Modelling Availability Risks of IT Threats in Smart Factory Networks - A Modular Petri Net Approach
In manufacturing, concepts like the Internet of Things (IoT) or Cyber-physical Systems (CPS) accelerate the development from traditional production facilities towards smart factories. Thereby, emerging digital technologies increasingly connect information networks with production processes, forming complex smart factory networks. Due to their reliance on information flows and the high degree of cross-linking, these networks are, in particular, vulnerable to availability risks caused by attacks and errors. To address this problem, we aim to identify and analyse availability threats by developing a modelling approach that depicts specific characteristics of smart factory networks. Based on modelling requirements derived from a literature review, we propose a modular Petri net approach. To iteratively revise and validate our model, we followed established evaluation principles and conducted evaluation rounds with industry experts and other researchers. To demonstrate the usefulness and applicability of our model, we simulated one real-world use case and two planned extensions of a mechanical engineering company. Our model depicts information-based dependencies within smart factory networks and allows for the simulation and analysis of threat propagation. Thereby, it enables both researchers and practitioners to identify critical network connections and components, serving as a basis for layout decisions and IT security mitigation measures.