IIoT’s Risk Odyssey: Navigating the Risk Propagation of Illegal Information Flows

Industrial Internet of Things (IIoT) refers to a broad network of low-cost, interconnected devices, including actuators, programmable logic controllers (PLCs), and sensors. Such environments are characterized by the vast amount of data exchanged among a wide range of devices, applications, and services. The scalability and decentralized nature of IIoT introduces considerable challenges for traditional security mechanisms. As a result, it is crucial to establish more robust security measures, enforce more effective access control policies, and efficiently manage information flows within business processes. In our prior research, we introduced a methodology for the assessment of information flows in IIoT environments and the detection of the illegal ones. Specifically, we utilized a risk-based methodology to model complex business processes as directed graphs. This approach enabled us to thoroughly analyze the interdependencies among participating objects. Through this analysis, we aimed to identify objects that are susceptible to initiating or being influenced by illegal information flows. In our current study, we investigate the propagation of the risk of illegal information flows within and across business processes. Finally, we apply centrality metrics to identify critical objects that require more efficient access control rules and policies in order to mitigate illegal information flows within the IIoT network. To the best of our knowledge, no previous research has explored the concept of risk-based detection of illegal information flows and examined potential propagation of risk in industrial environments.