Continuous Industrial Sector Cybersecurity Assessment Paradigm* : Proposed Model of Cybersecurity Certification

The fourth industrial revolution is led by the most recent ICT developments and is associated with a substantial investment directed towards the development of smart manufacturing systems. The Industry 4.0 paradigm is characterized by a modular structure of smart factories, where CPS monitors the physical processes and develops a virtual copy of the physical world to test and make decisions. These ICT innovations allied with the constant dependence on the internet are opening the physical processes to a broad surface of vulnerabilities and threats, continuously raising many cybersecurity issues in the systems. To face these issues it becomes essential to enforce security and develop a framework to continuously monitor the systems, access them, and attest their security through an international standard framework. This article analysed the current state of cybersecurity in the industrial sector, including the state of critical infrastructures. It is also discussed some cybersecurity principles and how to improve security in the industry. The cybersecurity standardization of the industrial sector is the fundamental topic of the article, and this article concludes with the presentation of a cybersecurity certification model based on the international standard ISA 62443. The proposed model has the purpose to develop a framework of constant analysis and monitoring, in real-time, that continuously assesses the systems in order to improve the security level and the maturity of an organisation. The work is part of a European Project (Fishy) that aims to increase resilience in supply chains.