EFFRA Innovation Portal

Significant innovations and lessons learned

Significant innovations and achievements

Gaps and challenges that should still be addressed in future work

Manufacturing performance characteristics

Economic sustainability is the component of sustainability where the focus is on commercial competitiveness and the ability to do be successful from the business perspective.

Business development - Access to new markets Description

Business development entails tasks and processes to develop and implement growth opportunities within and between organizations. It is a subset of the fields of business, commerce and organizational theory. Business development is the creation of long-term value for an organization from and for customers, markets, and relationships (from https://en.wikipedia.org/wiki/Business_development). Understanding the needs of current and future customers should be the baseline for business development. There are two main dimensions of business development, exploitation of current resources (continuous improvements) and exploration of new value (disruptive business models).

See also the section dedicated to Business model aspects.

Flexibility Description

Flexibility in manufacturing means the ability to deal with slightly or greatly mixed parts, to allow variation in parts assembly and variations in process sequence, change the production volume and change the design of certain product being manufactured.

(from https://en.wikipedia.org/wiki/Flexible_manufacturing_system )

Lead time Description

A lead time is the latency between the initiation and execution of a process. For example, the lead time between the placement of an order and delivery of a new car from a manufacturer (from https://en.wikipedia.org/wiki/Lead_time)

Process reliability - dependability Description

In systems engineering, dependability is a measure of a system's availability, reliability, and its maintainability, and maintenance support performance, and, in some cases, other characteristics such as durability, safety and security. In software engineering, dependability is the ability to provide services that can defensibly be trusted within a time-period. This may also encompass mechanisms designed to increase and maintain the dependability of a system or software. (from https://en.wikipedia.org/wiki/Dependability)

Product quality - Quality assurance Description

In business, engineering, and manufacturing, quality has a pragmatic interpretation as the non-inferiority or superiority of something; it's also defined as being suitable for its intended purpose (fitness for purpose) while satisfying customer expectations. (from https://en.wikipedia.org/wiki/Quality_(business))

Quality assurance (QA) is a way of preventing mistakes and defects in manufactured products and avoiding problems when delivering solutions or services to customers; which ISO 9000 defines as "part of quality management focused on providing confidence that quality requirements will be fulfilled". This defect prevention in quality assurance differs subtly from defect detection and rejection in quality control, and has been referred to as a shift left as it focuses on quality earlier in the process i.e. to the left of a linear process diagram reading left to right. (from https://en.wikipedia.org/wiki/Quality_control)

Quality assurance - Standards

ISO/IEC 20547-3:2020 - Information technology - Big data reference architecture - Part 3: Reference architecture Description

ISO/IEC 21823-1:2019 - Internet of things (IoT) — Interoperability for IoT systems — Part 1: Framework Description

ROS - Robot Operating System (ROS) Description

IEC 62559-2:2015 - Use case methodology - Part 2: Definition of the templates for use cases, actor list and requirements list Description

VDMA 24582:2014 - Fieldbus neutral reference architecture for Condition Monitoring in production automation Description

ISO/IEC 23053 - Framework for Artificial Intelligence (AI) Systems Using Machine Learning (ML) Description

Y.csb-arch - Cloud Computing -Functional architecture for cloud service brokerage Description

IEC 63278-1 ED1 - Asset administration shell for industrial applications -Part 1: Administration shell structure Description

IEC PAS 63088:2017 - Smart manufacturing -Reference architecture model industry 4.0 (RAMI4.0) Description

IEC TS 62832-1:2016 - Industrial-process measurement, control and automation - Digital factory framework - Part 1: General principles Description

DIN SPEC 27070:2020 - Requirements and reference architecture of a security gateway for the exchange of industry data and services Description

IEEE P2413:2019 - Architectural Framework for the Internet of Things (IoT) Description

ISO 23952:2020 - Quality information framework (QIF) — An integrated model for manufacturing quality information Description

Show more

Productivity Description

Productivity describes various measures of the efficiency of production. A productivity measure is expressed as the ratio of output to inputs used in a production process, i.e. output per unit of input. Productivity is a crucial factor in production performance of firms and nations. (from https://en.wikipedia.org/wiki/Productivity)

Supply chain and value network efficiency Description

Optimisation challenges must be faced along the entire supply chain or value network, involving OEMs, components suppliers, service providers and SMEs. The transparency of customer requirements and value within the value chain is an important driver for optimisation.

Environmental sustainability

Circular economy

Co-evolution of products-processes-production systems Description

Co-evolution of products-processes-production systems or ‘industrial symbiosis’ with minimum need of new resources

Material efficiency Description

Material efficiency is a description or metric which expresses the degree in which raw materials are consumed, incorporated, or wasted, as compared to previous measures in construction / manufacturing projects or physical processes. Making a usable item out of thinner stock than a prior version increases the material efficiency of the manufacturing process. (from https://en.wikipedia.org/wiki/Material_efficiency)

Reduction of material consumption (in %)

Product life extension Description

Product life extension aims at increasing the value from invested resources, providing a useful life that is as long as possible, and maximizing profitability over the life cycle of assets. It includes activities such as repair, upgrade, and remanufacture as well as Innovative re-use of equipment

Innovative re-use of equipment

Waste minimisation Description

Waste minimisation is a set of processes and practices intended to reduce the amount of waste produced. By reducing or eliminating the generation of harmful and persistent wastes, waste minimisation supports efforts to promote a more sustainable society. Waste minimisation involves redesigning products and processes and/or changing societal patterns of consumption and production. (from https://en.wikipedia.org/wiki/Waste_minimisation)

Reduction of waste (in %)

Reducing emissions in manufacturing processes

Reduction of CO2 emissions (in %)

Reducing the consumption of energy, while increasing the usage of renewable energy Description

Efficient energy use, sometimes simply called energy efficiency, is the goal to reduce the amount of energy required to provide products and services. (from https://en.wikipedia.org/wiki/Efficient_energy_use)

Reduction of energy consumption (in %)

Reducing the consumption of water and other process resources. Description

Reduction of water consumption (in %)

Social sustainability

Increasing human achievements in manufacturing systems

ISO/TR 23244:2020 - Blockchain and distributed ledger technologies — Privacy and personally identifiable information protection considerations Description

Occupational safety and health Description

Occupational safety and health (OSH), also commonly referred to as occupational health and safety (OHS), occupational health or workplace health and safety (WHS), is a multidisciplinary field concerned with the safety, health, and welfare of people at work. (from https://en.wikipedia.org/wiki/Occupational_safety_and_health)

Safety standards

B11.0 - 2020 - Safety of Machinery Description

B11.Tr10—202x - Functional Safety of Artificial Intelligence for Machinery Applications Description

EN 61310 sreies - Safety of machinery - Indication, marking and actuation Description

IEC 60204:2020 SER - Safety of machinery - Electrical equipment of machines - ALL PARTS Description

EN 62745:2017 - Safety of machinery - Requirements for cableless control systems of machinery (IEC 62745:2017) Description

IEC 62061:2015 CSV - Safety of machinery - Functional safety of safety-related electrical, electronic and programmable electronic control systems Description

ISO 10218-1:2011 - Robots and robotic devices — Safety requirements for industrial robots — Part 1: Robots Description

ISO 11161:2007 - Safety of machinery — Integrated manufacturing systems — Basic requirements Description

IEC 60445:2017 RLV - Basic and safety principles for man-machine interface, marking and identification - Identification of equipment terminals, conductor terminations and conductors Description

ISO 12100:2010 - Safety of machinery -General principles for design -Risk assessment and risk reduction Description

ISO 14738:2002 - Safety of machinery — Anthropometric requirements for the design of workstations at machinery Description

ISO 13849-1:2015 - Safety of machinery — Safety-related parts of control systems — Part 1: General principles for design Description

ISO 10218-2:2011 - Robots and robotic devices — Safety requirements for industrial robots — Part 2: Robot systems and integration Description

ISO 13849-2: 2012 - Safety of machinery - Safety-related parts of control systems - Part 2: Validation Description

Show more

Skills, training, new job profiles

Manufacturing future products

Manufacturing the products of the future

Complex structures, geometries and scale

Novel materials

Customised products

Resource efficient, sustainable products

Technologies and enablers

Advanced manufacturing processes Description

The efficiency and sustainability of both the manufacturing of actual and future products is still very much determined by the processes that shape and assemble the components of these products. Innovative products and advanced materials (including nano-materials) are emerging but are not yet developing to their full advantage since robust manufacturing methods to deliver these products and materials are not developed for large scale. Research is needed to ensure that novel manufacturing processes can efficiently exploit the potential of novel products for a wide range of applications.

Additive manufacturing Description

Flexible Sheet-to-Sheet (S2S) and Roll-to-Roll (R2R) Description

Flexible Sheet-to-Sheet (S2S) and Roll-to-Roll (R2R), building in plastics electronics, large volume patterning at nanoscale (photolithography) and new materials and greater use of space on CMOS.

High productivity and “self assembly” technologies development of conventional (joining, forming, machining) and new micro/nano-manufacturing processes

Innovative physical, chemical and physicochemical processes

Integration of non-conventional technologies and conventional technologies Description

Integration of non-conventional technologies (e.g. laser, ultrasonic) towards the development of new multifunctional manufacturing processes (including in process concept: inspection, thermal treatment, stress relieving, machining, joining

Methods for handling of parts, metrology and inspection Description

Methods for handling of parts, metrology and inspection require development also to ensure ability to manufacture at scale (volume) with high reliability.

Photonics-based materials processing technologies

Recycling processes

Replication, Equipment for flexible scalable prod/Assembly , Coatings

Shaping technology for difficult to shape materials Description

Shaping technology such as forming and machining, to address challenges related to “difficult to shape” materials and to explore new processing methods to achieve nano-sized microstructure components.

Information and communication technologies

Data collection, storage, analytics, processing and AI

Cognitive and artificial intelligence (AI) technologies - machine learning Description

In computer science, artificial intelligence (AI), sometimes called machine intelligence, is intelligence demonstrated by machines, in contrast to the natural intelligence displayed by humans and animals. Computer science defines AI research as the study of "intelligent agents": any device that perceives its environment and takes actions that maximize its chance of successfully achieving its goals. Colloquially, the term "artificial intelligence" is used to describe machines that mimic "cognitive" functions that humans associate with other human minds, such as "learning" and "problem solving" (from https://en.wikipedia.org/wiki/Artificial_intelligence)

B11.Tr10—202x - Functional Safety of Artificial Intelligence for Machinery Applications Description

DIN SPEC 13266:2020-04 - Guideline for the development of deep learning image recognition systems Description

DIN SPEC 2343:2020-09 - Transmission of language-based data between artificial intelligences - Specification of parameters and formats Description

DIN SPEC 92001-1:2019-04 - Artificial Intelligence -Life Cycle Processes and Quality Requirements -Part 1: Quality Metamodel Description

DIN SPEC 92001-2 - Artificial Intelligence - Life Cycle Processes and Quality Requirements - Part 2: Robustness Description

Fuzzy logic Description

Fuzzy logic is a form of many-valued logic in which the truth values of variables may be any real number between 0 and 1 inclusive. It is employed to handle the concept of partial truth, where the truth value may range between completely true and completely false (from https://en.wikipedia.org/wiki/Fuzzy_logic)

Genetic algorithms Description

In computer science and operations research, a genetic algorithm (GA) is a metaheuristic inspired by the process of natural selection that belongs to the larger class of evolutionary algorithms (EA). Genetic algorithms are commonly used to generate high-quality solutions to optimization and search problems by relying on bio-inspired operators such as mutation, crossover and selection. (https://en.wikipedia.org/wiki/Genetic_algorithm)

Heuristics Description

A heuristic function, also called simply a heuristic, is a function that ranks alternatives in search algorithms at each branching step based on available information to decide which branch to follow. (from https://en.wikipedia.org/wiki/Heuristic_(computer_science))

ISO/IEC 22989 - Artificial Intelligence Concepts and Terminology Description

ISO/IEC 23053 - Framework for Artificial Intelligence (AI) Systems Using Machine Learning (ML) Description

ISO/IEC 23894 - Information Technology — Artificial Intelligence — Risk Managemen Description

ISO/IEC 24668 - Information technology — Artificial intelligence —Process management framework for Big data analytics Description

ISO/IEC 30166:2020 - Internet of things (IoT) — Industrial IoT Description

ISO/IEC 38507 - Information technology --Governance of IT --Governance implications of the use of artificial intelligence by organizations Description

Show more

Neural networks Description

Artificial neural networks (ANN) or connectionist systems are computing systems vaguely inspired by the biological neural networks and astrocytes that constitute animal brains. The neural network itself is not an algorithm, but rather a framework for many different machine learning algorithms to work together and process complex data inputs.[4] Such systems "learn" to perform tasks by considering examples, generally without being programmed with any task-specific rules. (from https://en.wikipedia.org/wiki/Artificial_neural_network)

Data acquisition Description

Data acquisition is the process of sampling signals that measure real world physical conditions and converting the resulting samples into digital numeric values that can be manipulated by a computer. Data acquisition systems, abbreviated by the acronyms DAS or DAQ, typically convert analog waveforms into digital values for processing. The components of data acquisition systems include:

Sensors, to convert physical parameters to electrical signals.
Signal conditioning circuitry, to convert sensor signals into a form that can be converted to digital values.
Analog-to-digital converters, to convert conditioned sensor signals to digital values.

Data acquisition applications are usually controlled by software programs developed using various general purpose programming languages
So, as a summary, Data acquisition is in itself a vast group of protocols, technologies, sensors, hardware and software…

(from https://en.wikipedia.org/wiki/Data_acquisition)

Data analytics

Data modelling Description

Data modeling in software engineering is the process of creating a data model for an information system by applying certain formal techniques. (from https://en.wikipedia.org/wiki/Data_modeling)

Data processing Description

Cloud computing, edge computing

Cloud computing Description

https://en.wikipedia.org/wiki/Cloud_computing

Cloud computing can be deployed as private cloud, public cloud, hybrid cloud

Digital Manufacturing Platforms can be ran into IaaS, PaaS or SaaS.
Considerations need to be made to security measures in the cloud (kubernetes, container security), identity & access, or carefully considering the security measures by the respective cloud services providers.

Edge computing Description

Data storage Description

Data storage is the recording (storing) of information (data) in a storage medium. DNA and RNA, handwriting, phonographic recording, magnetic tape, and optical discs are all examples of storage media. (from https://en.wikipedia.org/wiki/Database)

Dataspaces Description

Dataspaces are an abstraction in data management that aim to overcome some of the problems encountered in data integration system. The aim is to reduce the effort required to set up a data integration system by relying on existing matching and mapping generation techniques, and to improve the system in "pay-as-you-go" fashion as it is used. (From https://en.wikipedia.org/wiki/Dataspaces)

ICT solutions for next generation data storage and information mining

Non-relational database (NoSQL) Description

Relational databases Description

ISO/IEC 20546:2019 - Information technology - Big data - Overview and vocabulary Description

ISO/IEC 20547-3:2020 - Information technology - Big data reference architecture - Part 3: Reference architecture Description

ISO/IEC 24668 - Information technology — Artificial intelligence —Process management framework for Big data analytics Description

ISO/IEC TR 20547-1:2020 - Information technology — Big data reference architecture — Part 1: Framework and application process Description

ISO/IEC TR 20547-2:2018 - Information technology - Big data reference architecture - Part 2: Use cases and derived requirements Description

ISO/IEC TR 20547-5:2018 - Information technology - Big data reference architecture - Part 5: Standards roadmap Description

Digital manufacturing platforms Description

Human Machine Interfaces

Advanced and ubiquitous human machine interaction Description

Advanced machine interaction with humans through ubiquity of mobile devices will enable users to receive relevant production and enterprise-specific information regardless of their geographical location and tailored to the context and the skills/responsibilities they own. Interactions with ICT infrastructures and equipment will be natural language-like

Augmented reality Description

Data visualisation Description

Virtual reality Description

IoT - Internet of Things Description

The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. (from https://en.wikipedia.org/wiki/Internet_of_things)

DIN SPEC 91406:2019-12 - Automatic identification of physical objects and information on physical objects in IT systems, particularly IoT systems Description

IEEE P2413:2019 - Architectural Framework for the Internet of Things (IoT) Description

IIRA:2019 - The Industrial Internet of ThingsVolume G1: Reference Architecture Version 1.9 Description

ISO/IEC 20924:2018 - Information technology — Internet of Things (IoT) — Vocabulary Description

ISO/IEC 21823-1:2019 - Internet of things (IoT) — Interoperability for IoT systems — Part 1: Framework Description

ISO/IEC 29161:2016 - Information technology — Data structure — Unique identification for the Internet of Things Description

ISO/IEC 30118 series - Information technology -Open Connectivity Foundation (OCF) Specification Description

ISO/IEC 30147 - Information technology -Internet of things -Methodology for trustworthiness of IoT system/service Description

ISO/IEC 30149 - Internet of things (IoT) -Trustworthiness framework Description

ISO/IEC 30161 - Internet of Things (IoT) -Requirements of IoT data exchange platform for various IoT services Description

ISO/IEC 30162 - Internet of Things (IoT) -Compatibility requirements and model for devices within industrial IoT systems Description

ISO/IEC 30163 - Internet of Things (IoT) -System requirements of IoT/SN technology-based integrated platform for chattel asset monitoring supporting financial services Description

ISO/IEC 30165 - Internet of Things (IoT) -Real-time IoT framework Description

ISO/IEC 30166:2020 - Internet of things (IoT) — Industrial IoT Description

Show more

Operating systems

Programming Frameworks – Software Development Kits (SDKs)

FIWARE Description

Smart Industry Context Data/API Management, Publication and Monetization

The AuthZForce PDP/PAP Generic Enabler

The Biz Framework Generic Enabler

The CKAN extensions Generic Enabler

The Keyrock Identity Management Generic Enabler

The Wilma proxy Generic Enabler

Smart Industry Context Information Management and Persistence

The Cygnus Generic Enabler Description

The Cygnus Generic Enabler brings the means for managing the history of context that is created as a stream of data which can be injected into multiple data sinks, including some popular databases like PostgreSQL, MySQL, MongoDB or AWS DynamoDB as well as BigData platforms like Hadoop, Storm, Spark or Flink.

The Orion Context Broker Generic Enabler Description

The Orion Context Broker Generic Enabler is the core and mandatory component of any “Powered by FIWARE” platform or solution. It enables to manage context information in a highly decentralized and large-scale manner. It provides the FIWARE NGSIv2 API which is a simple yet powerful Restful API enabling to perform updates, queries or subscribe to changes on context information.

The STH Comet Generic Enabler Description

The STH Comet Generic Enabler brings the means for storing a short-term history of context data (typically months) on MongoDB.

Smart Industry Information Processing

Augmented Reality (FIWARE)

CEPHEUS

PERSEO

PROTON

Quantum Leap

The AEON Incubated Generic Enabler

The Cosmos Generic Enabler

The Domibus Incubated Generic Enabler

The FogFlow Incubated Generic Enabler

The Knowage Generic Enabler

The Kurento Generic Enabler

The Wirecloud Generic Enabler

XML3D

Smart Industry NGSI Agents Framework to Real World

The Fast RTPS Incubated Generic Enabler

The IDAS Generic Enabler

The OpenMTC Incubated Generic Enabler

Programming Languages

System modelling, simulation and forecasting Description

Simulation (often referred to as digital twins) is the imitation of the operation of a real-world process or system. The act of simulating something first requires that a model be developed; this model represents the key characteristics, behaviors and functions of the selected physical or abstract system or process. The model represents the system itself, whereas the simulation represents the operation of the system over time. (from https://en.wikipedia.org/wiki/Simulation)

Mechatronics Description

Mechatronics, which is also called mechatronic engineering, is a multidisciplinary branch of engineering that focuses on the engineering of both electrical and mechanical systems, and also includes a combination of robotics, electronics, computer, telecommunications, systems, control, and product engineering. (From https://en.wikipedia.org/wiki/Mechatronics)

Advanced materials in manufacturing systems Description

Production equipment does not yet take full advantage of the benefits that new and advanced materials offer, and factories of the future will need more advanced equipment to meet the requirements for energy efficiency and environmental targets and to meet new demands for a connected world. The future will therefore see modern, lightweight, long-lasting/flexible and smart equipment able to produce current and future products for existing and new markets. There will be a step change in the construction of such equipment, leading to a sustainable manufacturing base able to deliver high added value products and customised production. Increased smartness in the manufacturing equipment also enables a systems approach with machines able to learn from each other and impacting on the human-machine interface.

Smart and functional materials Description

Smarter equipment and manufacturing systems with self-diagnosis (temperature, vibrations, noise) and embedded sensing, memory or active architecture, with functional materials allowing them to adjust work processes and operations to variances in structure, shape and material composition (right first time manufacture).. Capture of machine data through this inherent ‘smartness’ for communication between machines (for M2M), at factory level and through supply chains for a systems approach to manufacturing and meeting customer demand. New equipment components taking advantage of new designs and advanced materials (e.g. gears and transmissions providing longer lifetime of equipment, active surfaces that can embed and release lubricant when needed (higher pressures or temperatures))

Condition and performance monitoring technologies Description

Continuous monitoring of the condition and performance of the manufacturing system on component and machine level, enables sustainable and competive manufacturing, also by introducing autonomous diagnosis capabilities and context-awareness. Detecting, measuring and monitoring the variables, events and situations will increase the performance and reliability of manufacturing systems. This involves advanced metrology, calibration and sensing, signal processing and model-based virtual sensing for a wide range of applications, e.g. event pattern detection, diagnostics, anomaly detection, prognostics and predictive maintenance.

Control technologies Description

https://en.wikipedia.org/wiki/Control_system

Control technologies will be further exploiting the increasing computational power and intelligence in order to come forward to the demands of increased speed and precision in manufacturing. Advanced control strategies will allow the use of lighter actuators and structural elements for obtaining very rigid and accurate solutions, replacing slower and more energy-intensive approaches. Learning controllers adapt the behaviour of systems to changing environments or system degradation, taking into account constraints and considering alternatives, hereby relying on robust industrial real-time communication technologies, system modelling approaches and distributed intelligence architectures.

Energy technologies

Intelligent machinery components, actuators and end-effectors Description

Intelligent components enable the deployment of safe, energy-efficient, accurate and flexible or reconfigurable products and production systems. This includes the introduction of smart actuators and the use of advanced end-effectors composed of passive and active materials. Energy technologies are gaining importance, such as (super)capacitors, pneumatic storage devices, batteries and energy harvesting technologies.

Skills - Knowledge-workers Description

The European Factories of the Future are expected to provide global manufacturing competitiveness, but also to create a large amount of work opportunities for the European population. Future factory workers are therefore key resources for industrial competitiveness as well as important consumers. However, as previously stated, the changing demographics and high skill requirements faced by European industry pose new challenges. Workers with high knowledge and skills (“knowledge workers”) will be scarce resources. Research efforts within Horizon 2020 must address ways to increase the number of people available for, and interested in, manufacturing tasks. This includes the following important aspects of the human resources: - New technology-based approaches to accommodate age-related limitations, through ICT and automation - New technical, educational, and organisational ways to increase the attractiveness of factory work to the young potential workforce, the existing workforce, the potential immigrant workforce, and the older workforce - New approaches to skill- and competence development, as well as skill and knowledge management, to increase competitiveness and be part of the global knowledge society - New ways to organise and compensate factory knowledge workers - New factory human-centric work-environments based on safety and comfort - Ways to integrate future factory work in global and local societal agendas and social patterns

ICT performance characteristics

Cybersecurity Description

Security for information and infrastructure related to digital systems

Cybersecurity Standards for digital manufacturing Description

This is a collection of Industrial CyberSecurity Standards and de-facto standards relevant for organizations designing, developing, selecting, installing and operating digital manufacturing platforms. The selection was made on the basis of expert advisory and selections by researchers in their assessment of relevant State of the Art. Next to the standards, readers should also consider the works ongoing in standardisation efforts.

De Facto industrial CyberSecurity standard developments

Cloud Security Alliance (CSA) Description

Cloud Security Alliance (CSA) – Consensus Assessment Initiative Questionnaire (CAIQ) Description

An industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix (CCM).

It helps cloud service providers and their customers to gauge the security posture and determine if their cloud services are suitably secure. In addition to improving the clarity and accuracy, it also supports better auditability of the CCM controls.

https://cloudsecurityalliance.org/artifacts/consensus-assessments-initiative-questionnaire-v3-1/

IIC – SMM

Industrial Internet Consortium (IIC) – Industrial Internet Security Framework (IISF) Description

The Industrial Internet Security Framework (IISF) is a cross-industry-focused security framework comprising expert vision, experience and security best practices. It reflects thousands of hours of knowledge and experiences from security experts, collected, researched and evaluated for the benefit of all IIoT system deployments.
It builds on the ‘Industrial Internet of Things Reference Architecture’ (IIRA), that lays out the most important architecture components, how they fit together and how they influence each other. Each of these components must be made secure, as must the key system characteristics that bind them together into a trustworthy system.

It reviews security assessment for organizations, architectures and technologies. It outlines how to evaluate attacks as part of a risk analysis and highlights the many factors that should be considered, ranging from the endpoints and communications to management systems and the supply chains of the elements comprising the system. Different roles are identified that should be considered in conjunction with the key characteristics, including, owner/operator, system integrator/builder and equipment vendor. Each role offers different risk management perspectives that affect the decisions regarding security and privacy.

https://www.iiconsortium.org/IISF.htm
https://www.iiconsortium.org/pdf/IIC_PUB_G4_V1.00_PB-3.pdf

Namur, WG 4.18 Automation Security Description

NAMUR, the "User Association of Automation Technology in Process Industries", is an international association of user companies (established in 1949) and represents their interests concerning automation technology. NAMUR numbers over 150 member companies. The achievement of added value through automation engineering is at the forefront in all NAMUR member company activities. NAMUR conducts a frank and fair dialogue with manufacturers.

NAMUR’s Automation Security working group 4.18 addresses issues including the following topics in the context of its experience exchange, its concept developments, formulation of requirements to be met by automation solutions and its involvement in national and international standardisation.

Relevant recommendations and worksheets

NA 163 Security Risk Assessment of SIS (Safety Instrumented Systems)
NA 169 Automation Security Management in the Process Industry. NA 169 describes the steps to systematically build a Cyber Security Management System (CSMS) for automation systems in the process industry in order to ensure the correct operation of the functional safety devices, to protect critical data and to ensure the availability and reliability of the plants

See Namur website WG 4.18 pages

OMG – Eclipse Foundation Description

OPC-UA Description

Open Web Application Security Project® Foundation (OWASP) Description

Platform I4.0 WG Sicherheit, RAMI Security model developments Description

See https://www.plattform-i40.de/PI40/Redaktion/EN/Standardartikel/working-group-03.html

Asociated content:

Associated Metamodel Asset Administration Shell for Security
Access control for Industrie 4.0 components for application by manufacturers, operators and integrators
Specification - Details of the Asset Administration Shell - Part 1
Artificial Intelligence (AI) in Security Aspects of Industrie 4.0
Cybersecurity Regulatory Framework in Germany/EU and USA (GER/ENG/CHN)Industrie 4.0 Security Guidelines

Access control for Industrie 4.0 components for application by manufacturers, operators and integrators

Metamodel Asset Administration Shell for Security Description

The overall concept is the use of the Admnistrative Asset Shell (AAS). It is requesting access to an object. In the context of an AAS an object typically is a submodel or a property or any other submodel element connected to the asset. The implemented access control mechanism of the AAS evaluates the access permission rules (2a) that include constraints that need to be fulfilled w.r.t. the subject attributes (2b), the object attributes and the environment conditions (2d). The focus is on access control. An object in the context of ABAC corresponds typically to a submodel or to a submodel element. The object attributes again are modelled as submodel elements. Subject Attributes need to be accessed either via an external policy information point or they are defined as properties within a special submodel of the AAS. A typical subject attribute is its role. The role is the only subject attribute defined in case of role based access control. Optionally, environment conditions can be defined. In role based access control no environment conditions are defined. Environment conditions can be expressed via formula constraints. To be able to do so the values needed should be defined as property or reference to data within a submodel of the AAS.

https://www.plattform-i40.de/PI40/Redaktion/EN/Downloads/Publikation/Details-of-the-Asset-Administration-Shell-Part1.html

ROS – SROS Description

European industrial CyberSecurity standards

CEN/CLC/JTC 13 : Cybersecurity and Data Protection Description

Development of standards for cybersecurity and data protection covering all aspects of the evolving information society including but not limited to: - Management systems, frameworks, methodologies - Data protection and privacy - Services and products evaluation standards suitable for security assessment for large companies and small and medium enterprises (SMEs) - Competence requirements for cybersecurity and data protection - Security requirements, services, techniques and guidelines for ICT systems, services, networks and devices, including smart objects and distributed computing devices Included in the scope is the identification and possible adoption of documents already published or under development by ISO/IEC JTC 1and other SDOs and international bodies such as ISO, IEC, ITU-T, and industrial fora. Where not being developed by other SDO's, the development of cybersecurity and data protection CEN/CENELEC publications for safeguarding information such as organizational frameworks, management systems, techniques, guidelines, and products and services, including those in support of the EU Digital Single Market.

https://www.cen.eu/work/Sectors/Digital_society/Pages/Cybersecurity.aspx

https://www.cenelec.eu/dyn/www/f?p=104:7:123858409050001::::FSP_ORG_ID,FSP_LANG_ID:2307986,25

CLC/TC 65X : Industrial-process measurement, control and automation Description

Its scope is to contribute, support and coordinate the preparation of international standards for systems and elements used for industrial process measurement, control and automation at CENELEC level. To coordinate standardisation activities which affect integration of components and functions into such systems including safety and security aspects. This CENELEC work of standardisation is to be carried out for equipment and systems and closely coordinated with IEC TC65 and its subcommittees with the objective of avoiding any duplication of work while honouring standing agreements between CENELEC and IEC.

https://www.cenelec.eu/dyn/www/f?p=104:7:0::::FSP_ORG_ID:1257871

https://www.cenelec.eu/aboutcenelec/whatwedo/technologysectors/DigitalSociety-topics.html

ENISA Good Practices for Security of Internet of Things in the context of Smart Manufacturing

ENISA Industrial CybersSecurity developments & CyberAct Certification Description

ETSI EN 303 645 - CYBER - Cyber Security for Consumer Internet of Things: Baseline Requirements Description

While oriented in the first place to consumer devices, ETSI EN 303 645, a standard for cybersecurity in the Internet of Things is relevant for manufacturing considerations. The standard establishes a security baseline for internet-connected consumer products and provides a basis for future IoT certification schemes. Based on the ETSI specification TS 103 645, EN 303 645 went through National Standards Organization comments and voting, engaging even more stakeholders in its development and ultimately strengthening the resulting standard. The EN is a result of collaboration and expertise from industry, academics and government.

ETSI EN 303 645 specifies 13 provisions for the security of Internet-connected consumer devices and their associated services. IoT products in scope include connected children’s toys and baby monitors, connected safety-relevant products such as smoke detectors and door locks, smart cameras, TVs and speakers, wearable health trackers, connected home automation and alarm systems, connected appliances (e.g. washing machines, fridges) and smart home assistants. The EN also includes 5 specific data protection provisions for consumer IoT.

https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf

ETSI SAREF M2M to SAREF4INMA developments

ETSI M2M Description

Helps to produce the specifications to enable users to build platforms by which devices and services can be connected, regardless of the underlying technology used.

https://www.etsi.org/committee/smartm2m

ETSI SAREF Description

The Smart Applications REFerence (SAREF) ontology is a shared model of consensus that facilitates the matching of existing assets in the smart applications domain. SAREF provides building blocks that allow separation and recombination of different parts of the ontology depending on specific needs.

https://www.etsi.org/technologies/smart-appliances
https://saref.etsi.org/

ETSI TS 103 410-5 SAREF4INMA Description

SAREF4INMA, an extension of SAREF that was created for the industry and manufacturing domain. SAREF4INMA was created to be aligned with related initiatives in the smart industry and manufacturing domain in terms of modelling and standardization, such as the Reference Architecture Model for Industry 4.0 (RAMI), which combines several standards used by the various national initiatives in Europe that support digitalization in manufacturing.

These initiatives include, but are not limited to, the platform Industrie 4.0 in Germany, the Smart Industry initiative in the Netherlands, Industria 4.0 in Italy, the 'Industrie du future initiative' in France and more.

It extends SAREF with 24 classes (in addition to a number of classes directly reused from the SAREF ontology and the SAREF4BLDG extension), 20 object properties (in addition to a number of object properties reused from the SAREF ontology and the SAREF4BLDG extension) and 11 data type properties. SAREF4INMA focuses on extending SAREF for the industry and manufacturing domain to solve the lack of interoperability between various types of production equipment that produce items in a factory and, once outside the factory, between different organizations in the value chain to uniquely track back the produced items to the corresponding production equipment, batches, material and precise time in which they were manufactured.

https://saref.etsi.org/saref4inma/

https://www.etsi.org/deliver/etsi_ts/103400_103499/10341005/01.01.02_60/ts_10341005v010102p.pdf

North American Industrial CyberSecurity Standards

NIST 800.82 Description

This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety requirements. The document provides an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks.

ICS cybersecurity programs should always be part of broader ICS safety and reliability programs at both industrial sites and enterprise cybersecurity programs, because cybersecurity is essential to the safe and reliable operation of modern industrial processes. Threats to control systems can come from numerous sources, including hostile governments, terrorist groups, disgruntled employees, malicious intruders, complexities, accidents, and natural disasters as well as malicious or accidental actions by insiders. ICS security objectives typically follow the priority of availability and integrity, followed by confidentiality.

https://csrc.nist.gov/publications/detail/sp/800-82/rev-2/final

NIST CyberSecurity Framework (Framework for Improving Critical Infrastructure Cybersecurity) Description

The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Implementation Tiers, and the Framework Profiles. The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across sectors and critical infrastructure. Elements of the Core provide detailed guidance for developing individual organizational Profiles. Through use of Profiles, the Framework will help an organization to align and prioritize its cybersecurity activities with its business/mission requirements, risk tolerances, and resources. The Tiers provide a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risk, which will help in prioritizing and achieving cybersecurity objectives.

While this document was developed to improve cybersecurity risk management in critical infrastructure, the Framework can be used by organizations in any sector or community. The Framework enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving security and resilience.

The Framework provides a common organizing structure for multiple approaches to cybersecurity by assembling standards, guidelines, and practices that are working effectively today.

https://www.nist.gov/cyberframework

NISTIR 8183 - Cybersecurity Framework Version 1.1 Manufacturing Profile Description

The Cybersecurity Framework (CSF) Version 1.1 implementation details developed for the manufacturing environment. The “Manufacturing Profile” of the CSF can be used as a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing sector goals and industry best practices. This Manufacturing Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to manufacturing systems. The Manufacturing Profile is meant to enhance but not replace current cybersecurity standards and industry guidelines that the manufacturer is embracing.

https://csrc.nist.gov/publications/detail/nistir/8183/rev-1/final

NISTIR 8259 - Foundational Cybersecurity Activities for IoT Device Manufacturers Description

Internet of Things (IoT) devices often lack device cybersecurity capabilities their customers organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving how securable the IoT devices they make are by providing necessary cybersecurity functionality and by providing customers with the cybersecurity-related information they need. This publication describes recommended activities related to cybersecurity that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices

https://csrc.nist.gov/publications/detail/nistir/8259/final

International Industrial CyberSecurity standards Description

The following is a collection of Industrial CyberSecurity Standards and de-facto standards relevant for organizations designing, developing, selecting, installing and operating digital manufacturing platforms. The selection was made on the basis of expert advisory and selections by researchers in their assessment of relevant State of the Art. Next to the standards, readers should also consider the works ongoing in standardization efforts

CIS Controls – ICS Description

The CIS Controls™ are a prioritized set of actions that collectively form a defense-in-depth set of best practices that mitigate the most common attacks against systems and networks. The CIS Controls are developed by a community of IT experts who apply their first-hand experience as cyber defenders to create these globally accepted security best practices. The experts who develop the CIS Controls come from a wide range of sectors including, retail, manufacturing, healthcare, education, government, defense, and others. So, while the CIS Controls address the general practices that most organizations should take to secure their systems, some operational environments may present unique requirements not addressed by the CIS Controls.

The guidance on how to apply the security best practices found in CIS Controls. For each top-level CIS Control, there is a brief discussion of how to interpret and apply the CIS Control in such environments, along with any unique considerations or differences from common IT environments. The applicability or not of specific Sub-Controls is addressed and additional steps needed in ICS environments are explained.

https://www.cisecurity.org/white-papers/cis-controls-implementation-guide-for-industrial-control-systems/

IEC 62443 series - Security for industrial automation and control systems - ISA 99 Description

Publisher: ANSI, IEC, ISA - License: ANSI, IEC, ISA

Structured Wiki

Search