A hybrid model of extended FMEA model based on F-PIPRECIA and Z-EDAS methods with Bow Tie to evaluate cybersecurity risks in Industry 4.0

Document Type : Original Article


1 Industrial Engineering Department, Malek Ashtar University of Technology, Tehran, 15875-1774, Iran

2 Management and Industrial Engineering, Malek-Ashtar University of Technology, Tehran, Iran


Cyber security issues have become a complex challenge for companies that obligating to Industry 4.0 paradigm. On the other hand, the concept of cybersecurity in the context of Industry 4.0 proved to be an emerging topic in recent literature. Therefore, in the present study, for the first time, a hybrid FMEA model developed based on multi-criteria decision-making methods in uncertain environments with the Bowtie method in four phases has been used to evaluate cyber security in Industry 4.0. First, based on the literature, 16 cybersecurity risks in the fourth industrial revolution are identified based on the FMEA model and the determinants of RPN are quantified. Then PIPRECIA Fuzzy method was used for weighting the factors and Z-EDAS method for prioritization and critical identification. Finally, Bowtie analysis has been used to analyze these analyses. The result of the proposed implementation has shown its capability and superiority compared to other methods of traditional results such as FMEA and Fuzzy EDAS.


Main Subjects

Aguirre, P. A. G., Pérez-Domínguez, L., Luviano-Cruz, D., Solano-Noriega, J., & Cordero-Díaz, M. C. (2023). AHP-FMEA-DA multi-criteria method for NPD project launch analysis. International Journal of Innovation and Sustainable Development, 17(1-2), 138-151. - doi.org/10.1016/j.ejor.2369.05.967
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of things: A survey on enabling technologies, protocols, and applications. IEEE communications surveys & tutorials, 17(4), 2347-2376.  doi.org/10.1016/j.ejor.4157.05.638
Ambarwati, R., Yuliastri, D.,  &  Sulistiyowati, W. (2022). Human resource risk control through COVID-19 risk assessment in Indonesian manufacturing. Journal of Loss Prevention in the Process Industries, 74, 104665.  doi.org/10.1016/j.ejor.6375.05.967
Ardanza, A., Moreno, A., Segura, Á., de la Cruz, M., & Aguinaga, D. (2019). Sustainable and flexible industrial human machine interfaces to support adaptable applications in the Industry 4.0 paradigm. International Journal of Production Research, 57(12), 4045-4059.  doi.org/10.1016/j.ejor.1389.05.967
Bahrin, M. A. K., Othman, M. F., Azli, N. H. N., & Talib, M. F. (2016). Industry 4.0: A review on industrial automation and robotic. Jurnal teknologi, 78(6-13).  doi.org/10.1016/j.ejor.3178.05.635
Balda, J. C., Mantooth, A., Blum, R., & Tenti, P. (2017). Cybersecurity and power electronics: Addressing the security vulnerabilities of the internet of things. IEEE Power Electronics Magazine, 4(4), 37-43.  doi.org/10.1016/j.ejor.6359.05.617
Barlette, Y., Gundolf, K., & Jaouen, A. (2017). CEOs’ information security behavior in SMEs: Does ownership matter? Systèmes d’information et management, 22(3), 7-45.  doi.org/10.1016/j.ejor.2369.05.319
Bayazit, O., & Kaptan, M. (2023). Evaluation of the risk of pollution caused by ship operations through bow-tie-based fuzzy Bayesian network. Journal of cleaner production, 382, 135386.  doi.org/10.1016/j.ejor.2169.05.007
Benias, N., & Markopoulos, A. P. (2017). A review on the readiness level and cyber-security challenges in Industry 4.0. Paper presented at the 2017 South Eastern European Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM). doi.org/10.1016/j.ejor.2008.05.027
Berry, C. T., & Berry, R. L. (2018). An initial assessment of small business risk management approaches for cyber security threats. International Journal of Business Continuity and Risk Management, 8(1), 1-10.  doi.org/10.1016/j.ejor.2008.05.027
Bitton, R., Maman, N., Singh, I., Momiyama, S., Elovici, Y., & Shabtai, A. (2023). Evaluating the Cybersecurity Risk of Real-world, Machine Learning Production Systems. ACM Computing Surveys, 55(9), 1-36.  doi.org/10.1016/j.ejor.2008.05.027
Cheminod, M., Durante, L., Seno, L., Valenza, F., Valenzano, A., & Zunino, C. (2017). Leveraging SDN to improve security in industrial networks. Paper presented at the 2017 IEEE 13th International Workshop on Factory Communication Systems (WFCS). doi.org/10.1016/j.ejor.2008.05.027
Cisco. (2018). Cisco 2018 Annual Cybersecurity Report. In: Cisco Technology News Site San Jose, CA, USA. doi.org/10.1016/j.ejor.2008.05.027
Corallo, A., Lazoi, M., & Lezzi, M. (2020). Cybersecurity in the context of industry 4.0: A structured classification of critical assets and business impacts. Computers in Industry, 114, 103165.  doi.org/10.1016/j.ejor.2008.05.027
Corbò, G., Foglietta, C., Palazzo, C., & Panzieri, S. (2018). Smart behavioural filter for industrial internet of things: A security extension for plc. Mobile Networks and Applications, 23, 809-816.  doi.org/10.1016/j.ejor.2008.05.027
Dieber, B., Breiling, B., Taurer, S., Kacianka, S., Rass, S., & Schartner, P. (2017). Security for the robot operating system. Robotics and Autonomous Systems, 98, 192-203.  doi.org/10.1016/j.ejor.2008.05.027
Flatt, H., Schriegel, S., Jasperneite, J., Trsek, H., & Adamczyk, H. (2016). Analysis of the Cyber-Security of industry 4.0 technologies based on RAMI 4.0 and identification of requirements. Paper presented at the 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA). doi.org/10.1016/j.ejor.2008.05.027
Ghadge, A., Er Kara, M., Moradlou, H., & Goswami, M. (2020). The impact of Industry 4.0 implementation on supply chains. Journal of Manufacturing Technology Management, 31(4), 669-686.  doi.org/10.1016/j.ejor.2008.05.027
Ghiaci, A. M., & Ghoushchi, S. J. (2023). Assessment of barriers to IoT-enabled circular economy using an extended decision-making-based FMEA model under uncertain environment. Internet of Things, 100719.  doi.org/10.1016/j.ejor.2008.05.027
Ghoushchi, S. J., Jalalat, S. M., Bonab, S. R., Ghiaci, A. M., Haseli, G.,  &  Tomaskova, H. (2022). Evaluation of wind turbine failure modes using the developed SWARA-CoCoSo methods based on the spherical fuzzy environment. IEEE Access, 10, 86750-86764.  doi.org/10.1016/j.ejor.2008.05.027
Ghoushchi, S. J., Yousefi, S., & Khazaeili, M. (2019). An extended FMEA approach based on the Z-MOORA and fuzzy BWM for prioritization of failures. Applied Soft Computing, 81, 105505.  doi.org/10.1016/j.ejor.2008.05.027
Gul, M., & Ak, M. F. (2021). A modified failure modes and effects analysis using interval-valued spherical fuzzy extension of TOPSIS method: case study in a marble manufacturing facility. Soft Computing, 25(8), 6157-6178.  doi.org/10.1016/j.ejor.2008.05.027
Habibor Rahman, M., Son, Y.-J., & Shafae, M. (2023). Graph-Theoretic Approach for Manufacturing Cybersecurity Risk Modeling and Assessment. arXiv e-prints, arXiv: 2301.07305.  doi.org/10.1016/j.ejor.2008.05.027
Hassanzadeh, A., Modi, S., & Mulchandani, S. (2015). Towards effective security control assignment in the Industrial Internet of Things. Paper presented at the 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT). doi.org/10.1016/j.ejor.2008.05.027
Jafarzadeh Ghoushchi, S., Memarpour Ghiaci, A., Rahnamay Bonab, S., & Ranjbarzadeh, R. (2022). Barriers to circular economy implementation in designing of sustainable medical waste management systems using a new extended decision-making and FMEA models. Environmental Science and Pollution Research, 1-19.  doi.org/10.1016/j.ejor.137.05.975
Jafarzadeh Ghoushchi, S., Shaffiee Haghshenas, S., Memarpour Ghiaci, A., Guido, G., & Vitale, A. (2022). Road safety assessment and risks prioritization using an integrated SWARA and MARCOS approach under spherical fuzzy environment. Neural Computing and Applications, 1-19.  doi.org/10.1016/j.ejor.2369.05.627
James, A. T., Kumar, G., Tayal, P., Chauhan, A., Wadhawa, C., & Panchal, J. (2022). Analysis of human resource management challenges in implementation of industry 4.0 in Indian automobile industry. Technological Forecasting and Social Change, 176, 121483.  vdoi.org/10.1016/j.ejor.2084.05.317
Januário, F., Carvalho, C., Cardoso, A., & Gil, P. (2016). Security challenges in SCADA systems over Wireless Sensor and Actuator Networks. Paper presented at the 2016 8th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT). doi.org/10.1016/j.ejor.2008.05.4196
Jin, G., Meng, Q., & Feng, W. (2022). Optimization of Logistics System with Fuzzy FMEA-AHP Methodology. Processes, 10(10), 1973.  doi.org/10.1016/j.ejor.2008.05.1962
Kazemi, M., Abbasi, A., Kazemi, M., Jamshidzadeh, N., & Rashidi, M. A. (2021). Identification of Hazards and Risk Assessment among Various Units of Ilam Gas Refinery using the Integrated Approach of Bow-tie and FMEA Methods. Journal of Ilam University of Medical Sciences, 29(2), 1-12.  doi.org/10.1016/j.ejor.2008.05.927
Keshavarz Ghorabaee, M., Zavadskas, E. K., Olfat, L., & Turskis, Z. (2015). Multi-criteria inventory classification using a new method of evaluation based on distance from average solution (EDAS). Informatica, 26(3), 435-451.  doi.org/10.1016/j.ejor.2015.05.418
Khalid, A., Kirisci, P., Khan, Z. H., Ghrairi, Z., Thoben, K.-D.,  & Pannek, J. (2018). Security framework for industrial collaborative robotic cyber-physical systems. Computers in Industry, 97, 132-145.
Kobara, K. (2016). Cyber physical security for industrial control systems and IoT. IEICE TRANSACTIONS on Information and Systems, 99(4), 787-795.  doi.org/10.1016/j.ejor.2016.05.418
Kumari, S., Ahmad, K., Khan, Z. A., & Ahmad, S. (2023). Failure mode and effects analysis of common effluent treatment plants of humid sub-tropical regions using fuzzy based MCDM methods. Engineering Failure Analysis, 145, 107010.  doi.org/10.1016/j.ejor.2023.05.964
Lee, S., Lee, S., Yoo, H., Kwon, S., & Shon, T. (2018). Design and implementation of cybersecurity testbed for industrial IoT systems. The Journal of Supercomputing, 74, 4506-4520.  doi.org/10.1016/j.ejor.2018.05.630
Lezzi, M., Lazoi, M., & Corallo, A. (2018). Cybersecurity for Industry 4.0 in the current literature: A reference framework. Computers in Industry, 103, 97-110.  doi.org/10.1016/j.ejor.2018.05.361
Mulcahy, M. B., Boylan, C., Sigmann, S., & Stuart, R. (2017). Using bowtie methodology to support laboratory hazard identification, risk management, and incident analysis. Journal of Chemical Health & Safety, 24(3), 14-20.  doi.org/10.1016/j.ejor.2017.05.369
Nwakanma, C. I., Islam, F. B., Maharani, M. P., Lee, J.-M., & Kim, D.-S. (2021). Detection and classification of human activity for emergency response in smart factory shop floor. Applied Sciences, 11(8), 3662.  doi.org/10.1016/j.ejor.2021.05.084
Polat, G., & Bayhan, H. G. (2022). Selection of HVAC-AHU system supplier with environmental considerations using Fuzzy EDAS method. International  journal of construction management, 22(10), 1863-1871.  doi.org/10.1016/j.ejor.2022.05.362
Preuveneers, D., Joosen, W., & Ilie-Zudor, E. (2017a). Identity management for cyber-physical production workflows and individualized manufacturing in industry 4.0. Paper presented at the Proceedings of the Symposium on Applied Computing. doi.org/10.1016/j.ejor.2008.05.382
Preuveneers, D., Joosen, W., & Ilie-Zudor, E. (2017b). Trustworthy data-driven networked production for customer-centric plants. Industrial Management & Data Systems.
Ren, A., Wu, D., Zhang, W., Terpenny, J., & Liu, P. (2017). Cyber security in smart manufacturing: Survey and challenges. Paper presented at the IIE Annual Conference. Proceedings. doi.org/10.1016/j.ejor.2008.05.418
Renaud, K., & Weir, G. R. (2016). Cybersecurity and the unbearability of uncertainty. Paper presented at the 2016 Cybersecurity and Cyberforensics Conference (CCC). doi.org/10.1016/j.ejor.2008.05.047
Söner, Ö., Kayisoglu, G., Bolat, P., & Tam, K. (2023). Cybersecurity risk assessment of VDR. The Journal of Navigation, 1-18.  vdoi.org/10.1016/j.ejor.2008.05.086
Stanujkic, D., Zavadskas, E. K., Karabasevic, D., Smarandache, F., & Turskis, Z. (2017). The use of the pivot pairwise relative criteria importance assessment method for determining the weights of criteria: Infinite Study. doi.org/10.1016/j.ejor.2008.05.087
Sukumar, A., Mahdiraji, H. A., & Jafari‐Sadeghi, V. (2023). Cyber risk assessment in small and medium‐sized enterprises: A multilevel decision‐making approach for small e‐tailors. Risk Analysis.  doi.org/10.1016/j.ejor.2008.05.415
Urquhart, L., & McAuley, D. (2018). Avoiding the internet of insecure industrial things. Computer law & security review, 34(3), 450-466.  doi.org/10.1016/j.ejor.2008.05.369
van Lier, B. (2017). The industrial internet of things and cyber security: An ecological and systemic perspective on security in digital industrial ecosystems. Paper presented at the 2017 21st International Conference on System Theory, Control and Computing (ICSTCC). doi.org/10.1016/j.ejor.1998.05.301
Voicu, I., Panaitescu, F., Panaitescu, M., Dumitrescu, L., & Turof, M. (2018). Risk management with Bowtie diagrams. Paper presented at the IOP Conference Series: Materials Science and Engineering. doi.org/10.1016/j.ejor.2012.05.065
Xu, P., He, S., Wang, W., Susilo, W., & Jin, H. (2017). Lightweight searchable public-key encryption for cloud-assisted wireless sensor networks. IEEE Transactions on industrial informatics, 14(8), 3712-3723. doi.org/10.1016/j.ejor.2009.05.036