Towards automated risk assessments for modular manufacturing systems Process analysis and information model proposal

Manufacturing systems based on Industry 4.0 concepts provide a greater availability of data and have modular characteristics enabling frequent changes. This raises the need for new security engineering concepts that cover the increasing complexity and frequency of mandatory security risk assessments. In contrast, the current standardization landscape used for the assessment of these systems only offers abstract, static, manual, and resource-intensive procedures. Therefore, this work proposes a method that further specifies the IEC 62443 aiming to automate the security risk assessments in such a way that manual efforts can be reduced and a consistent quality can be achieved. The methodology is presented using network segmentation as a guiding example and consists of four main steps: Information collection based on a process analysis, information formalisation with a semi-formal model, information usage applying first order logic to extract expert knowledge, and information access using the concept of the digital twin. In addition, the applicability of the IEC 62443 standard to the risk assessment of modular manufacturing systems is evaluated.