Next Article in Journal
A Smart Modular IoT Sensing Device for Enhancing Sensory Feedbacks in Surgical Robotics
Previous Article in Journal
On Predictive Maintenance in Industry 4.0: Overview, Models, and Challenges
Previous Article in Special Issue
A Study on Vehicle Monitoring Service Using Attribute-Based Security Scheme in Cyber–Physical Systems
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 12
Issue 16
10.3390/app12168080
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

A Harmonized Information Security Taxonomy for Cyber Physical Systems

Appl. Sci. 2022, 12(16), 8080; https://doi.org/10.3390/app12168080
by Johannes Hendrik Pool * and Hein Venter
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Appl. Sci. 2022, 12(16), 8080; https://doi.org/10.3390/app12168080
Submission received: 7 March 2022 / Revised: 22 March 2022 / Accepted: 24 March 2022 / Published: 12 August 2022
(This article belongs to the Special Issue Security Research and Challenges in Cyber-Physical Systems)

Round 1

Reviewer 1 Report

The authors analyse well-established taxonomies and propose a harmonized taxonomy applicable to all lifecycle phases of Cyber-Physical Systems. Two real-world scenarios are also used to explain the applicability of the proposed taxonomy. The paper is well written, with a good analysis of the chosen taxonomies, and the methodology followed to reach the proposal is well explained. Most figures enable to present clearly the information, although Figure 12 is a bit confusing. Table 2 has a problem with references to the bibliography. For me, in Table 3 is difficult to understand the relation between the Harmonized taxonomy and the methodology elements, if you could better explain it will be good. On line 517 when explaining the simplified methodology is considered step 14 (Thread Identification and classification), should be interesting to describe what is taxonomy used for the threat classification. I think that the paper could be greatly improved if the authors incorporate also MITRE ATT&CK® for Industrial Control Systems and MITRE D3FEND related taxonomy for attacks and defence approaches.

Author Response

Good day,

Thank you for spending the time to review the paper. In response to the comments please see the following:

  1. I understand the possible confusion in Figure 12 and have updated it with an alternative layout that I hope will be clearer (I am also attaching that layout to this response).
  2. The references in Table 2 have been corrected.
  3. The wording explaining Table 3 has been changed and I trust it is clearer now.
  4. The threat taxonomy used is the one based on the information by Bodungen. I agree that the ATT&CK framework can be used successfully, especially in threat modeling, and D3FEND in risk mitigation. The focus is however specific to intentional and mostly external threats, while the taxonomy aims for a broader, less specific approach. That being said I believe that it can definitely be used in a complementary fashion when applying the taxonomy.

Author Response File: Author Response.docx

Reviewer 2 Report

The paper describes well-established taxonomies that are combined into a single comprehensive and harmonized taxonomy and that allows application throughout the different lifecycle phases. The paper is well structured. The intruction describes the main idea of the research. However Ñ‚he conclusion needs more discussion on the research done. There are many incorect cititaions from http://docslide.net/documents/lightning-protection-5654bada58908.html and http://doi.org/10.1177/0886260512454742

Author Response

Good day,

Thank you for making the time available to review the paper. With regards to the comments, the following changes/comments are applicable:

  1. The paper presents the initial research results, specifically as it applies to the two case studies. Further research on the applicability is ongoing. The conclusion has been updated to reflect this.
  2. We have found a problem with the references in Table 2 and this has been corrected. We however cannot find the docslide and doi ones referred to. Can additional information be provided?

The updated document is attached.

Kind regards,

JHJ Pool

Author Response File: Author Response.docx

Reviewer 3 Report

The authors present well-established information security taxonomies that are combined into a single comprehensive and harmonized one and that allows application throughout the different lifecycle phases. The IS taxonomy is used to identify information security gaps through its implementation in an industrial facility. There are some issues that need to be updated such as the size of some figures and tables. Moreover, the authors should reconsider the Abstract section which seems to be too summarized.

Author Response

Good day,

Thank you for making the time available to review the paper. With regards to the comments, the following updates/responses are applicable:

  1. We have tried to improve the readability of especially the more complex figures (the updated paper is attached).
  2. The abstract has been expanded slightly, but we are constrained by the space limitation.

Kind regards,

JHJ Pool

Author Response File: Author Response.docx

Back to TopTop