[EN] The industrial Internet of Things (IIoT) is having a significant impact in the manufacturing industry, especially in the context of horizontal integration of operational systems in factories as part of information systems in supply chains. Manufacturing companies can use this technology to create data streams along the supply chain that monitor and control manufacturing and logistic processes, to in the end make these data streams interoperable with other software systems and to enable smart interactions among supply chain processes. However, the provision of these data streams may expose manufacturing operational systems to cyber-attacks. Therefore, cybersecurity is a critical aspect to design trustworthy gateways, which are system components that implement interoperability mechanisms between operational systems and information systems. Gateways must provide security mechanisms at different system layers to minimize threats. This paper presents the Device Drivers security architecture: trustworthy gateways between operational technology and information technology used in the virtual factory open operating system (vf-OS) platform, which is a multisided platform orientated to manufacturing and logistics companies to enable collaboration among supply chains in all sectors. The main contribution of this paper is the evaluation of fallback mechanisms to improve resilience. In situations when the system may be under attack, the proposed mechanisms provide means to quickly recover component availability, by applying alternative security measures to minimize the threat at the same time. Other significant contributions are: a description of the threat model for Device Drivers, a presentation of the security countermeasures implemented in the vf-OS system, the mapping of the vf-OS response objectives to the different characteristics of a trustworthy system: security, privacy, reliability, safety, and resilience and how the proposed countermeasures complement this response.

This work was supported by the European Commission under the Grant 723710. (Corresponding author: Francisco Fraile.)