{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T02:06:41Z","timestamp":1775873201721,"version":"3.50.1"},"reference-count":189,"publisher":"Association for Computing Machinery (ACM)","issue":"11s","license":[{"start":{"date-parts":[[2022,1,31]],"date-time":"2022-01-31T00:00:00Z","timestamp":1643587200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"EPSRC PETRAS","award":["EP\/S035362\/1"],"award-info":[{"award-number":["EP\/S035362\/1"]}]},{"name":"GCHQ National Resilience Fellowship"},{"name":"Republic of Turkey Ministry of National Education"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2022,1,31]]},"abstract":"<jats:p>\n            <jats:bold>Industrial cyber-physical systems<\/jats:bold>\n            (\n            <jats:bold>ICPSs<\/jats:bold>\n            ) manage critical infrastructures by controlling the processes based on the \u201cphysics\u201d data gathered by edge sensor networks. Recent innovations in ubiquitous computing and communication technologies have prompted the rapid integration of highly interconnected systems to ICPSs. Hence, the \u201csecurity by obscurity\u201d principle provided by air-gapping is no longer followed. As the interconnectivity in ICPSs increases, so does the attack surface. Industrial vulnerability assessment reports have shown that a variety of new vulnerabilities have occurred due to this transition. Although there are existing surveys in this context, very little is mentioned regarding the outputs of these reports. While these reports show that the most exploited vulnerabilities occur due to weak boundary protection, these vulnerabilities also occur due to limited or ill-defined security policies. However, current literature focuses on\n            <jats:bold>intrusion detection systems<\/jats:bold>\n            (\n            <jats:bold>IDSs<\/jats:bold>\n            ),\n            <jats:bold>network traffic analysis<\/jats:bold>\n            (\n            <jats:bold>NTA<\/jats:bold>\n            ) methods, or anomaly detection techniques. Hence, finding a solution for the problems mentioned in these reports is relatively hard. We bridge this gap by defining and reviewing ICPSs from a cybersecurity perspective. In particular, multi-dimensional adaptive attack taxonomy is presented and utilized for evaluating real-life ICPS cyber incidents. Finally, we identify the general shortcomings and highlight the points that cause a gap in existing literature while defining future research directions.\n          <\/jats:p>","DOI":"10.1145\/3510410","type":"journal-article","created":{"date-parts":[[2022,1,19]],"date-time":"2022-01-19T22:13:17Z","timestamp":1642630397000},"page":"1-35","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":204,"title":["Cybersecurity of Industrial Cyber-Physical Systems: A Review"],"prefix":"10.1145","volume":"54","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4878-2326","authenticated-orcid":false,"given":"Hakan","family":"Kayan","sequence":"first","affiliation":[{"name":"Cardiff University, Roath, Cardiff, UK"}]},{"given":"Matthew","family":"Nunes","sequence":"additional","affiliation":[{"name":"Cardiff University, Roath, Cardiff, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3597-2646","authenticated-orcid":false,"given":"Omer","family":"Rana","sequence":"additional","affiliation":[{"name":"Cardiff University, Roath, Cardiff, UK"}]},{"given":"Pete","family":"Burnap","sequence":"additional","affiliation":[{"name":"Cardiff University, Roath, Cardiff, UK"}]},{"given":"Charith","family":"Perera","sequence":"additional","affiliation":[{"name":"Cardiff University, Roath, Cardiff, UK"}]}],"member":"320","published-online":{"date-parts":[[2022,9,9]]},"reference":[{"key":"e_1_3_1_2_2","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2017.1600613"},{"key":"e_1_3_1_3_2","unstructured":"Jai Agaram John Andary Douglas Effenberger Kent Peterson Steven Strauss and Steve Taylor. 2018. Building Automation System Procurement Guide. Retrieved August 13 2020 from https:\/\/www2.calstate.edu\/csu-system\/doing-business-with-the-csu\/capital-planning-design-construction\/operations-center\/Documents\/guidelines\/Controls-Procurement-Guide-12-Dec-2018%20.pdf."},{"key":"e_1_3_1_4_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2015.11.016"},{"key":"e_1_3_1_5_2","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(01)00302-4"},{"key":"e_1_3_1_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2017.2734903"},{"key":"e_1_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2012.12.001"},{"key":"e_1_3_1_8_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.07.007"},{"key":"e_1_3_1_9_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCICT.2018.8325871"},{"key":"e_1_3_1_10_2","first-page":"1093","volume-title":"26th USENIX Security Symposium (USENIX Security\u201917)","author":"Antonakakis Manos","year":"2017","unstructured":"Manos Antonakakis, Tim April, Michael Bailey, Matthew Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the Mirai Botnet. In 26th USENIX Security Symposium (USENIX Security\u201917). USENIX, Vancouver, BC, Canada, 1093\u20131110."},{"key":"e_1_3_1_11_2","first-page":"1","volume-title":"2013 5th International Conference on Cyber Conflict (CYCON\u201913)","author":"Applegate Scott D.","year":"2013","unstructured":"Scott D. Applegate and Angelos Stavrou. 2013. Towards a cyber conflict taxonomy. In 2013 5th International Conference on Cyber Conflict (CYCON\u201913). IEEE, Tallinn, Estonia, 1\u201318."},{"key":"e_1_3_1_12_2","unstructured":"Michael J. Assante and Robert M. Lee. 2015. The Industrial Control System Cyber Kill Chain. Retrieved August 15 2020 from https:\/\/scadahacker.com\/library\/Documents\/White_Papers\/SANS%20-%20ICS%20Cyber%20Kill%20Chain.pdf."},{"key":"e_1_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-10-1645-5_52"},{"key":"e_1_3_1_14_2","unstructured":"bacnet.org. 2020. BACnet. Retrieved August 22 2020 from http:\/\/www.bacnet.org\/."},{"key":"e_1_3_1_15_2","doi-asserted-by":"publisher","DOI":"10.1145\/3384676"},{"key":"e_1_3_1_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/3264437.3264479"},{"key":"e_1_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/I2MTC.2016.7520417"},{"key":"e_1_3_1_18_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101790"},{"key":"e_1_3_1_19_2","volume-title":"Cyber-Physical Systems and Industry 4.0: Properties, Structure, Communication, and Behavior","author":"Boulila Naoufel","year":"2019","unstructured":"Naoufel Boulila. 2019. Cyber-Physical Systems and Industry 4.0: Properties, Structure, Communication, and Behavior. Technical Report. Siemens Corporate Technology."},{"key":"e_1_3_1_20_2","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/1798659"},{"key":"e_1_3_1_21_2","unstructured":"Bill Briggs. 2019. Hackers Hit Norsk Hydro With Ransomware. The Company Responded With Transparency. Retrieved August 27 2020 from https:\/\/news.microsoft.com\/transform\/hackers-hit-norsk-hydro-ransomware-company-responded-transparency\/."},{"key":"e_1_3_1_22_2","doi-asserted-by":"publisher","DOI":"10.1080\/00396338.2013.784468"},{"key":"e_1_3_1_23_2","first-page":"10","article-title":"BACnet today","volume":"10","author":"Bushby Steven T.","year":"2002","unstructured":"Steven T. Bushby and H. Michael Newman. 2002. BACnet today. ASHRAE J. 10 (2002), 10\u201318.","journal-title":"ASHRAE J."},{"key":"e_1_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2019.2961340"},{"key":"e_1_3_1_25_2","unstructured":"capec.mitre.org. 2019. CAPEC - CAPEC List Version 3.3. Retrieved August 21 2020 from http:\/\/capec.mitre.org\/data\/index.html."},{"key":"e_1_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.5555\/2048558.2048569"},{"key":"e_1_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.1145\/3368756.3369099"},{"key":"e_1_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2012.2198666"},{"key":"e_1_3_1_29_2","unstructured":"A. Chemudupati S. Kaulen M. Mertens and S. Zimmermann. 2012. The Convergence of It and Operational Technology. Retrieved August 11 2020 from https:\/\/fieldcommgroup.org\/services\/product-testing-registration."},{"key":"e_1_3_1_30_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.foodcont.2016.06.042"},{"key":"e_1_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2010.5634434"},{"key":"e_1_3_1_32_2","first-page":"9","volume-title":"IT\/OT Convergence: Moving Digital Manufacturing Forward","year":"2018","unstructured":"CISCO. 2018. IT\/OT Convergence: Moving Digital Manufacturing Forward. Technical Report. CISCO. 9 pages."},{"key":"e_1_3_1_33_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2016.01.013"},{"key":"e_1_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2014.2300753"},{"key":"e_1_3_1_35_2","doi-asserted-by":"publisher","DOI":"10.3390\/s17071467"},{"key":"e_1_3_1_36_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2018.2877690"},{"key":"e_1_3_1_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/URAI.2016.7734098"},{"key":"e_1_3_1_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/IECON.2012.6389039"},{"key":"e_1_3_1_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/IC2E.2014.84"},{"key":"e_1_3_1_40_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2019.2905295"},{"key":"e_1_3_1_41_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2017.10.009"},{"key":"e_1_3_1_42_2","unstructured":"dnp.org. 2004. DNP Users Group. Retrieved June 11 2020 from https:\/\/www.dnp.org\/About\/DNP-Users-Group."},{"key":"e_1_3_1_43_2","doi-asserted-by":"publisher","DOI":"10.1109\/NOTERE.2015.7293513"},{"key":"e_1_3_1_44_2","doi-asserted-by":"publisher","DOI":"10.1145\/3180457.3180458"},{"key":"e_1_3_1_45_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04798-5_5"},{"key":"e_1_3_1_46_2","unstructured":"ec.europa.eu. 2020. RAMON - Reference and Management of Nomenclatures. Retrieved August 27 2020 from https:\/\/ec.europa.eu\/eurostat\/ramon\/nomenclatures\/index.cfm?TargetUrl=LST_CLS_DLD&StrNom=NACE_REV2&StrLanguageCode=EN&StrLayoutCode=HIERARCHIC."},{"key":"e_1_3_1_47_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10845-018-1408-9"},{"key":"e_1_3_1_48_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2017.2737630"},{"key":"e_1_3_1_49_2","unstructured":"ethercat.org. 2020. EtherCAT Technology Group. Retrieved September 03 2020 from https:\/\/www.ethercat.org\/en\/tech_group.html."},{"key":"e_1_3_1_50_2","unstructured":"fieldcommgroup.org. 2016. Product Testing & Registration. Retrieved August 27 2020 from https:\/\/fieldcommgroup.org\/services\/product-testing-registration."},{"key":"e_1_3_1_51_2","unstructured":"first.org. 2019. Common Vulnerability Scoring System SIG. Retrieved June 02 2020 from https:\/\/www.first.org\/cvss\/specification-document."},{"key":"e_1_3_1_52_2","unstructured":"David Fisher Bernhard Isler and Michael Osborne. 2019. BACnet Secure Connect: A Secure Infrastructure for Building Automation. Retrieved June 21 2020 from http:\/\/www.bacnet.org\/Bibliography\/B-SC-Whitepaper-v15_Final_20190521.pdf."},{"key":"e_1_3_1_53_2","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2012.071812.00124"},{"key":"e_1_3_1_54_2","unstructured":"ge.com. 2020. Everything You Need to Know About the Industrial Internet of Things. Retrieved August 13 2020 from https:\/\/www.ge.com\/digital\/blog\/everything-you-need-know-about-industrial-internet-things."},{"key":"e_1_3_1_55_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2019.2953241"},{"key":"e_1_3_1_56_2","doi-asserted-by":"publisher","DOI":"10.1109\/MDAT.2017.2709310"},{"key":"e_1_3_1_57_2","doi-asserted-by":"publisher","DOI":"10.1145\/3203245"},{"key":"e_1_3_1_58_2","unstructured":"gov.uk. 2019. Public Summary of Sector Security and Resilience Plans. Retrieved August 13 2020 from https:\/\/assets.publishing.service.gov.uk\/government\/uploads\/system\/uploads\/attachment_data\/file\/786206\/20190215_PublicSummaryOfSectorSecurityAndResiliencePlans2018.pdf."},{"key":"e_1_3_1_59_2","unstructured":"gov.uk. 2020. Nature of Business: Standard Industrial Classification (SIC) Codes. Retrieved August 27 2020 from http:\/\/resources.companieshouse.gov.uk\/sic\/."},{"key":"e_1_3_1_60_2","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.1500-201"},{"key":"e_1_3_1_61_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIE.2009.2015754"},{"key":"e_1_3_1_62_2","first-page":"2860","article-title":"An adaptive trust boundary protection for IIoT networks using deep-learning feature extraction based semi-supervised model","author":"Hassan Mohammad","year":"2020","unstructured":"Mohammad Hassan, Shamsul Huda, Shaila Sharmeen, Jemal Abawajy, and Giancarlo Fortino. 2020. An adaptive trust boundary protection for IIoT networks using deep-learning feature extraction based semi-supervised model. IEEE Trans. Ind. Inform. 17, 4 (2021), 2860\u20132870.","journal-title":"IEEE Trans. Ind. Inform."},{"key":"e_1_3_1_63_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2017.01.217"},{"key":"e_1_3_1_64_2","unstructured":"hms networks.com. 2019. Industrial Network Market Shares 2019 According to HMS. Retrieved July 16 2020 from https:\/\/www.hms-networks.com\/news-and-insights\/news-from-hms\/2019\/05\/07\/industrial-network-market-shares-2019-according-to-hms."},{"key":"e_1_3_1_65_2","unstructured":"hms networks.com. 2020. Industrial Network Market Shares 2020 According to HMS Networks. Retrieved July 16 2020 from https:\/\/www.hms-networks.com\/news-and-insights\/news-from-hms\/2020\/05\/29\/industrial-network-market-shares-2020-according-to-hms-networks."},{"key":"e_1_3_1_66_2","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897886"},{"key":"e_1_3_1_67_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26502-5_2"},{"key":"e_1_3_1_68_2","doi-asserted-by":"crossref","first-page":"SAND98\u20138667, 75","DOI":"10.2172\/751004","volume-title":"A Common Language for Computer Security Incidents","author":"Howard John D.","year":"1998","unstructured":"John D. Howard and Thomas A. Longstaff. 1998. A Common Language for Computer Security Incidents. Technical Report SAND98-8667, 751004. Office of Scientific and Technical Information (OSTI). SAND98\u20138667, 751004 pages."},{"key":"e_1_3_1_69_2","unstructured":"https:\/\/airbus-cybersecurity.com\/. 2020. OT Simulation Platform. Retrieved June 22 2020 from https:\/\/airbus-cyber-security.com\/wp-content\/uploads\/2020\/01\/Airbus-CyberSecurity_Brochure-OT-Simulation-Platform.pdf."},{"key":"e_1_3_1_70_2","unstructured":"https:\/\/netflixtechblog.com\/. 2018. The Netflix Simian Army. Retrieved September 3 2020 from https:\/\/netflixtechblog.com\/the-netflix-simian-army-16e57fbab116."},{"key":"e_1_3_1_71_2","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2013.301"},{"key":"e_1_3_1_72_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIE.2018.2798605"},{"key":"e_1_3_1_73_2","doi-asserted-by":"publisher","DOI":"10.1145\/2588555.2595638"},{"key":"e_1_3_1_74_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2017.2703172"},{"key":"e_1_3_1_75_2","unstructured":"ietf.org. 2019. IPv6 over Networks of Resource-Constrained Nodes (6lo). Retrieved August 25 2020 from https:\/\/datatracker.ietf.org\/wg\/6lo\/about\/."},{"key":"e_1_3_1_76_2","volume-title":"Situational Information Report Federal Bureau of Investigation","year":"2012","unstructured":"info.publicintelligence.net. 2012. Situational Information Report Federal Bureau of Investigation. Technical Report. Federal Bureau of Investigation. Retrieved August 17, 2020 from https:\/\/info.publicintelligence.net\/FBI-AntisecICS.pdf."},{"key":"e_1_3_1_77_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-016-1937-y"},{"key":"e_1_3_1_78_2","doi-asserted-by":"publisher","DOI":"10.1109\/EFTA.2007.4416748"},{"key":"e_1_3_1_79_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICPHYS.2018.8387671"},{"key":"e_1_3_1_80_2","doi-asserted-by":"publisher","DOI":"10.1177\/1687814018784192"},{"key":"e_1_3_1_81_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICInfA.2018.8812486"},{"key":"e_1_3_1_82_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ejor.2016.09.016"},{"key":"e_1_3_1_83_2","doi-asserted-by":"publisher","DOI":"10.1109\/IECON.2011.6120048"},{"key":"e_1_3_1_84_2","doi-asserted-by":"publisher","DOI":"10.1109\/IoTSMS.2018.8554805"},{"key":"e_1_3_1_85_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISSNIP.2014.6827681"},{"key":"e_1_3_1_86_2","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-019-0038-7"},{"key":"e_1_3_1_87_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.net.2019.11.001"},{"key":"e_1_3_1_88_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.enpol.2013.06.107"},{"key":"e_1_3_1_89_2","doi-asserted-by":"publisher","DOI":"10.1145\/3355377"},{"key":"e_1_3_1_90_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2015.02.002"},{"key":"e_1_3_1_91_2","doi-asserted-by":"publisher","DOI":"10.1145\/3055386.3055393"},{"key":"e_1_3_1_92_2","doi-asserted-by":"publisher","DOI":"10.1109\/SMC.2018.00485"},{"key":"e_1_3_1_93_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.07.008"},{"key":"e_1_3_1_94_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.67"},{"key":"e_1_3_1_95_2","doi-asserted-by":"publisher","DOI":"10.1007\/s12599-014-0334-4"},{"key":"e_1_3_1_96_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISORC.2008.25"},{"key":"e_1_3_1_97_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.mfglet.2014.12.001"},{"key":"e_1_3_1_98_2","first-page":"62","article-title":"German steel mill cyber attack","volume":"30","author":"Lee Robert M.","year":"2014","unstructured":"Robert M. Lee, Michael J. Assante, and Tim Conway. 2014. German steel mill cyber attack. Ind. Control Syst. 30 (2014), 62.","journal-title":"Ind. Control Syst."},{"key":"e_1_3_1_99_2","unstructured":"Robert M. Lee Michael J. Assante and Tim Conway. 2016. Analysis of the Cyber Attack on the Ukrainian Power Grid. Retrieved August 17 2020 from https:\/\/ics.sans.org\/media\/E-ISAC_SANS_Ukraine_DUC_5.pdf."},{"key":"e_1_3_1_100_2","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2016.2521931"},{"key":"e_1_3_1_101_2","volume-title":"Water Treatment Plant Hacked, Chemical MIX Changed for Tap Supplies","author":"Leyden John","year":"2016","unstructured":"John Leyden. 2016. Water Treatment Plant Hacked, Chemical MIX Changed for Tap Supplies. (March 2016). Retrieved August 17, 2020 from https:\/\/www.theregister.com\/2016\/03\/24\/water_utility_hacked\/."},{"key":"e_1_3_1_102_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11276-015-1133-7"},{"key":"e_1_3_1_103_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2017.2773666"},{"key":"e_1_3_1_104_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2018.2834151"},{"key":"e_1_3_1_105_2","volume-title":"An Inside Look at Industrial Ethernet Communication Protocols","author":"Lin Zhihong","year":"2013","unstructured":"Zhihong Lin and Stephanie Pearson. 2013. An Inside Look at Industrial Ethernet Communication Protocols. Technical Report. Texas Instruments."},{"key":"e_1_3_1_106_2","unstructured":"Lindsey O\u2019Donnell. 2020. Post-Ransomware Attack Florida City Decides to Pay $600K. Retrieved August 22 2020 from https:\/\/threatpost.com\/ransomware-florida-city-pays-600k-ransom\/145869\/."},{"key":"e_1_3_1_107_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2015.03.003"},{"issue":"6","key":"e_1_3_1_108_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3321694","article-title":"A trust computing-based security routing scheme for cyber physical systems","volume":"10","author":"Liu Yuxin","year":"2019","unstructured":"Yuxin Liu, Xiao Liu, Anfeng Liu, Neal N. Xiong, and Fang Liu. 2019. A trust computing-based security routing scheme for cyber physical systems. ACM Trans. Intell. Syst. Tech. 10, 6 (Dec. 2019), 1\u201327.","journal-title":"ACM Trans. Intell. Syst. Tech."},{"key":"e_1_3_1_109_2","unstructured":"lockheedmartin.com. 2018. The Cyber Kill Chain. Retrieved August 26 2020 from https:\/\/www.lockheedmartin.com\/en-us\/capabilities\/cyber\/cyber-kill-chain.html."},{"key":"e_1_3_1_110_2","unstructured":"lora alliance.org. 2015. LoRa Alliance. Retrieved August 22 2020 from https:\/\/lora-alliance.org\/."},{"key":"e_1_3_1_111_2","doi-asserted-by":"publisher","DOI":"10.1109\/PerComW.2013.6529554"},{"key":"e_1_3_1_112_2","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2015.2497161"},{"key":"e_1_3_1_113_2","doi-asserted-by":"publisher","DOI":"10.1142\/S2424862217500142"},{"key":"e_1_3_1_114_2","unstructured":"N. J. Mahwah. 2020. Radiflow Reveals First Documented Cryptocurrency Malware Attack on a SCADA Network. Retrieved August 17 2020 from https:\/\/radiflow.com\/news\/radiflow-reveals-first-documented-cryptocurrency-malware-attack-on-a-scada-network\/."},{"key":"e_1_3_1_115_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIA.2016.2530045"},{"key":"e_1_3_1_116_2","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2015.2512235"},{"key":"e_1_3_1_117_2","doi-asserted-by":"publisher","DOI":"10.1145\/2542049"},{"key":"e_1_3_1_118_2","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382307"},{"key":"e_1_3_1_119_2","unstructured":"modbus.org. 2005. About Modbus Organization. Retrieved August 15 2020 https:\/\/www.modbus.org\/about_us.php."},{"issue":"1","key":"e_1_3_1_120_2","first-page":"57","article-title":"Biometrics authentication technique for intrusion detection systems using fingerprint recognition","volume":"2","author":"Mudholkar Smita S.","year":"2012","unstructured":"Smita S. Mudholkar, Pradnya M. Shende, and Milind V. Sarode. 2012. Biometrics authentication technique for intrusion detection systems using fingerprint recognition. Int. J. Comput. Sci. Eng. Inf. Tech. 2, 1 (Feb. 2012), 57\u201365.","journal-title":"Int. J. Comput. Sci. Eng. Inf. Tech."},{"key":"e_1_3_1_121_2","doi-asserted-by":"publisher","DOI":"10.1145\/1278972.1278992"},{"issue":"2","key":"e_1_3_1_122_2","first-page":"301","article-title":"Towards a taxonomy of cyber threats against target applications","volume":"22","author":"Narwal Bhawna","year":"2019","unstructured":"Bhawna Narwal, Amar Kumar Mohapatra, and Kaleem Ahmed Usmani. 2019. Towards a taxonomy of cyber threats against target applications. J. Statist. Manage. Syst. 22, 2 (Feb. 2019), 301\u2013325.","journal-title":"J. Statist. Manage. Syst."},{"key":"e_1_3_1_123_2","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2018.2817461"},{"key":"e_1_3_1_124_2","doi-asserted-by":"publisher","DOI":"10.1109\/CCAA.2016.7813815"},{"key":"e_1_3_1_125_2","unstructured":"odva.org. 2020. DeviceNet. Retrieved August 21 2020 from https:\/\/www.odva.org\/technology-standards\/key-technologies\/devicenet\/."},{"key":"e_1_3_1_126_2","unstructured":"odva.org. 2020. EtherNet\/IP. Retrieved August 21 2020 from https:\/\/www.odva.org\/technology-standards\/key-technologies\/ethernet-ip\/."},{"key":"e_1_3_1_127_2","unstructured":"A Dean Papadopoulos Newton Center and West Newbury. 2000. System for remotely accessing an industrial control system over a commercial communications network. US Patent No. 6 061 603. 11 pages. Filed Oct. 16 1998. Issued May 9 2000. Retrieved August 21 2020 from https:\/\/patents.google.com\/patent\/US6061603A\/en."},{"key":"e_1_3_1_128_2","doi-asserted-by":"publisher","DOI":"10.1145\/1795194.1795218"},{"key":"e_1_3_1_129_2","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.042313.00197"},{"key":"e_1_3_1_130_2","doi-asserted-by":"publisher","DOI":"10.1145\/990680.990707"},{"key":"e_1_3_1_131_2","doi-asserted-by":"publisher","DOI":"10.1109\/MIE.2011.943023"},{"key":"e_1_3_1_132_2","unstructured":"Alessandro Di Pinto Younes Dragoni and Andrea Carcano. 2018. TRITON: The First ICS Cyber Attack on Safety Instrument Systems. Retrieved July 02 2020 from https:\/\/i.blackhat.com\/us-18\/Wed-August-8\/us-18-Carcano-TRITON-How-It-Disrupted-Safety-Systems-And-Changed-The-Threat-Landscape-Of-Industrial-Control-Systems-Forever-wp.pdf."},{"issue":"1","key":"e_1_3_1_133_2","first-page":"7","article-title":"Security breach at target","volume":"29","author":"Plachkinova Miloslova","year":"2019","unstructured":"Miloslova Plachkinova and Chris Maurer. 2019. Security breach at target. J. Inf. Syst. Educ. 29, 1 (2019), 7.","journal-title":"J. Inf. Syst. Educ."},{"key":"e_1_3_1_134_2","doi-asserted-by":"publisher","DOI":"10.1145\/332833.332838"},{"key":"e_1_3_1_135_2","doi-asserted-by":"publisher","DOI":"10.1021\/acs.chemrev.6b00187"},{"key":"e_1_3_1_136_2","volume-title":"Hacker Tries to Poison Water Supply in Florida City","author":"Press Associated","year":"2021","unstructured":"Associated Press. 2021. Hacker Tries to Poison Water Supply in Florida City. Retrieved May 3, 2021 from https:\/\/www.telegraph.co.uk\/news\/2021\/02\/09\/hacker-tries-poison-water-supply-florida-city\/."},{"key":"e_1_3_1_137_2","unstructured":"profibus.com. 2009. PROFINET - The Leading Industrial Ethernet Standard. Retrieved August 18 2020 from https:\/\/www.profibus.com\/technology\/profinet\/."},{"key":"e_1_3_1_138_2","doi-asserted-by":"publisher","DOI":"10.1145\/3398020"},{"key":"e_1_3_1_139_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2017.08.019"},{"key":"e_1_3_1_140_2","doi-asserted-by":"publisher","DOI":"10.1145\/1837274.1837461"},{"key":"e_1_3_1_141_2","doi-asserted-by":"publisher","DOI":"10.3390\/s18082491"},{"key":"e_1_3_1_142_2","doi-asserted-by":"publisher","DOI":"10.3390\/app9102058"},{"key":"e_1_3_1_143_2","unstructured":"Robert J. Kretschmann. 2000. Mobile human\/machine interface for use with industrial control systems for controlling the operation of process executed on spatially separate machines. US Patent No. 6 167 464. Filed Sep. 23 1998 || Issued Dec. 26 2000 Retrieved August 21 2020 from https:\/\/patents.google.com\/patent\/US6167464A\/en."},{"key":"e_1_3_1_144_2","doi-asserted-by":"publisher","DOI":"10.1145\/2818346.2820738"},{"key":"e_1_3_1_145_2","volume-title":"Cloud Industrial Internet of Things (IIoT) - Industrial Control Systems Security Glossary","author":"Roza Michael","year":"2020","unstructured":"Michael Roza, William Ho, Sabri Khemissa, and Darnell Washington. 2020. Cloud Industrial Internet of Things (IIoT) - Industrial Control Systems Security Glossary. Technical Report. Cloud Security Alliance."},{"key":"e_1_3_1_146_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCF.2016.7740434"},{"key":"e_1_3_1_147_2","doi-asserted-by":"publisher","DOI":"10.1145\/2744769.2747942"},{"key":"e_1_3_1_148_2","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2012.2235131"},{"key":"e_1_3_1_149_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2020.07.015"},{"key":"e_1_3_1_150_2","doi-asserted-by":"publisher","DOI":"10.1109\/NGCT.2015.7375151"},{"key":"e_1_3_1_151_2","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2016.2575064"},{"key":"e_1_3_1_152_2","doi-asserted-by":"publisher","DOI":"10.1145\/3264888.3264890"},{"key":"e_1_3_1_153_2","unstructured":"Karsten Schweichhart. 2016. Reference Architectural Model Industrie 4.0 (RAMI 4.0). Retrieved September 05 2020 from https:\/\/www.wapz.net\/down\/remi-4\/f4f.pdf."},{"key":"e_1_3_1_154_2","unstructured":"se.com. 2015. Guide to Open Protocols in Building Automation. Retrieved August 26 2020 from https:\/\/blog.se.com\/wp-content\/uploads\/2015\/11\/SE-Protocols-Guide_A4_v21.pdf."},{"key":"e_1_3_1_155_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICM.2017.8268884"},{"key":"e_1_3_1_156_2","doi-asserted-by":"publisher","DOI":"10.1145\/3152494.3156816"},{"key":"e_1_3_1_157_2","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2012.0601112.00185"},{"key":"e_1_3_1_158_2","doi-asserted-by":"publisher","DOI":"10.17485\/ijst\/2020\/v13i02\/148768"},{"key":"e_1_3_1_159_2","first-page":"2","volume-title":"Proceedings of the 9th Annual Symposium on Information Assurance (ASIA\u201914)","author":"Simmons Chris","year":"2014","unstructured":"Chris Simmons, Charles Ellis, Sajjan Shiva, Dipankar Dasgupta, and Qishi Wu. 2014. AVOIDIT: A cyber attack taxonomy. In Proceedings of the 9th Annual Symposium on Information Assurance (ASIA\u201914). 2\u201312."},{"key":"e_1_3_1_160_2","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1007\/978-0-387-75462-8_6","volume-title":"Critical Infrastructure Protection","author":"Slay Jill","year":"2007","unstructured":"Jill Slay and Michael Miller. 2007. Lessons learned from the Maroochy water breach. In Critical Infrastructure Protection, Eric Goetz and Sujeet Shenoi (Eds.). Vol. 253. Springer US, 73\u201382. Series Title: IFIP Int. Federation for Information Processing."},{"key":"e_1_3_1_161_2","doi-asserted-by":"publisher","DOI":"10.1145\/2602945.2602952"},{"key":"e_1_3_1_162_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2015.04.011"},{"key":"e_1_3_1_163_2","first-page":"255","volume-title":"Guide to Industrial Control Systems (ICS) Security Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC)","author":"Stouffer Keith","year":"2014","unstructured":"Keith Stouffer, Suzanne Lightman, Victoria Pillitteri, Marshall Abrams, and Adam Hahn. 2014. Guide to Industrial Control Systems (ICS) Security Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC). Technical Report. National Institute of Standards and Technology. 255 pages."},{"key":"e_1_3_1_164_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2019.2950192"},{"key":"e_1_3_1_165_2","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2005.849724"},{"key":"e_1_3_1_166_2","unstructured":"Ted Thornhill. 2014. San Francisco Pranksters Hack Road Sign to Warn Drivers of Godzilla Attack. Retrieved August 21 2020 from https:\/\/www.dailymail.co.uk\/news\/article-2632556\/Godzilla-Attack-Turn-Pranksters-hack-San-Francisco-road-sign-warn-drivers-just-movie-makes-monster-93-2million-box-office.html."},{"key":"e_1_3_1_167_2","unstructured":"unstats.un.org. 2020. UNSD\u2013ISIC. Retrieved August 29 2020 from https:\/\/unstats.un.org\/unsd\/classifications\/Econ\/ISIC.cshtml#::text=The%20International%20Standard%20Industrial%20Classification statistics%20according%20to%20such%20activities."},{"key":"e_1_3_1_168_2","unstructured":"us cert.cisa.gov. 2013. ICS-CERT Monitor. Retrieved August 01 2020 from https:\/\/us-cert.cisa.gov\/sites\/default\/files\/Monitors\/ICS-CERT_Monitor_Apr-Jun2013.pdf."},{"key":"e_1_3_1_169_2","unstructured":"us cert.cisa.gov. 2015. NCCIC\/ICS-CERT Industrial Control Systems Assessment Summary Report 25 pages. Retrieved August 26 2020 from https:\/\/us-cert.cisa.gov\/sites\/default\/files\/Annual_Reports\/FY2015_Industrial_Control_Systems_Assessment_Summary_Report_S508C.pdf."},{"key":"e_1_3_1_170_2","unstructured":"us cert.cisa.gov. 2016. ICS-CERT Annual Assessment Report FY2016 24 pages. Retrieved August 23 2020 from https:\/\/us-cert.cisa.gov\/sites\/default\/files\/Annual_Reports\/FY2016_Industrial_Control_Systems_Assessment_Summary_Report_S508C.pdf."},{"key":"e_1_3_1_171_2","unstructured":"us cert.cisa.gov. 2020. Industrial Control Systems. Retrieved August 26 2020 from https:\/\/us-cert.cisa.gov\/ics."},{"key":"e_1_3_1_172_2","doi-asserted-by":"publisher","DOI":"10.1109\/MIE.2014.2311313"},{"key":"e_1_3_1_173_2","doi-asserted-by":"publisher","DOI":"10.1145\/3372318.3372321"},{"key":"e_1_3_1_174_2","doi-asserted-by":"crossref","unstructured":"verizon.com. 2020. 2020 Data Breach Investigations Report. Retrieved August 21 2020 from https:\/\/enterprise.verizon.com\/resources\/reports\/2020-data-breach-investigations-report.pdf.","DOI":"10.1016\/S1361-3723(20)30059-2"},{"key":"e_1_3_1_175_2","doi-asserted-by":"publisher","DOI":"10.1109\/ETFA.2015.7301400"},{"key":"e_1_3_1_176_2","first-page":"12","article-title":"Optimal level and allocation of cybersecurity spending: Model and formula","author":"Wang Shaun","year":"2017","unstructured":"Shaun Wang. 2017. Optimal level and allocation of cybersecurity spending: Model and formula. SSRN Electron. J. (2017), 12.","journal-title":"SSRN Electron. J."},{"key":"e_1_3_1_177_2","doi-asserted-by":"publisher","DOI":"10.1145\/1366283.1366295"},{"key":"e_1_3_1_178_2","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2015.7105668"},{"key":"e_1_3_1_179_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jmsy.2013.04.008"},{"key":"e_1_3_1_180_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2017.09.050"},{"key":"e_1_3_1_181_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2884906"},{"key":"e_1_3_1_182_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101636"},{"key":"e_1_3_1_183_2","doi-asserted-by":"publisher","DOI":"10.1145\/2461446.2461465"},{"key":"e_1_3_1_184_2","doi-asserted-by":"publisher","DOI":"10.1145\/3343855"},{"key":"e_1_3_1_185_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.measurement.2019.107198"},{"key":"e_1_3_1_186_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICPHYS.2019.8780271"},{"key":"e_1_3_1_187_2","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2015.2503119"},{"key":"e_1_3_1_188_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.micpro.2015.08.013"},{"key":"e_1_3_1_189_2","unstructured":"zigbeealliance.org. 2010. Zigbee Alliance. Retrieved August 19 2020 from https:\/\/zigbeealliance.org\/solution\/zigbee\/."},{"key":"e_1_3_1_190_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2018.8587389"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3510410","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3510410","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:09:45Z","timestamp":1750183785000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3510410"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,1,31]]},"references-count":189,"journal-issue":{"issue":"11s","published-print":{"date-parts":[[2022,1,31]]}},"alternative-id":["10.1145\/3510410"],"URL":"https:\/\/doi.org\/10.1145\/3510410","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,1,31]]},"assertion":[{"value":"2020-12-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-01-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-09-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}