The digital transformation of Ukrainian enterprises is a pressing imperative, underscored by the potential integration into the European Community and the advantages proffered by the unified European market. However, this transition is not without its complexities and necessitates a comprehensive consideration of various risks, particularly those affecting the security of industrial infrastructures and their workforce [ 1, 2 ].

Adopting the Industry 4.0 paradigm necessitates the aggregation and analysis of data across all facets of the manufacturing cycle to facilitate real-time decision-making, avert crises, and prevent equipment malfunctions [ 3, 4 ]. Such data emerges as a pivotal asset, warranting robust safeguards against cyber threats and other nefarious activities. Unauthorized intrusions can precipitate not only the forfeiture of proprietary industrial data and sensitive information but also the interruption of manufacturing operations, degradation of product quality, and tangible hazards to the personnel overseeing the machinery [ 5, 6 ].

In the realm of transformative technologies that are reshaping production, Augmented Reality (AR) and Virtual Reality (VR) are particularly noteworthy [ 7-10 ]. While the digitization inherent to the Industry 4.0 model yields direct benefits, the deployment of AR interfaces introduces vulnerabilities associated with the employment of personal gadgets, such as tablets and smartphones, within the industrial digital framework [11]. Concurrently, these instruments, in tandem with the data amassed in the production environment, potentially can enhance the physical safety protocols within the enterprise [12].

This study focuses on the approach to industrial data platform development that prioritizes cybersecurity, benefiting manufacturers who implement smart manufacturing, and emphasizes the importance of implementing effective techniques at the organizational level while recognizing the significance of policy implications in promoting widespread adoption [13, 14]. The proposed approach for integrating cybersecurity aspects into the design of AR-enabled digital twin (DT) will help address issues of data integration in the metal processing industry. Widespread adoption of digital platforms with AR tools may contribute to novel collaborative business models promoting sustainable development.

An important aspect of Internet of Things (IoT) is the possibility of developing hybrid solutions that can combine physical products with digital services, particularly through mobile devices. Modern smartphones not only act as an intermediary between people [15], physical, and digital entities [11] but also allow accumulating valuable information about the cognitive, emotional, and behavioral patterns of the user, which can eventually be used to develop alternative IoT devices, particularly with the use of mixed reality. One of the main technologies to facilitate human integration into such a system is AR, which provides an interface [16, 17] for people to interact with the digital world of smart manufacturing.

A basic property of AR technology that can be used for smart manufacturing is a tracking system that allows accurately placing digital models of objects in the physical reality [18]. It is easiest to implement the AR tracking technology based on physical markers localized in certain places of industrial lines or installations and used to determine the correct position of digital images. However, degradation of markers over time or poor lighting can significantly hinder marker recognition. Therefore, natural markers are often used, without any physical objects superimposed on the real assets to specify the position of virtual objects. Wider implementation of AR technology will bring benefits to assistance in assembly operations in smart production, training of engineering experts, creation of a navigation system for operators, logistics warehouse operations, maintenance production nodes, product quality control, etc. (see [ 7, 19 ] for an overview).

In case of the appearance of atypical scenarios of equipment operation or malfunctions of individual nodes, the elimination of such malfunctions becomes a rather difficult and timeconsuming process, as it requires access to specific information, and their filtering and selection, which is quite time-consuming. The augmented reality layer, which provides well-structured information in real-time in a specific location, has significant potential for visualization and contextualization of data, allowing optimization of the decision-making process of the maintenance operator with the help of remote services [19, 20]. Using AR, personnel can practice various scenarios safely in a controlled interactive way. Failures of the equipment can be simulated in the immersive environment to allow covering not just technical but also psychological aspects. Development methodologies such as human-centered design can ensure improvement of personnel skills and knowledge in the workplace, with safe and efficient AR training and upskilling [19].

The STRIDE methodology is a widely recognized approach for identifying and mitigating threats in software systems [21]. It was developed by Microsoft and covers different categories of threats (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service and Elevation of privilege). In comparison with other threat modeling methodologies, STRIDE is relatively simple and easy to understand, making it a popular choice, especially for less experienced security practitioners [22, 23]. However, its simplicity can also be seen as a limitation, as it may overlook more complex or specific threats that don't fit neatly into the STRIDE categories. One of the most well-known alternative methodologies is PASTA (Process for Attack Simulation and Threat Analysis), which is a risk-based approach that considers both technical and business impact factors [24]. PASTA is generally considered more comprehensive than STRIDE, but it is also more complex and resource-intensive to implement. LINDDUN (Linkability, Identifiability, Nonrepudiation, Detectability, Disclosure of information, Unawareness, Noncompliance) is more focused on privacy protection [25]. Another popular methodology is OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation), which is a risk-based approach developed by Carnegie Mellon University. OCTAVE is focused on identifying and prioritizing information assets based on their criticality to the organization [26]. It is often used in conjunction with other methodologies, such as STRIDE, to provide a more holistic view of risks. In contrast to these risk-based approaches, methodologies like VAST (Visual, Agile, and Simple Threat) focus more on the attack surface and potential attack vectors [27]. These methodologies can be useful for identifying specific vulnerabilities but may not provide a comprehensive view of the overall risk landscape.

While each methodology has its strengths and weaknesses, the choice ultimately depends on the specific needs and resources of the organization. In practice, many organizations adopt a hybrid approach, combining elements of different methodologies to create a tailored threat modeling process [22].

Digitization of manufacturing, being a prerequisite for efficient collaboration in production clusters of Industry 4.0 enterprises, laid the foundation for industrial data exchange within the value chains. One may distinguish between different levels of information exchange which involve principally different cyber security challenges and threats [28, 29]. In this study, we model the industrial ecosystem as a hierarchy of three levels, namely intra-enterprise industrial data platform [9, 10], inter-enterprise data exchange and comprehensive data ecosystem for clusters of enterprises from the economy sector [30], like the European Factory Platform.

The provision of a robust cybersecurity framework necessitates the characterization of the nature of data and the associated data sources [31]. This paper examines a specific use case of an enterprise deploying a digital twin integrated with an extended reality interface. The digital twin of a manufacturing line enables management to control the production in real-time, increases production efficiency, ensures better maintenance of individual production units by implementing predictive maintenance practices, and flexibly reconfigure the production when needed [32]. The main production operations, covered by the production model and the corresponding digital twin of the chosen use-case, are plasma and laser cutting, automatic welding, bending, and powder coating. In addition, micro-logistics within production, quality control, and product labeling should be included in the process model.

Since the working equipment of the production line poses threats to the physical safety of workers, the hardware is to be equipped with IoT measuring devices that will work autonomously and transmit relevant and accurate information in real-time about both the quality of product components and the technical condition of the equipment [ 3 ]. Data flows into the digital twin originate from measurements carried out at the production equipment. Measurements are conducted on milling machines (to control shape and size using a camera and laser distance meters), in an internal production silo (to count the number and characterize the assortment of workpieces according to weight and size characteristics), after welding with a Kuka robot (to control the welding seams using multi-spectral images and conductivity probes), after the correcting press (by compliance with the template or by laser distance meter data), and after painting the product (by recognizing the image). Compliance of the entire complex of measured characteristics with the technological map of production is a necessary condition for high product quality. Timely receipt of accurate data (classified in Table 1) on the workload of production line nodes can allow flexible sharing of certain nodes (for example, a welding robot) by several production chains [33].

The diagram in Figure 1 illustrates architecture for the ecosystem of industrial data platforms governed by digital twins, which aims to create a virtual representation of a physical production environment [34]. It depicts the various components involved, such as factory floor, consisting of production equipment, IoT sensors and actuators; digital twin of the physical assets and processes, comprising models and industrial data infrastructure; interfaces for human-machine interaction (with an augmented reality processor for visualizing and interacting with the digital twin) and machine-machine interactions (for cybersecurity reasons it is desirable to separate industrial data machine-machine interface from software support interface), internal enterprise database and external industrial knowledge bases (repositories for storing and managing data, rules, and insights derived from the digital twins, for use by the entire economy sector). Users may be internal or external, including all stakeholders who leverage the digital twin and knowledge base for decision-making, such as operators, management, regulatory bodies, and emergency services.

For the cyber security purposes, threat modeling is used as a method to identify security requirements and, on this basis, single out system vulnerabilities and security threats. The subsequent prioritization of protective measures requires a comprehensive assessment of impact and severity of those threats. This procedure is applied to software and computer networks, including IoT components which control the production life-cycle. Industrial data platforms specified by Figure 1 can be protected using the STRIDE [21] methodology for threat modeling identifying its vulnerabilities and characteristic security threats. Within this methodology, data flow diagram and the threat model have been developed (see Figure 2) for the industrial ecosystem based on enabler technologies described in works [35, 36].

In Figure 2 a group of elements which may become part of the extended attack surfaces is identified (those elements are shown in red). This is a peculiar property of systems with the embedded IoT components of the industrial data platform. Security threats and risks of their realization were assessed in the assumption that modern visualization and control technologies are integrated into the digital twin.

In Table 2 the identified security threats and the corresponding mitigation measures are listed, according to the STRIDE methodology. The proposed measures may be implemented both in the processes of design of Industry 4.0 ecosystems and during security audits for improvement of existing ones. The selected groups of elements from the data flow diagram (Figure 2) have their corresponding threats and specific countermeasures, that are meticulously chosen from those defined in Open Web Application Security Project (OWASP) Internet of Things Top Ten [37]. This allows also to select tests for evaluation of attack surfaces for the industrial data platform and the corresponding vulnerabilities [38-41].

For the considered industrial data platform the OWASP IoT Top Ten has been adapted, security practices and security controls have been proposed for effective mitigation of critical threats that may hamper the platform operation.

It should be stressed that the left-shift approach to cybersecurity during design, implementation and utilization of Industry 4.0 platforms is to be applied to efficiently block cyber-attacks and reliably protect the sensitive data assets.

The implementation of additional security controls to address the extended attack surface for industrial data platforms will facilitate the prioritization of the proposed countermeasures and mitigation actions [39].

The components identified in the data flow diagram (Figure 2) were ranked according to the STRIDE threat model using the TODIM (an acronym for Tomada de Decisão Interativa Multicriterio, meaning Interactive Multi-criteria Decision Making) method [42, 25] and intuitionistic fuzzy sets [43]. Three experts from cross-functional teams with more than five years of experience in cybersecurity and human-machine interfaces were interviewed to collect raw data for the TODIM method implementation.

The experts were tasked to assess the potential damage to the Industry 4.0 platform by evaluating the impact of various threats on each component within the framework of the given scenario: • • • • • •

Spoofing: malicious actors could spoof identities to gain access to manufacturing systems or IoT devices, disrupting automated workflows or injecting false data.

Tampering: attackers might modify sensor data in real-time monitoring or interfere with programmable logic controllers, leading to incorrect decision-making and operational failures.

Repudiation: insiders could deny responsibility for malicious activities, resulting in making forensic analysis difficult after security incidents.

Information Disclosure: leaked process optimization algorithms or proprietary design files could harm competitiveness and expose vulnerabilities.

Denial of Service: DoS attacks on smart factory networks or cloud-based manufacturing solutions could halt production, impair predictive analytics, and disrupt supply chain.

Elevation of Privilege: attackers could escalate their privileges within Industry 4.0 components to manipulate cyber-physical systems, disable security mechanisms, or alter manufacturing parameters.

A linguistic variable scale described by Table 3 has been used. To facilitate this process, the linguistic variables from the ranking scale referenced in paper [44] were adapted, and the modified scale specified in Table 3 was utilized.

Distribution of the experts’ evaluations (Figures 3, 4) can be easily explained by the fact that experts’ opinions are based on their extensive expertise in the field of cybersecurity where, indeed, data tampering, spoofing and denial of service cause immediate and severe disruptions. The collected set of expert evaluations allows us to overcome an existing problem of the absence of the relevant data in the literature, as companies are reluctant to share details about cybersecurity breaches, damaging to their reputation. At the same time, one may expect slight correction of numerical data for elevation of privileges and repudiation, which, however, will not change the priorities for mitigation actions.

Worth noting, for the data flows we have reduced the subset of threats analyzed in STRIDE model, as some of those threats are relevant only to the objects like digital twin or data platform. This peculiarity does not allow neglecting the cybersecurity provisions focused specifically on the data exchange. Instead, mitigation measures are to be designed according to the principles of shared responsibility and may have multi-tier structure, starting from cyber defense of the objects external with respect to the industrial data platform (the external industrial platforms, third party services) and culminating at inner objects (digital twin, machine interfaces).

The fuzzy intuitionistic evaluations of the experts were aggregated using the formula provided in source [44]: dij=IFW Ar λ (r(ij1) , r(ij2) , … , r(ijk ))= λ1 r(ij1) , λ2 r(ij2) , … , λk r(ijk )=[1−∏ (1−μlij)λl , ∏ ( ν(ijl))(1λl), ∏ (1−μlij)λl−∏ ( k k k k l=1 l=1 l=1 l=1 intuitionistic values. as outlined in [45]: criterion ,

where Here, r(k ) denotes the evaluation of the і- assessment by the k-expert according to the ij j criterion, the value λk - indicates the corresponding expert’s weight, while μilj, ν(ijl)represent fuzzy The metric for calculating the distance between intuitionistic fuzzy numbers A and B is applied 1

n d H ( A , B )=

∑ (|μ A ( xi)−μB ( xi)|+|ν A ( xi)−ν B ( xi)|+|π A ( xi)−π B ( xi )|) 2 n i=1 (2) The TODIM method [24] has the following algorithm. For a set of alternatives be, and a set of criteria, with normalized weights {w1 , w2 , ... w } n . A matrix is constructed, where represents the evaluation of alternative based on . Assume that

are the relative weights for each criterion . Then the TODIM method is applied as follows: 1. Normalization into

is performed. 2. Calculation of a dominance for alternative over alternative is done based on criterion , considering the factor follows: as a mitigating factor for loss effects. Thus, the calculation is as corresponds to an advantage and characterizes a loss. The factor is considered to be the mitigating factor for loss effects. 3. The overall evaluation is obtained by the formula: 1 2 3 4 5 6 7 (3) (4) 4. The best alternative has the greatest value of possible biases which could impact decision making and support the process of secure-by-design development of digital twins for Industry 4.0 enterprises.

Besides the final numerical results, visual dashboards representing distribution of the expert evaluations (see Figures 3, 4) deserve to be included into the process of decision making. Firstly, these dashboards help develop intuitive understanding of the different inherent vulnerabilities of a complex Industry 4.0 data platform architecture. Secondly, areas inside the net diagram allows to qualitatively compare the necessary resources for the efficient cyber defense of the particular digital asset or data exchange mechanism.

Aggregation of various data in Industry 4.0 ecosystems offers rich possibilities for production optimization and product improvements. At the same time, implementation of digital twins to steer and virtualize manufacturing extends the cyber-attack surfaces of industrial data platforms. A secure-by-design approach is to be strictly followed to protect valuable data and the enterprise infrastructure.

A threat model for an industrial data platform, proposed in the present work, allows to identify and analyze specific groups of objects and data flows to devise efficient measures for cyber protection. For an Industry 4.0 enterprise which leverages its digital assets and implements advanced AR tools, full awareness of the extended attack surfaces is a prerequisite for efficient cyber defense. Based on STRIDE methodology, one may perform efficient prioritization of vulnerabilities and choose the best mitigation actions to optimize the design and support the improvement of industrial data platforms and their components.

The authors have not employed any Generative AI tools. [9] Y. Skorenkyy, R. Zolotyy, S. Fedak, O. Kramar, R. Kozak. Digital Twin Implementation in Transition of Smart Manufacturing to Industry 5.0 Practices. CEUR Workshop Proceedings 3468 (2023): 12–23. [10] S. Fedak, Y. Skorenkyy, M. Dautaj, R. Zolotyy, O. Kramar. Digital Twins for Optimisation of Industry 5.0 Smart Manufacturing Facilities. CEUR Workshop Proceedings, 3628, (2023): 344– 349. [11] D. Mourtzis, J. Angelopoulos, N. Panopoulos. Operator 5.0: A survey on enabling technologies and a framework for digital manufacturing based on extended reality. Journal of Machine Engineering 22 (2022). DOI: 10.36897/jme/147160. [12] A. Bécue, E. Maia, L. Feeken, P. Borchers, I. Praça. A new concept of digital twin supporting optimization and resilience of factories of the future. Applied Sciences 10, no. 13 (2020): 4482.

DOI:10.3390/app10134482. [13] T.H. Khan, Chiho Noh, Soonhung Han. Correspondence measure: a review for the digital twin standardization. The International Journal of Advanced Manufacturing Technology 128, no. 56 (2023): 1907-1927. DOI: 10.1007/s00170-023-12019-3. [14] H. Nahorniak, A. Sverstiuk. Transformation of intellectual capital into intellectualinformation in the process of formation and implementation modern information. CEUR Workshop Proceedings 3039 (2021): 335 – 352. [15] A. Ilic, E. Fleisch. Augmented Reality and the Internet of Things. Auto-ID Labs White Paper

WP-BIZAPP-068: 2016. DOI: 10.3929/ethz-a-010833302. [16] O. Kramar, Y. Drohobytskiy, Y. Skorenkyy, O. Rokitskyi, N. Kunanets, V. Pasichnyk, O.

Matsiuk. "Augmented Reality-assisted Cyber-Physical Systems of Smart University Campus." In 2020 IEEE 15th International Conference on Computer Sciences and Information Technologies (CSIT), vol. 2, pp. 309-313. IEEE, 2020. [17] T. Kramar, O. Duda, O. Kramar, O. Rokitskyi, V. Pasichnyk. Peculiarities of Augmented Reality Usage in a Mobile Application: The Case of Ivan Puluj Digital Museum. CEUR Workshop Proceedings, 3309, (2022): 279-287. [18] J. Novak-Marcincin, J. Barna, M. Janak, L. Novakova-Marcincinova. Augmented reality aided manufacturing. Procedia Computer Science 25 (2013): 23-31. DOI: 10.1016/j.procs.2013.11.004. [19] T. Masood, J. Egger. Augmented reality in support of Industry 4.0—Implementation challenges and success factors. Robotics and Computer-Integrated Manufacturing 58 (2019): 181-195. DOI: 10.1016/j.rcim.2019.02.003. [20] D. Mourtzis, V. Siatras, J. Angelopoulos. Real-time remote maintenance support based on augmented reality (AR). Applied Sciences 10, no. 5 (2020): 1855. DOI: 10.3390/app10051855. [21] R. Khan, K. McLaughlin, D. Laverty, S. Sezer. "STRIDE-based threat modeling for cyberphysical systems." In 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe) IEEE. (2017): 1-6. DOI: 10.1109/ISGTEurope.2017.8260283. [22] A. Shostack. Threat modeling: Designing for security. John Wiley & Sons. 624p. 2014. ISBN: 978-1-118-80999-0. [23] N. Shevchenko. Evaluating Threat-Modeling Methods for Cyber-Physical Systems. Carnegie Mellon University, Software Engineering Institute's Insights (blog) (2019), Accessed April 24, 2024, https://insights.sei.cmu.edu/blog/evaluating-threat-modeling-methods-for-cyberphysical-systems/. [24] T. UcedaVelez, M.M. Morana. Risk Centric Threat Modeling: process for attack simulation and threat analysis. John Wiley & Sons, 2015. ISBN 978-0-470-50096-5. [25] K. Wuyts, D. van Landuyt, A. Hovsepyan, W. Joosen. "Effective and efficient privacy threat modeling through domain refinements." In Proceedings of the 33rd Annual ACM Symposium on Applied Computing. (2018): 1175-1178. DOI: 10.1145/3167132.3167414. [26] B. Tucker, Advancing Risk Management Capability Using the OCTAVE FORTE Process.

Software Engineering Institute. 2020. DOI: 10.1184/R1/13014266.v1.