Title data
Bürger, Olga ; Häckel, Björn ; Karnebogen, Philip ; Töppel, Jannick:
Estimating the Impact of IT Security Incidents in Digitized Production Environments.
In: Decision Support Systems.
Vol. 127
(2019)
.
- 113144.
ISSN 1873-5797
DOI: https://doi.org/10.1016/j.dss.2019.113144
Project information
Project title: |
Project's official title Project's id Projektgruppe WI IT-Sicherheit und Datenschutz No information |
---|
Abstract in another language
Owing to digitalization, manufacturing companies increasingly integrate IT services - such as control systems - into their production environments. This increases the flexibility of production and allows them to offer new services to customers, for example, data - based services
(e.g., predictive maintenance). However, stepping up production - IT system connections also leads to an increased reliance on the availability of IT services as a means to value creation, both in internal production processes and at the customer interface. More interconnectivity also increases network complexity, and thus favors the rapid spread of cyber-attacks within the information network. The potential for damage is massive, as disruptions to IT services can reduce the availability of
connected IT services and production components. Despite existing studies on IT security, little has been written on ways to estimate the impact that availability incidents have on digitized production environments based on the IIoT - for example, smart factories. To help close this research gap, we provide an approach that enables users to simulate cyber - attacks and measure the impact of such attacks on value
creation in digitized production environments. We compare the features of our model with our specific design objectives and competing artifacts, present our prototype and the results of a sensitivity analysis for selected model parameters, and illustrate the applicability of our model
using the real-life case of a German manufacturing company. Our results indicate that the degree of interconnection in digitized production environments is the most important influencing factor when estimating the impact of an IT availability incident on value creation.