, Marco and Bröring, Andre and Diedrich, Christian and Jasperneite, Jürgen and Kastner, Wolfgang and Trsek, Henning}},
  booktitle    = {{2023 IEEE 21st International Conference on Industrial Informatics : INDIN 2023 : 17-20 July 2023, Lemgo, Germany}},
  editor       = {{Jasperneite, Jürgen}},
  isbn         = {{978-1-6654-9314-7}},
  keywords     = {{Integrated circuits, Industries, Libraries, Security, Risk management, IEC Standards, Interviews}},
  location     = {{Lemgo}},
  publisher    = {{IEEE}},
  title        = {{{Determining the Target Security Level for Automated Security Risk Assessments}}},
  doi          = {{10.1109/indin51400.2023.10217902}},
  year         = {{2023}},
}

@inproceedings{11168,
  author       = {{Bröring, Andre and Ehrlich, Marco and Wisniewski, Lukasz and Trsek, Henning and Heiss, Stefan}},
  booktitle    = {{Kommunikation in der Automation : Beiträge des Jahreskolloquiums KommA 2022}},
  editor       = {{Jasperneite, Jürgen and Jumar, Ulrich}},
  isbn         = {{978-3-9818463-3-1}},
  location     = {{Lemgo}},
  pages        = {{192--203}},
  publisher    = {{Institut für industrielle Informationstechnik - inIT, Technische Hochschule Ostwestfalen-Lippe }},
  title        = {{{An Asset Administration Shell Version Control to Enforce Integrity Protection}}},
  doi          = {{10.25644/a4ws-9a49}},
  year         = {{2022}},
}

@inproceedings{11156,
  author       = {{Bröring, Andre and Belyaev, Alexander and Trsek, Henning and Wisniewski, Lukasz and Diedrich, Christian}},
  booktitle    = {{Shaping a globally secure Industrie 4.0 Ecosystem - Enabling international interoperable security policies}},
  pages        = {{78--91}},
  publisher    = {{Plattform Industrie 4.0 secretariat}},
  title        = {{{Secure Asset Administration Shell exchange with Distributed Ledger Technology}}},
  year         = {{2021}},
}

@inproceedings{6931,
  abstract     = {{The Asset Administration Shell (AAS) is a core element for Industrie 4.0. In addition, the security of industrial systems is a permanent topic that could be improved by the AAS and should have a high priority for future developments and implementations of the AAS. This paper evaluates the current threat landscape for Industrial Control Systems (ICS) communicating to the AAS, as well as for IT systems hosting the AAS. The relevance of these threats is evaluated for the AAS and the threats with the highest relevance, namely BasicWeb Application Attacks and Malware Infections, are analysed in detail. The recommended countermeasures for these threats are compared with the state of the art of AAS security concepts and result in missing countermeasures and research gaps for an overall security of the AAS.}},
  author       = {{Bröring, Andre and Ehrlich, Marco and Trsek, Henning and Wisniewski, Lukasz}},
  booktitle    = {{Kommunikation in der Automation (KommA 2021) : 12. Jahreskolloquium, 18.11.2021 : in Verbindung mit dem Industrial Radio Day, 17.11.2021}},
  editor       = {{Jumar, Ulrich and Jasperneite, Jürgen}},
  isbn         = {{978-3-948749101 }},
  location     = {{virtuell}},
  publisher    = {{Institut für Automation und Kommunikation e.V. - Magdeburg : An-Institut der Otto-von-Guericke-Universität }},
  title        = {{{Secure usage of asset administration shells : an overview and analysis of best practises}}},
  doi          = {{10.25673/39569}},
  year         = {{2021}},
}

@article{6932,
  abstract     = {{n order to ensure the safety and security of industrial systems with regard to all life cycle phases from development through operation to disposal, specific regulatory and normative requirements are imposed. Due to the digitalization, interconnection, and constantly increasing complexity of manufacturing systems in the context of Industrie 4.0, the manual effort necessary to achieve the required safety and security is becoming ever greater and almost impossible to manage, especially for small and medium-sized enterprises. Therefore, this paper examines the existing challenges in this area in more detail and gives an outlook on the possible solutions to ensure safety and security much quicker and with less manual effort. The overall vision is a (partially) automated risk assessment of modular systems with respect to safety and security, including the alignment of the corresponding processes from both domains and the formalization of the information models needed.}},
  author       = {{Ehrlich, Marco and Bröring, Andre and Harder, Dimitri and Auhagen-Meyer, Torben and Kleen, Philip and Wisniewski, Lukasz and Trsek, Henning and Jasperneite, Jürgen}},
  issn         = {{1613-7620}},
  journal      = {{Elektrotechnik und Informationstechnik : e & i}},
  keywords     = {{safety, security, alignment, automation, processes, models}},
  number       = {{6}},
  pages        = {{454--461}},
  publisher    = {{Springer}},
  title        = {{{Alignment of safety and security risk assessments for modular production systems}}},
  doi          = {{10.1007/s00502-021-00927-9}},
  volume       = {{138}},
  year         = {{2021}},
}

@misc{4898,
  author       = {{Bröring, Andre and Belyaev, Alexander and Trsek, Henning and Wisniewski, Lukasz and Diedrich, Christian}},
  booktitle    = {{22. VDI-Kongress AUTOMATION}},
  location     = {{digital}},
  publisher    = {{VDI- Verlag}},
  title        = {{{Sicherer Austausch von Inhalten der Verwaltungsschale mit Distributed Ledger Technologie}}},
  year         = {{2021}},
}

@inproceedings{4106,
  abstract     = {{Der steigende Automatisierungsgrad in der Produktion führt dazu, dass einzelne Mitarbeiter für eine wachsende Zahl an Maschinen verantwortlich sind. Um Informationen von Maschinen in einer verteilten Industrieumgebung zu Mitarbeitern zu bringen, setzt Phoenix Contact seit kurzer Zeit Smartwatches ein. Im Rahmen dieses Beitrags wird der Entwicklungsprozess sowie das Ergebnis der entsprechenden Smartwatch-Anwendung vorgestellt.Um eine hohe Gebrauchstauglichkeit und die Akzeptanz der neuen Technologie bei der Belegschaft zu erreichen, wurden von Beginn an Nutzer in die Entwicklung der Anwendung einbezogen. Durch Kontextanalysen, Diskussionen von Storyboards sowie die iterative Prototypen-Erstellung und -Evaluierung wurde die Interaktion zwischen Mensch und Produktionsumgebung mit Hilfe von Smartwatches optimiert.}},
  author       = {{Bröring, Andre and Büttner, Sebastian and Heinz, Mario and Röcker, Carsten}},
  booktitle    = {{H. Fischer, S. Hess (Eds.): Mensch und Computer 2019 - Usability Professionals. Gesellschaft für Informatik e.V. Und German UPA e.V., Bonn, Germany, pp. 228 - 235}},
  location     = {{Hamburg}},
  pages        = {{ 228 -- 235}},
  publisher    = {{Gesellschaft für Informatik e.V.}},
  title        = {{{Smartwatches zur Unterstützung von Produktionsmitarbeitern.}}},
  doi          = {{10.18420/muc2019-up-0324}},
  year         = {{2019}},
}

@inproceedings{4110,
  abstract     = {{Der steigende Automatisierungsgrad in der Produktion führt dazu, dass einzelne Mitarbeiter für eine wachsende Zahl an Maschinen verantwortlich sind. Um Informationen von Maschinen in einer verteilten Industrieumgebung zu Mitarbeitern zu bringen, setzt Phoenix Contact seit kurzer Zeit Smartwatches ein. Im Rahmen dieses Beitrags wird der Entwicklungsprozess sowie das Ergebnis der entsprechenden Smartwatch-Anwendung vorgestellt. Um eine hohe Gebrauchstauglichkeit und die Akzeptanz der neuen Technologie bei der Belegschaft zu erreichen, wurden von Beginn an Nutzer in die Entwicklung der Anwendung einbezogen. Durch Kontextanalysen, Diskussionen von Storyboards sowie die iterative Prototypen-Erstellung und -Evaluierung wurde die Interaktion zwischen Mensch und Produktionsumgebung mit Hilfe von Smartwatches optimiert. }},
  author       = {{Bröring, Andre and Fast, Arno and Büttner, Sebastian and Heinz, Mario and Röcker, Carsten}},
  booktitle    = {{Mensch und Computer 2019 - Usability Professionals}},
  location     = {{Hamburg}},
  publisher    = {{Gesellschaft für Informatik e.V. Und German UPA e.V.}},
  title        = {{{Smartwatches zur Unterstüzung von Produktionsmitarbeitern }}},
  doi          = {{10.18420/muc2019-up-0324}},
  year         = {{2019}},
}