SIREN: Designing Business Processes for Comprehensive Industrial IoT Security Management

The Industrial Internet of Things (IIoT) paradigm means that “things” in an industrial context are equipped with connectivity. The convergence of formerly isolated Operational Technology with IT provides disruptive opportunities for organizations but is also vulnerable to cyberattacks. To mitigate these risks, the IEC62443 standard was developed, which will be mandatory for critical infrastructure organizations due to the EU Cybersecurity Act. This standard demands various requirements for the technology and organizational aspects of organizations. To implement the standard’s technical requirements and demonstrate compliance, applications can be used. This paper utilizes Design Science Research (DSR) to design, develop, and demonstrate Security Iiot pRocEss Notation (SIREN), an approach based on Business Process Model and Notation (BPMN) to model and monitor processes and compliance. Previous research have yet to cover the IIoT explicitly and lack the monitoring of the modeled attributes. Therefore, a novel specialized approach is presented, enhancing the model with monitorable attributes based on the standard. Thus, this paper presents a BPMN-based approach to model and monitor security-aware processes in IIoT.