Framework For Enabling Structured Communication of Security Vulnerabilities in the Production Domain in Industry 4.0

Hannes Michel, Emil Christensson, Ali Ismail Awad

Research output: Book/ReportCommissioned report


As industries are increasingly adapting to new technological trends for data collection and production efficiency, they are fulfilling the description of being part of the industry 4.0 (I4.0) paradigm. This swift development has led to unforeseen consequences concerning managerial and strategic aspects of security. In addition, threats and sophisticated attacks have increased, emphasizing a greater demand for information security management in the industrial setting. For smaller industrial manufacturers, information security management is not always available due the cost of resources, placing them in a challenging position. In addition, I4.0 introduces the area of OT/IT (Operational Technology and Information Technology) convergence, which is often heavily complex, creating the need for cross-competence. Furthermore, consequences from cyber attacks in the production domain can be catastrophic as they may endanger the safety and health of personnel. Thus, smaller manufacturing industries need to utilize existing resources to enable the prerequisites of managing security issues that may come with I4.0. Structuring and effectivizing the communication of security issues is needed to ensure that suitable competence can address security issues in a timely manner. The aspects of communication and competence are not addressed by current security standards and frameworks in the industrial context, nor are they equally applicable for smaller industrial organizations.  This study aims to contribute to the research field of information security in I4.0 by investigating how security vulnerabilities should be communicated at a smaller manufacturing industry that does not have an information security management system. The framework is based on a traditional incident response information flow and was designed at a Swedish manufacturing industry through the narrative of OT or production personnel. 
Original languageEnglish
Publication statusPublished - 2021
Externally publishedYes


  • OT and IT Convergence
  • Risk Communication
  • Vulnerabilities
  • Manufacturing Industry
  • Industry 4.0
  • Information Security
  • Riskkommunikation
  • Sårbarheter
  • Tillverkningsindustri
  • Industri 4.0
  • Informationssäkerhet
  • Other Computer and Information Science
  • Annan data- och informationsvetenskap
  • Computer Systems
  • Datorsystem


Dive into the research topics of 'Framework For Enabling Structured Communication of Security Vulnerabilities in the Production Domain in Industry 4.0'. Together they form a unique fingerprint.

Cite this