TY - JOUR
T1 - Manufacturing cybersecurity from threat to action
T2 - a taxonomy-guided decision support framework
AU - Rahman, Md Habibor
AU - Cassandro, Rocco
AU - Wuest, Thorsten
AU - Shafae, Mohammed
N1 - Publisher Copyright:
© The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2025.
PY - 2025
Y1 - 2025
N2 - An attack taxonomy is essential for defending manufacturing systems against cyber-physical threats by enabling systematic understanding and classification of threat attributes. However, existing taxonomies typically focus on a limited set of attributes and fail to comprehensively integrate threat actors, system-level and operational impacts, and potential countermeasures within a unified framework. Additionally, converting taxonomy-based knowledge into actionable guidance for cybersecurity tool development and decision-making remains challenging and understudied. To address these gaps, this study introduces a comprehensive attack-countermeasure taxonomy along with a taxonomy-guided decision-support framework, providing an end-to-end approach from threat identification to mitigation in manufacturing systems. Specifically, the proposed taxonomy classifies threat actors and their intent, system behavioral deviations during threat events, attack methods, and attack targets and incorporates both operational and system-level impacts. Furthermore, a structured classification of countermeasures is integrated within the taxonomy, supported by illustrative examples of potential countermeasures. Unlike previous taxonomies, this model captures the entire attack chain—from adversarial intent to observable system deviations and corresponding countermeasures. The taxonomy’s practical implementation is demonstrated using realistic attack scenarios, real-world incidents, and relevant academic case studies. Building upon this foundation, the proposed taxonomy-guided decision-support framework shows explicitly how each taxonomy layer helps guide threat identification, risk modeling and assessment, and appropriate countermeasure selection and deployment. Moreover, the framework highlights how the taxonomy complements existing cybersecurity tools, frameworks, and methodologies to facilitate context-aware and risk-informed security decisions in smart manufacturing environments.
AB - An attack taxonomy is essential for defending manufacturing systems against cyber-physical threats by enabling systematic understanding and classification of threat attributes. However, existing taxonomies typically focus on a limited set of attributes and fail to comprehensively integrate threat actors, system-level and operational impacts, and potential countermeasures within a unified framework. Additionally, converting taxonomy-based knowledge into actionable guidance for cybersecurity tool development and decision-making remains challenging and understudied. To address these gaps, this study introduces a comprehensive attack-countermeasure taxonomy along with a taxonomy-guided decision-support framework, providing an end-to-end approach from threat identification to mitigation in manufacturing systems. Specifically, the proposed taxonomy classifies threat actors and their intent, system behavioral deviations during threat events, attack methods, and attack targets and incorporates both operational and system-level impacts. Furthermore, a structured classification of countermeasures is integrated within the taxonomy, supported by illustrative examples of potential countermeasures. Unlike previous taxonomies, this model captures the entire attack chain—from adversarial intent to observable system deviations and corresponding countermeasures. The taxonomy’s practical implementation is demonstrated using realistic attack scenarios, real-world incidents, and relevant academic case studies. Building upon this foundation, the proposed taxonomy-guided decision-support framework shows explicitly how each taxonomy layer helps guide threat identification, risk modeling and assessment, and appropriate countermeasure selection and deployment. Moreover, the framework highlights how the taxonomy complements existing cybersecurity tools, frameworks, and methodologies to facilitate context-aware and risk-informed security decisions in smart manufacturing environments.
KW - Cyberattacks
KW - Cybersecurity
KW - Cybersecurity risks
KW - Industry 4.0
KW - Smart manufacturing systems
KW - Taxonomy
UR - https://www.scopus.com/pages/publications/105021823784
UR - https://www.scopus.com/pages/publications/105021823784#tab=citedBy
U2 - 10.1007/s10845-025-02719-w
DO - 10.1007/s10845-025-02719-w
M3 - Article
AN - SCOPUS:105021823784
SN - 0956-5515
JO - Journal of Intelligent Manufacturing
JF - Journal of Intelligent Manufacturing
ER -