Journal Search Engine
Search Advanced Search Adode Reader(link)
Download PDF Export Citaion korean bibliography PMC previewer
ISSN : 1598-7248 (Print)
ISSN : 2234-6473 (Online)
Industrial Engineering & Management Systems Vol.19 No.4 pp.825-846
DOI : https://doi.org/10.7232/iems.2020.19.4.825

Blockchain Suitability Assessment of Manufacturing Functions Defined by the ISA95 Standard

Erkan Yalcinkaya*, Antonio Maffei
Department of Production Engineering, Royal Institute of Technology, Stockholm, Sweden
*Corresponding Author, E-mail: erkany@kth.se
October 7, 2020 November 7, 2020 November 11, 2020

ABSTRACT


The number of security incidents related to the manufacturing industry has been steadily increasing over the past decade. The most prominent security risks impacting the manufacturing industry are intellectual property theft, supply chain interruptions, industrial espionage, data breaches, and ransomware attacks. Blockchain is an emerging technology that offers distributed, highly available, resilient, and traceable ledger-based databases and thus opens new ways of dealing with conventional security challenges in the confidentiality, integrity, and availability domains. ISA95 outlines manufacturing functions in a number of areas and characterizes the information flows. Moreover, ISA95 constitutes a common blueprint for the manufacturing industry and this research paper systematically assesses the suitability of the blockchain technology for the ISA95 enterprise core functions and sub-functions as a way to ultimately increase the confidentiality, integrity, and availability of manufacturing systems.



초록


    1. INTRODUCTION

    Cybersecurity has gained significant importance in all business domains in the last decade, particularly for critical infrastructure functions due to the increasing number of security incidents such as the WannaCry ransomware outbreak, the Stuxnet worm so on (Mahoney and Davis, 2017). The manufacturing industry is no exception to this. According to the statistics produced by NTT Security, the manufacturing sector was the third most attacked industry in 2017 across the globe (NTT Security, 2017). Likewise, in 2018 the manufacturing industry was among the five most attacked industries in all four regions (Global, EMEA, and Japan) and was the top industry threatened in Japan, where the manufacturing sector is dominant among other industries (NTT Security, 2018). The volume of hostile activity against the manufacturing industry remained constant in 2019 (NTT Security, 2019).

    Cyber espionage and intellectual property theft are among the significant cybersecurity incidents, and these were the top security incidents impacting the manufacturing industry from 2011 to 2013 (Chandrasekar et al., 2017).

    The following bullets exemplify historical cybersecurity incidents that impacted the manufacturing industry (Ani et al., 2017):

    • • The manufacturing assembly line at Daimler Chrysler (automobile manufacturer) was halted due to Zotab worm infection in 2005.

    • • Night Dragon attack targeted industrial supervisory control and data acquisition (SCADA) sys- tems belonging to a broad range of companies, including industrial manufacturing companies in 2011.

    • • Sandworm, a malicious software, breached industrial networks by exploiting a zero-day vulnerability discovered in human-machine interface (HMI) devices in 2014.

    • • Hackers attacked a blast furnace at a German steel manufacturing company and caused colossal damages in 2014.

    Security incidents in the manufacturing industry hinder the quality of services and products, negatively impact the reputation of the company (which could eventually lead to losing customers and business contracts), impair production equipment, damage the environment due to malfunctioning equipment, and can even impact on daily life by damaging critical infrastructures (Schwab and Poujol, 2018).

    Krayem (2019) identified the following cybersecurity risks against the manufacturing industry that can be categorized into three main types:

    • 1. Confidentiality:

      • a. Intellectual property theft and industrial espionage.

      • b. Personally identifiable information breaches impacting data privacy.

    • 2. Integrity:

      • a. State or organized criminal actors threatening the supply chain reliability and causing process and product integrity issues.

      • b. Industrial espionage compromising the integrity of manufacturing process data and customer specifications.

    • 3. Availability:

      • a. Advanced and persistent attacks sponsored by international actors to disrupt critical infrastructures.

      • b. Crippling critical manufacturing units by damaging the production equipment software and hardware.

      • c. Ransomware attacks.

    A ledger-based database technology, blockchain, has recently emerged, and this new technology offers a distributed, autonomous, and transparent trust model that takes accountability to the next level. Its decentralized model boasts resiliency and availability. The chainbased data structure with digital signatures ensures high levels of integrity. With encryption, sensitive data is protected, and data privacy is preserved at the highest level (Adam-Kalfon and Selsabila, 2017;Crosby et al., 2016)

    Mohanta et al. (2019) surveyed a broad range of blockchain use cases, including the industrial application of the internet of things (IIoT). They indicated that blockchain-based platforms could boost the overall cybersecurity capabilities, including confidentiality, integrity, and availability domains, for various industrial usecases.

    The versatility of the blockchain technology allows and supports the realization of a wide range of business cases in various industries. Zīle and Strazdiņa (2018) researched the literature and presented a comprehensive list of blockchain use cases and applications. Supply chain management, contract management, product quality verification, and intellectual property protection are the featured use cases, among others.

    As shortly formulated above, converging the blockchain technology to the manufacturing systems, including ISA95 based traditional and IIoT based smart manufacturing systems, can mitigate cybersecurity issues in confidentiality, integrity, and availability domains. However, the applicability aspect should also be considered before adopting any technology in practice. Hence, this research aims to methodically assess the suitability of the blockchain technology for manufacturing processes defined by the ISA95 standard.

    2. GAP ANALYSIS

    ANSI (2010) is an internationally recognized manufacturing standard specifying a number of abstraction layers aiming to ease the integration of generic functions on the enterprise level with shop floor control systems. The pillars of the ISA95 standard originates from a generic Purdue model (Williams, 1990).

    The ISA95 standard does not cover any functions, processes, or models within the cybersecurity domain. This deficiency is attempted to be addressed with a new standard, ISA99, which is currently being developed by the same international body. The ISA99 standard outlines the cybersecurity aspects for industrial automation and control systems in four main categories with 13 work products. The current status of the ISA99 standard is available online at (ISA, 2020).

    Blockchain is an emerging technology with unique ways of ensuring data privacy, system security, availability, process transparency, and data confidentiality of data in unique ways. However, because blockchain is a new technology, there are only a few methodologies and frameworks available in the literature to assess blockchain suitability versus conventional system solutions.

    Although there are a number of researchers focusing on applications implementing certain blockchain-enabled business use cases (Zīle and Strazdiņa, 2018), no one has systematically analyzed the suitability of the blockchain technology for each enterprise core and sub-functions defined by the ISA95 standard.

    3. BACKGROUND

    3.1 Industrial Manufacturing Systems

    Industrial manufacturing systems are composed of complex information and communication technology systems in varying platforms ranging from systems utilizing cutting edge machine-learning algorithms to mechatronic control systems running on a factory shop floor in order to fulfill a broad spectrum of enterprise business functions such as process automation, system control, supply chain management, enterprise resource planning, accounting, etc. These systems have been increasingly interconnected since the beginning of the “Industry 4.0” era and are characterized by smart networking, mobility, flexibility, close integration with customer needs, and openness to cultivating new and innovative business models (Jazdi, 2014).

    3.2 ISA95 and Purdue Models

    As briefly explained in the previous section, the manufacturing industry relies heavily on computerized systems in diverse forms and covering a broad spectrum of complexity. Therefore, the interoperability of these systems with each other is crucial to ensuring high quality, speed, and efficiency. Moreover, non-intraoperative or non-compliant subsystems reduce the capacity for end-toend automation, thus causing increased unit prices that consequently negatively impact the competitive advantage of the company in the manufacturing business.

    To address these issues, the International Society of Automation (ISA) developed a multidisciplinary standard, ISA95 (ANSI, 2010), which was structured on the Purdue model (Williams, 1990). The ISA95 extended the scope of the Purdue model by defining common methodologies, terminologies, models, and data types in order to facilitate the integration of controls and enterprise information and communication technology systems (Scholten, 2007).

    The ISA95 standard encompasses a series of five booklets:

    • • Part 1: Models and Terminologies

    • • Part 2: Object Model Attributes

    • • Part 3: Activity Models of Manufacturing Operations Management

    • • Part 4: Objects and Attributes for Manufacturing Operations Management Integration

    • • Part 5: Business to Manufacturing Transactions

    Despite containing extensive information sources to frame the manufacturing standards for global multinational manufacturers, the research presented here primarily focuses on “Part 1” of the series where the functional model, information flows, enterprise core functions, and subsequent sub-functions are outlined (ANSI, 2010).

    Originating from the “Models and Terminologies” (ANSI, 2010) booklet, Figure 1 depicts the classical overview of the ISA95 data flow model on a high level of abstraction where the enterprise core functions are illustrated with ellipses. Appendix A and B can be referenced for additional information about enterprise core and subfunctions along with functional data relationships.

    The solid arrows in Figure 1 illustrate information flows among the manufacturing functions, whereas the dashed arrows represent information flows outside the operations and control space. The thick grey dashed lines demarcate the operations and control functions, in other words, the enterprise-control interface. Figure 1 depicts the ISA95 data flow diagram with a few untagged arrows representing flows not identified explicitly by the ISA95 model.

    The Purdue model was developed by Purdue University and major manufacturing companies from the US and Canada. Williams (1990) published a paper that outlines the specifics of the model, and the manufacturing functions that could be automated are the main scope of the model.

    Figure 2 from Williams (1990) illustrates the data flow diagram that outlines the functional relationships of a reference manufacturing plant where the circles represent the automatable manufacturing functions, and the rectangles represent external entities. The model defines the external entities as manufacturing functions requiring human involvement. The identification of external entities is vital for this research because all interactions between external entities and humans apparently add new intermediaries to the system and thus increase the system complexity and cost of total ownership. One of the blockchain suitability assessment questions that will be covered in the following sections aims to identify specific scenarios where the intermediaries increase the complexity and cost.

    In addition, the Purdue model defines and tags several information flows that are not identified by the ISA95 model. This information is essential for identifying all of the functional relationships outlined in Appendix A and Appendix B.

    Thus, despite having the ISA95 model as the primary assessment scope, some auxiliary information from the Purdue model is supplied for the suitability assessment in order to ensure consistency and full coverage.

    3.3 Blockchain Technology

    The blockchain concept is an emerging distributed database and ledger technology that was first proposed by Satoshi Nakamoto in 2008 (Nakamoto, 2008). In his paper, Satoshi outlined the cornerstones of cryptocurrencies, such as Bitcoin, that use the blockchain technology, which relies on consensus-based non-central transaction verification methods that ensure the immutability of transactions and prevent fraudulent activities by verifiable but anonymously distributed records of transactions.

    The blockchain technology is characterized by its decentralized design that ensures high availability and resiliency, its ability to preserve privacy, its tamper-proof and immutable data records, and its traceability (Zheng et al., 2018). In contrast to traditional centrally maintained and trusted authorities, the blockchain technology distributes the trust among all entities or participants of the system. Therefore there is no single point of failure that can impact the resiliency, security, and privacy of the entire system (Crosby et al., 2016).

    The built-in security features of the blockchain technology can be classified and elaborated with the help of the classical CIA triad (Confidentiality, Integrity, and Availability).

    The purpose of the confidentiality principle is to protect the data from unauthorized access. Data confidentiality is ensured through the individual data blocks in the blockchain technology with its natively supported asynchronous robust encryption algorithms. Therefore, the sensitive data residing in the ledger is always encrypted both when at rest and during transit, which enhances confidentiality and preserves data privacy.

    The integrity principle in the information security domain ensures that the data are not altered at any time and guarantees that the original state of the data is always preserved. When fed with source data, modern hashing functions produce unique fixed-length character strings as data digests in order to distinctively represent the source data. The hashing algorithms are designed to generate a completely unique digest even if the source is only slightly altered. Because the hashing functions exclusively work in one direction, obtaining the source data from the digest is not possible.

    The blockchain technology links a new data block to a ledger by storing the hash value of the last block in the chain. Thus, the integrity of each element in the whole chain is maintained by incremental hashing operations. The hashed and linked data structure assures tamperproof, immutable data records and enables traceability from the first to the last element of the ledger.

    The availability principle in the information technology (IT) domain ensures that the requested resources are always accessible whenever needed. Highly available IT systems are engineered with redundancy and resiliency and the ability to withstand disruptions. In terms of the blockchain technology, the decentralized architecture eliminates the single point of failure, which leverages high availability and resiliency with multiple redundant participants hosting the distributed ledger.

    Despite not being included in the classical CIA triad, non-repudiation is recognized as a fundamental pillar of cybersecurity in order to prevent denial of action, which is a crucial design requirement for transactional systems.

    Individually signed blocks fulfill the non-repudiation condition for the blockchain-based distributed ledgers.

    3.4 Blockchain Suitability Assessment

    The technical properties and versatility of blockchain make the technology suitable for a number of use cases across various business domains and industries. However, even if technically possible, inappropriate application of any technology can lead to failures in different forms. Thus, performing an accurate and precise suitability assessment to determine whether the prospects of the technology match with the business requirements is a crucial pre-implementation task.

    Because blockchain is an emerging technology, there are only a few suitability assessment frameworks available in the literature. These frameworks often rely on simplistic but clear assessment questions that are occasionally supported with decision trees.

    Lo et al. (2018) proposed a framework with seven design questions to determine whether a system solution featured with a conventional centrally hosted database or a blockchain-based distributed ledger.

    Figure 3 from Lo et al. (2018) illustrates a decision tree outlining the assessment logic. Although it is easy to implement, the proposed decision flow lacks the ability to return to the previous states. Therefore, the decision mechanism is hardwired to following strict rules. For instance, if the answer to the question “Is transaction history required?” is “No”, then the framework points directly to a conventional database. However, there might be valid business-use cases where the transaction history is required for conventional databases, or there could be valid blockchain cases that are only interested in the current state rather than the full history.

    Furthermore, the decision mechanism is purely datacentric and typically queries data properties such as immutability, encryption, etc. In other words, the framework lacks the ability to cover essential business requirements, such as total ownership and operational costs.

    Mainelli and Manson (2016) at Pricewaterhouse- Coopers (PwC) published a comprehensive paper explaining the strengths, weaknesses, and prospects of the blockchain technology. Moreover, they proposed a comprehensive assessment framework with six cornerstone assessment questions to evaluate the suitability of the blockchain technology. The researchers concluded that the assessed use case should positively answer at least 4 out of 6 suitability assessment questions. If this is the case, the application of technology is considered a good fit for the proposed purpose.

    Following are the list of blockchain suitability assessment questions proposed by Mainelli and Manson (2016):

    • •Are multiple parties sharing data?

    • •Will multiple parties be updating data?

    • •Is there a requirement for verification?

    • •Are intermediaries adding cost and complexity?

    • •Are interactions time sensitive?

    • •Will transactions by different participants depend on each other?

    Although both suitability assessment methods covered so far have overlapping features, the framework proposed by Mainelli and Manson (2016) apparently considers not only the data properties but also the business aspects such as total ownership and operational costs.

    4. METHOD

    This research briefly outlines the two blockchain assessment frameworks presented in section 3.4. The framework developed by Lo et al. (2018) is based on a data-driven approach, while the blockchain assessment methodology proposed by Mainelli and Manson (2016) is more business-oriented and therefore easier to adapt to a wide range of use cases. Because the assessed ISA95 enterprise core functions and sub-functions are purely business-oriented, the latter framework is considered a better fit than the former.

    Before beginning the assessment, the properties and attributes of ISA95 enterprise core functions and subfunctions along with their relationships with each other (Figure 1 and Figure 2) were thoroughly reviewed. Based on this review, the information dependencies and functional relationships (Appendix A) were identified first. Then an extensive matrix (Appendix B) listing all ISA95 enterprise core functions and sub-functions was created.

    Finally, each ISA95 enterprise core function and sub-function was individually assessed against the questions stated by the chosen blockchain suitability framework.

    The suitability assessment framework resulted in six generic assessment questions. The advantage of this approach is that the framework applies to a broad spectrum of use cases and thus is extremely versatile. However, a disadvantage is that the assessor must define borders to fit the assessment into a specific domain.

    The following assumptions and conditions were de-fined for the scope of this research in order to ensure that the analysis is consistent with the needs of the manufacturing industry.

    • •Are multiple parties sharing data?

    • •Will multiple parties be updating data?

      • These two assessment questions ask whether multiple participants will jointly view or modify the data.

      • Every core function illustrated by the ISA95 model (Figure 1) and Purdue model (Figure 2) is associated with one or more incoming or outgoing information flows. Appendix A shows the data flow dependencies for all enterprise core functions defined by the ISA95 and Purdue models. In addition, column CO in Appendix B shows the related incoming or outgoing information flows for each ISA95 sub-function.

      • Given the information relationships and considering that all modern manufacturing systems operating from the shop floor to the enterprise level are designed to feedback to and to talk with counterparts to maximize the operational efficiency, it is assumed that all core functions and sub-functions listed in Appendix B are required for sharing and updating data among each other in order to fulfill the desired tasks. Thus, the first two questions asked in columns CG and CH in Appendix B are responded to affirmatively for all enterprise core functions and sub-functions.

    • •Is there a requirement for verification?

      • This question asks whether a trusted entity is needed to verify former operations or transactions. After thoroughly analyzing all enterprise core functions and sub-functions in Appendix B, standard tasks requiring acceptance, confirmation, reservation, availability, and inventory information; operational tasks such as system optimization, testing, diagnostics, balancing, checking, and scheduling; and tasks related to financial operations such as cost calculations, accounting, notification of payments, and product price determination are assumed to need a special entity for verification. Thus, core functions and sub-functions with the ability to fulfill these types of tasks are affirmatively responded to under column CH in Appendix B.

    • •Are intermediaries adding cost and complexity?

      • This question asks whether the complexity and cost can be minimized if the number of intermediaries is reduced using the blockchain technology. It is no surprise that the total ownership and operational costs, as well as the system complexity of any given conventional system, significantly increase when the department boundaries are crossed in order to communicate with another department or when corporate boundaries are crossed in order to integrate with an external entity. The system complexity in IT impacts the system resiliency, and therefore system architects always attempt to reduce the system complexity in order to ensure high availability.

      • With this being said, internal and external entity interactions in the Purdue model are identified, and the corresponding sub-functions in the assessment matrix in Appendix B are marked with “Y” under column CC. Likewise, ISA95 entities interacting with each other by crossing the enterprise- control interface and entities operating outside the enterprise-control interface are determined to increase complexity and cost. Therefore the corresponding manufacturing sub-functions in Appendix B under column CD and CE are also marked with “Y”.

      • In the final phase, if any of the columns CC, CD, or CE are marked with “Y”, then the assessment question under column CJ is also marked with “Y.

    • •Are interactions time sensitive?

      • This question aims to clarify whether the parties interacting with each other are sensitive to response time.

      • The definition of time sensitivity differs from business area to business area. For instance, in IT, the time-sensitivity is measured by fractions of seconds, and the time-sensitive systems are classified as real-time or near-time information systems. On the other hand, in the manufacturing industry, time sensitivity is associated with a system’s capability to trace a given workflow in terms of the operational activities and resources involved. Starting from the definition stated for the manufacturing industry above, the analysis for this question in column CK is carried out case by case.

    • •Will transactions by different participants depend on each other?

      • The final question asks whether the transactions produced by multiple parties are dependent on each other.

      • During the preparatory assessment of this question, it was initially considered to identify the transactional dependencies by first identifying the functional dependencies with the help of related information flow analysis provided per sub-function under column CO. However, because the ISA95 standard is implementation agnostic, performing a pure information flow analysis to identify functional dependency does not seem to be accurate. The reasoning for this claim is that the realization (implementation) of the underlying information flow might vary on a case-by-case basis.

      • Therefore, each sub-function is individually aanalyzed and rated for the potential transactional dependency question as stated in column CL. In general, an affirmative response is allocated to transactions requiring complex and event-driven interactions among different entities.

    Subsequently, all positive (“Y”) and negative (“N”) responses per the ISA95 core functions and sub-functions are accumulated, and the percentage of positive responses is calculated as shown in column CM.

    According to the suitability framework suggested by Mainelli and Manson (2016), the blockchain technology is recommended as a viable solution if at least 4 out of 6 (67%) of the assessment questions are responded to affirmatively. This simple logic is applied to column CN, which indicates the final assessment results for each ISA95 manufacturing function.

    5. RESULTS

    The suitability assessment results revealed that 7 out of the 12 core functions and 49 out of the 85 sub-functions defined by the ISA95 standard are appropriate for implementation of the blockchain technology. Table 1 outlines the core ISA95 functions fulfilling the suitability criteria coupled with their quantified suitability value. The full assessment matrix with all manufacturing core functions and sub-functions is available in Appendix B.

    Chart 1 below visually illustrates the distribution of the total number of suitable and unsuitable ISA95 core and sub-functions.

    The assessment results are consistent with the refer-ence blockchain use cases available in the literature. In other words, some researchers propose the application of the blockchain technology for standalone business use cases similar to the ISA95 functions listed in Table 1. For instance, Zīle and Strazdiņa (2018) compiled a literature survey and presented prominent blockchain use cases, including supply-chain management, contract management, product quality verification, and intellectual property protection.

    6. CONCLUSION

    Recent cybersecurity incidents have shown that the confidentiality, integrity, and availability of information systems used by the manufacturing industry are not adequate to cope with an ever-increasing cyber threat landscape. Fortunately, new technologies, such as blockchain, promise out-of-the-box security features to tackle these contemporary cybersecurity risks.

    However, despite being perceived as a silver bullet to address a broad spectrum of IT challenges, including cybersecurity, our gap analysis revealed that a systematic assessment of the suitability of the blockchain technology for the ISA95 manufacturing industry standard is non-existent in the literature. Hence, this research aimed to fill this gap by methodically assessing the suitability of the blockchain technology for the core enterprise functions and sub-functions formally defined by the ISA95 standard.

    The assessment revealed that 7 out of the 12 core functions and 49 out of the 85 sub-functions defined by the ISA95 are suitable for applying the blockchain tech-nology.

    In conclusion, considering the blockchain security features and our suitability assessment results, if a blockchain-based distributed ledger architecture is designed specifically for the ISA95 standard and applied to the blockchain-suitable enterprise functions, primary cybersecurity risks in the manufacturing industry can be substantially mitigated.

    Figure

    IEMS-19-4-825_F1.gif

    ISA95 data flow diagram (ANSI, 2010).

    IEMS-19-4-825_F2.gif

    Purdue model data flow diagram (Williams, 1990).

    IEMS-19-4-825_F3.gif

    Blockchain suitability assessment proposed by Lo et al. (2018).

    IEMS-19-4-825_C1.gif

    Blockchain suitability distribution.

    Table

    Table 2. ISA95 and purdue model functional relationships

    Table 3. ISA95 Blockchain suitability assessment

    Blockchain suitable ISA95 core functions

    REFERENCES

    1. Adam-Kalfon, P. and Selsabila, E. M. (2017), Blockchain, a catalyst for new approaches in insurance, Technical Report, PricewaterhouseCoopers (PwC) International Limited, London, United Kingdom.
    2. Ani, U. P. D. , He, H. , and Tiwari, A. (2017), Review of cybersecurity issues in industrial critical infrastructure: Manufacturing in perspective, Journal of Cyber Security Technology, 1(1), 32-74.
    3. ANSI (2010), Enterprise-control system integration − Part 1: Models and terminology, International Society of Automation, United States of America.
    4. Chandrasekar, K. , Cleary, G. , Cox, O. , Lau, H. , Nahorney, B. , Gorman, B. O. , O'Brien, D. , Wallace, S. , Wood, P. , and Wueest, C. (2017), Internet Security Threat Report, Technical Report ISTR-11-17, Symantec Corporation, United States of America.
    5. Crosby, M. , Pattanayak, P. , Verma, S. , and Kalyanaraman, V. (2016), Blockchain technology: Beyond bitcoin, Applied Innovation Review, 2.
    6. ISA (2020), ISA99, Industrial Automation and Control Systems Security, International Society of Automation, Available from: https://www.isa.org/isa99/.
    7. Jazdi, N. (2014), Cyber Physical Systems in the Context of Industry 4.0, Proceedings of the IEEE International Conference on Automation, Quality and Testing, Robotics, Cluj-Napoca, Romania.
    8. Krayem, N. M. (2019), Global cybersecurity risks in the manufacturing industry: Addressing systemic risk and capitalizing on the benefits of next generation technology, Technical Report WTW-NA-2019-WTW284590, Willis Towers Watson, London, United Kingdom.
    9. Lo, S. K. , Xu, X. , Chiam, Y. K. , and Lu, Q. (2017), Evaluating suitability of applying blockchain, Proceedings of the 22nd International Conference on Engineering of Complex Computer Systems (ICECCS), Fukuoka, Japan.
    10. Mahoney, T. C. and Davis, J. (2017), Cybersecurity for Manufacturers: Securing the Digitized and Connected Factory, Technical Report MF-TR-2017-0202, MFORESIGHT, Michigan, United States of America.
    11. Mainelli, M. and Manson, B. (2016), Chain reaction: how blockchain technology might transform wholesale insurance, Technical Report, Z/Yen Group Limited and PricewaterhouseCoopers (PwC) LLP, London, United Kingdom.
    12. Mohanta, B. K. , Jena, D. , Panda, S. S. , and Sobhanayak, S. (2019), Blockchain technology: A survey on applications and security privacy Challenges, Internet of Things, 8, 100107.
    13. Nakamoto, S. (2008), Bitcoin: A Peer-to-Peer Electronic Cash System, cited 2020 Nov 30, Available from: http://www.bitcoin.org/bitcoin.pdf .
    14. NTT Security (2017), Global Threat Intelligence Report, cited 2020 Nov 30, Available from https://us.nttdatacom/en/-/media/nttdataamerica/files/americasd2/infrastructure_managed_services/gtir-ntt-security-ntt-data-04252017.pdf..
    15. NTT Security (2018), Global threat intelligence report, cited 2020 Nov 30, Available from https://www.nttsecurity.com/docs/librariesprovider3/resources/gbl-ntt-security-2018-global-threat-intelligence-report-v2-uea.pdf?sfvrsn=c761dd4d_10.
    16. NTT Security (2019), Global Threat Intelligence Report, cited 2020 Nov 30, Available from https://www.nttsecurity.com/docs/librariesprovider3/resources/2019-gtir/2019_gtir_report_2019_uea_v2.pdf.
    17. Scholten, B. (2007), The Road to Integration: A Guide to Applying the ISA-95 Standard in Manufacturing, ISA, Triangle Park, NC.
    18. Schwab, W. and Poujol, M. (2018), The State of Industrial Cybersecurity 2018, Technical Report, PAC – a CXP Group Company, Germany.
    19. Williams, T. J. (1990), A reference model for computer integrated manufacturing from the viewpoint of industrial automation, IFAC Proceedings Volumes, 23(8), 281-291.
    20. Zheng, Z. , Dai, H. N. , Wang, H. , Xie, S. , and Chen, X. (2018), Blockchain challenges and opportunities: A survey, International Journal of Web and Grid Services, 14(4), 352-375.
    21. Zīle, K. and Strazdiņa, R. (2018), Blockchain use cases and their feasibility, Applied Computer Systems, 23(1), 12-20.