A Survey on Security and Privacy of Industry 4.0 and Beyond: Technical Aspects, Use Cases, Challenges, and Research DirectionsShow others and affiliations
2025 (English)In: IEEE Open Journal of the Communications Society, E-ISSN 2644-125X, Vol. 6, p. 8865-8929Article, review/survey (Refereed) Published
Abstract [en]
Industry 4.0 and 5.0 offer a promising framework for connecting electro-mechanical systems to cyberspace, enabling real-time access, telecontrol, human-machine collaboration, and intelligent automation of industrial operations. While horizontal and vertical interoperability serve as critical enablers of this ecosystem, heterogeneity among entities and the lack of standardized governance in interoperability allow cybercriminals to exploit structural vulnerabilities. These weaknesses and unknown bugs provide avenues for cyber-attackers to breach systems, conduct espionage, sabotage assets, and extort organizations, threatening IT and OT infrastructures, finances, reputations, and even human lives. This survey paper discusses cybersecurity and privacy threats within the Industry 4.0 and 5.0 ecosystems, their potential impact on industrial processes and peripherals, and the security challenges associated with the transition from Industry 4.0 to 5.0. To identify research gaps and vulnerabilities, we examine the architecture and components of diverse industrial frameworks and establish functional mappings using IIRA and RAMI models. Following a comprehensive threat modeling approach, we present a layered taxonomy of cyber-threats, classified based on their nature, behavior, and execution characteristics. To assist network administrators and security professionals, we propose a threat prioritization framework based on likelihood, detectability, impact severity, and operational consequences. Furthermore, we outline perspective-based cybersecurity challenges that expose deficiencies in current protective measures. As countermeasures, we advocate for AI-driven, blockchain-enabled, edge-computing-based, and privacy-preserving security solutions to defend against threats and mitigate potential damages. We also elaborate on key standardization initiatives, nation-specific privacy regulations, and ongoing research efforts focused on safeguarding the security and privacy of Industry 4.0 and beyond. The paper concludes by summarizing key lessons learned, identifying unresolved research questions, and suggesting future directions for a secure and resilient Industry 5.0 paradigm.
Place, publisher, year, edition, pages
IEEE Communications Society, 2025. Vol. 6, p. 8865-8929
Keywords [en]
Cybersecurity, cyber-physical systems (CPS), Industry 4.0, industrial Internet, privacy
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:liu:diva-219282DOI: 10.1109/ojcoms.2025.3616289ISI: 001604873900001Scopus ID: 2-s2.0-105018097890OAI: oai:DiVA.org:liu-219282DiVA, id: diva2:2011497
Funder
Academy of Finland, 318927ELLIIT - The Linköping‐Lund Initiative on IT and Mobile Communications, A4The Swedish Foundation for International Cooperation in Research and Higher Education (STINT), IB2019-8185
Note
Funding Agencies|Swedish Foundation for International Cooperation in Research and Higher Education (STINT) through the Initiation Grants Program [IB2019-8185]; Science Foundation Ireland through the CONNECT Phase 2 [13/RC/2077_P2]; Academy of Finland through the 6Genesis Project [318927]; CENIIT Project [17.01]; European Cooperation in Science and Technology [10.13039/501100000921]; COST Action CA22104 - Behavioral Next Generation in Wireless Networks for Cyber Security (BEiNG-WISE); Excellence Center at Linkping-Lund in IT under Project A4
2025-11-042025-11-042025-12-07