Heribert Vallant

Industrial IoT (IIoT) is an essential element in the context of Industry 4.0, with the aim of making the best possible use of machine operating times for a wide range of production batch sizes along the entire product engineering process. The cyber threat landscape associated with IoT is diverse, rapidly evolving, and has an enormous impact on the security of production facilities and the protection of corporate know-how. A major challenge for the definition of effective security measures in the IoT environment is the high level of complexity, which results from the variety of application areas for IoT. Identifying the assets to be secured in a complex system can be performed manually, using e.g. threat modeling, which aims to identify potential threats and vulnerabilities based on the architecture of the IT/OT system in question. Nevertheless, the dynamic and agile development in the manufacturing domain makes it challenging to secure industrial automation and control systems throughout their lifecycle. Penetration testing, a key mechanism for improving resilience preparedness usually involves manual procedures in the process. In order to answer to new challenges, automated testing using machine learning methods have become a rapidly emerging field, which puts this kind of testing to the next level. This talk focuses on the challenges related to complex and dynamic IIoT environments and automated solutions for new devices discovery and AI guided pen testing in such an environment, based on the current status of system at a given time - just a snapshot - not all (IoT) components of the CPS may be up and running.