{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T12:42:57Z","timestamp":1760186577158,"version":"build-2065373602"},"reference-count":41,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2019,1,3]],"date-time":"2019-01-03T00:00:00Z","timestamp":1546473600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100003086","name":"Eusko Jaurlaritza","doi-asserted-by":"publisher","award":["2017 KK-2017\/00044"],"award-info":[{"award-number":["2017 KK-2017\/00044"]}],"id":[{"id":"10.13039\/501100003086","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>The fourth industrial revolution has brought several risks to factories along with its plethora of benefits. The convergence of new technologies, legacy technologies, information technologies and operational technologies in the same network generates a wide attack surface. At the same time, factories need continuous production to meet their customers\u2019 demand, so any stopped production can have harsh effects on a factory\u2019s economy. This makes cyber resilience a key requirement in factories nowadays. However, it is difficult for managers to define effective cyber resilience strategies, especially considering the difficulty of estimating adequate investment in cyber resilience policies before the company has suffered cyber incidents. In this sense, the purpose of this article is to define and model an effective cyber resilience strategy. To achieve this, the system dynamics methodology was followed in order to get five experts\u2019 opinions on the best strategy to invest in cyber resilience. Interviews were conducted with these experts; their reasoning was put into behavior over time graphs and a system dynamics model was built from these findings. The main conclusion is that a cyber resilience investment strategy should be dynamic, investing in both technical security and personnel training, but at first with an emphasis on technical security and later shifting to have an emphasis on training.<\/jats:p>","DOI":"10.3390\/s19010138","type":"journal-article","created":{"date-parts":[[2019,1,3]],"date-time":"2019-01-03T03:36:30Z","timestamp":1546486590000},"page":"138","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":21,"title":["Defining a Cyber Resilience Investment Strategy in an Industrial Internet of Things Context"],"prefix":"10.3390","volume":"19","author":[{"given":"Juan Francisco","family":"Car\u00edas","sequence":"first","affiliation":[{"name":"Industrial Management Engineering Department, School of Engineering, TECNUN, University of Navarra, Paseo Manuel de Lardiz\u00e1bal, 13. 20018. San Sebasti\u00e1n, Spain"}]},{"given":"Leire","family":"Labaka","sequence":"additional","affiliation":[{"name":"Industrial Management Engineering Department, School of Engineering, TECNUN, University of Navarra, Paseo Manuel de Lardiz\u00e1bal, 13. 20018. San Sebasti\u00e1n, Spain"}]},{"given":"Jos\u00e9 Mar\u00eda","family":"Sarriegi","sequence":"additional","affiliation":[{"name":"Industrial Management Engineering Department, School of Engineering, TECNUN, University of Navarra, Paseo Manuel de Lardiz\u00e1bal, 13. 20018. San Sebasti\u00e1n, Spain"}]},{"given":"Josune","family":"Hernantes","sequence":"additional","affiliation":[{"name":"Industrial Management Engineering Department, School of Engineering, TECNUN, University of Navarra, Paseo Manuel de Lardiz\u00e1bal, 13. 20018. San Sebasti\u00e1n, Spain"}]}],"member":"1968","published-online":{"date-parts":[[2019,1,3]]},"reference":[{"key":"ref_1","unstructured":"Kagermann, H., Wahlster, W., and Helbig, J. (2013). Recommendations for Implementing the Strategic Initiative INDUSTRIE 4.0, Foschungsunion."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"111","DOI":"10.1007\/s40684-016-0015-5","article-title":"Do Smart manufacturing: Past research, present findings, and future directions","volume":"3","author":"Kang","year":"2016","journal-title":"Int. J. Precis. Eng. Manuf. Green Technol."},{"key":"ref_3","unstructured":"Schlaepfer, R.C., and Koch, M. (2015). Industry 4.0. Challenges and Solutions for the Digital Transformation and Use of Exponential Technologies, Deloitte."},{"key":"ref_4","unstructured":"Symantec (2016). Smarter Security for Manufacturing in the Industry 4.0 Era, Symantec."},{"key":"ref_5","unstructured":"Peasley, S., Waslo, R., Lewis, T., Hajj, R., and Carton, R. (2017). Industry 4.0 and Cybersecurity Managing Risk in an Age of Connected Production, Deloitte University Press."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Wegner, A., Graham, J., and Ribble, E. (2017). A New Approach to Cyberphysical Security in Industry 4.0. Cybersecurity for Industry 4.0, Springer.","DOI":"10.1007\/978-3-319-50660-9_3"},{"key":"ref_7","unstructured":"Huelsman, T., and Peasley, S. (2016). Cyber Risk in Advanced Manufacturing, Deloitte."},{"key":"ref_8","unstructured":"IT Governance (2018). An Introduction to Implementing Cyber Resilience, IT Governance Ltd."},{"key":"ref_9","unstructured":"Manso, C.G., Rekleitis, E., Papazafeiropoulos, F., and Maritsas, V. (2015). Information Security and Privacy Standards for SMEs."},{"key":"ref_10","unstructured":"Lewis, J. (2018). Economic Impact of Cybercrime\u2014No Slowing Down Report, McAfee."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1061\/(ASCE)1527-6988(2008)9:2(81)","article-title":"Facilitated Process for Improving Organizational Resilience","volume":"9","author":"McManus","year":"2008","journal-title":"Nat. Hazards Rev."},{"key":"ref_12","unstructured":"World Economic Forum (2018). The Global Risks Report 2018, World Economic Forum. [13th ed.]."},{"key":"ref_13","unstructured":"Allianz Global Corporate & Speciality (2017). Allianz Risk Barometer: Top Business Risks 2017, Allianz Global Corporate & Speciality."},{"key":"ref_14","unstructured":"Zetter, K. (2014). Countdown to Zero Day, Crown Publishers. [1st ed.]."},{"key":"ref_15","unstructured":"Norton Team (2018, June 27). The 8 Most Famous Computer Viruses of All Time. Nort UK Blog 2016. Available online: https:\/\/uk.norton.com\/norton-blog\/2016\/02\/the_8_most_famousco.html."},{"key":"ref_16","first-page":"1","article-title":"Quantifying and measuring cyber resiliency","volume":"9825","author":"Cybenko","year":"2016","journal-title":"Proc. SPIE"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Craigen, D., Diakun-Thibault, N., and Purse, R. (2014). Defining cyber-security. Technol. Innov. Manag. Rev., 13\u201321.","DOI":"10.22215\/timreview835"},{"key":"ref_18","unstructured":"Deutscher, S.A., Bohmayr, W., and Asen, A. (2017). Building a Cyberresilient Organization, BCG Perspectives."},{"key":"ref_19","unstructured":"World Economic Forum (2016). A Framework for Assessing Cyber Resilience, World Economic Forum."},{"key":"ref_20","unstructured":"DHS (2018, February 06). Resilience, Available online: https:\/\/www.dhs.gov\/topic\/resilience."},{"key":"ref_21","unstructured":"European Commission (2017). Resilience, Deterrence and Defence: Building Strong Cybersecurity in Europe."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"471","DOI":"10.1007\/s10669-013-9485-y","article-title":"Resilience metrics for cyber systems","volume":"33","author":"Linkov","year":"2013","journal-title":"Environ. Syst. Decis."},{"key":"ref_23","unstructured":"NIST (2018). Framework for Improving Critical Infrastructure Cybersecurity."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1016\/j.dss.2016.02.012","article-title":"Decision support approaches for cyber security investment","volume":"86","author":"Fielder","year":"2016","journal-title":"Decis. Support Syst."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"6132","DOI":"10.1016\/j.eswa.2015.03.033","article-title":"Game of information security investment: Impact of attack types and network vulnerability","volume":"42","author":"Wu","year":"2015","journal-title":"Expert Syst. Appl."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"156","DOI":"10.1016\/j.dss.2013.01.001","article-title":"Selection of optimal countermeasure portfolio in IT security planning","volume":"55","author":"Sawik","year":"2013","journal-title":"Decis. Support Syst."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"904","DOI":"10.1016\/j.dss.2011.02.009","article-title":"Profit-maximizing firm investments in customer information security","volume":"51","author":"Lee","year":"2011","journal-title":"Decis. Support Syst."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1016\/j.omega.2011.03.008","article-title":"IT security planning under uncertainty for high-impact events","volume":"40","author":"Rakes","year":"2012","journal-title":"Omega"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"281","DOI":"10.2753\/MIS0742-1222250211","article-title":"Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment","volume":"25","author":"Cavusoglu","year":"2008","journal-title":"J. Manag. Inf. Syst."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"12175","DOI":"10.1109\/ACCESS.2017.2773366","article-title":"An Options Approach to Cybersecurity Investment","volume":"6","author":"Chronopoulos","year":"2017","journal-title":"IEEE Access"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"509","DOI":"10.1016\/j.jaccpubpol.2015.05.001","article-title":"The impact of information sharing on cybersecurity underinvestment: A real options perspective","volume":"34","author":"Gordon","year":"2015","journal-title":"J. Account. Public Policy"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"555","DOI":"10.1080\/01621459.1980.10477508","article-title":"Information Sources for Modeling the National Economy","volume":"75","author":"Forrester","year":"1980","journal-title":"J. Am. Stat. Assoc."},{"key":"ref_33","unstructured":"World Economic Forum (2017). Advancing Cyber Resilience - Principles and Tools for Boards, World Economic Forum."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Car\u00edas, J.F., Labaka, L., Sarriegi, J.M., and Hernantes, J. (2018). An Approach to the Modeling of Cyber Resilience Management. Glob. IoT Summit, in press.","DOI":"10.1109\/GIOTS.2018.8534579"},{"key":"ref_35","unstructured":"Sterman, J.D. (2000). Business Dynamics: Systems Thinking and Modeling for a Complex World, Irwin\/McGraw-Hill. (alk. paper)."},{"key":"ref_36","unstructured":"Forrester, J.W. (1961). Industrial Dynamics, MIT Press."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Casalicchio, E., Galli, E., and Tucci, S. (2007, January 22\u201326). Federated Agent-based Modeling and Simulation Approach to Study Interdependencies in IT Critical Infrastructures. Proceedings of the 11th IEEE International Symposium on Distributed Simulation and Real-Time Applications (DS-RT\u201907), Chania, Greece.","DOI":"10.1109\/DS-RT.2007.11"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Iturriza, M., Labaka, L., Sarriegi, J.M., and Hernantes, J. (2018). Modelling methodologies for analysing critical infrastructures. J. Simul., 1\u201316.","DOI":"10.1080\/17477778.2017.1418640"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Sarriegi, J.M., Sveen, F.O., Torres, J.M., and Gonzalez, J.J. (2008, January 13\u201315). Adaptation of Modelling Paradigms to the CIs Interdependencies Problem. Proceedings of the Critical Information Infrastructure Security CRITIS, Rome, Italy.","DOI":"10.1007\/978-3-642-03552-4_27"},{"key":"ref_40","unstructured":"Richardson, G.P., and Pugh, A.L. (1981). Introduction to System Dynamics Modeling, Pegasus Communications."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"1146","DOI":"10.1057\/palgrave.jors.2600961","article-title":"Introduction to system dynamics modeling with dynamo","volume":"48","author":"Richardson","year":"1997","journal-title":"J. Oper. Res. Soc."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/19\/1\/138\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T12:23:15Z","timestamp":1760185395000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/19\/1\/138"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,1,3]]},"references-count":41,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2019,1]]}},"alternative-id":["s19010138"],"URL":"https:\/\/doi.org\/10.3390\/s19010138","relation":{},"ISSN":["1424-8220"],"issn-type":[{"type":"electronic","value":"1424-8220"}],"subject":[],"published":{"date-parts":[[2019,1,3]]}}}