Document Type : Review Paper


1 Computer Engineering Departement, Collage of Engineering, University of Mosul, Mosul, Iraq.

2 Control and Computer Engineering Departement, Collage of Engineering, Almaaqal University, Basra, Iraq


Industrial IoT (Industrial IoT) is a new promising technology which can be used to increase the amount of productions with high qualities. Industrial IoT technologies guarantee full control to the processes remotely through the internet which can reduce the number of workers in the field. As a result, this can reduce the percentage of worker injuries and accidents in addition to the total costs. The Industrial IoT systems are attractive targets to attackers. For this reason, these systems require high levels of security since such levels have direct effects on physical devices which may be dangerous on human life and safety. To   guarantee high level of security, a combination between Information Technologies (IT) and Operation Technologies (OT) with new innovative methods should take place. In this paper, many new technologies and security methods are reviewed with their possible attacks in order to provide Industrial IoT infrastructure designers with the required information to take them into consideration. Also, differences and convergences between both classical Information Technology (IT) and operational Technology (OT) and their relations to the Industrial IoT systems are investigated with the possible attacks on each layer of the IT and the OT.


Main Subjects

[1]     D. Dzung, M. Naedele, T. P. Von Hoff, and M. Crevatin, “Security for industrial communication systems,” Proceedings of the IEEE, vol. 93, no. 6, pp. 1152–1177, 2005.  
[2]     Z. Bakhshi, A. Balador and J. Mustafa, "Industrial IoT security threats and concerns by considering Cisco and Microsoft IoT reference models," in IEEE Wireless Communications and Networking Conference Workshops (WCNCW), 2018, pp. 173-178.
[3]     S. Vitturi, C. Zunino and T. Sauter, "Industrial Communication Systems and Their Future Challenges: Next-Generation Ethernet, IIoT, and 5G," Proceedings of the IEEE, vol. 107, no. 6, pp. 944-961, 2019,
[4]     P. Jie and L. Li, "Industrial Control System Security," in Third International Conference on Intelligent Human-Machine Systems and Cybernetics, 2011, pp. 156-158.
[5]     L. D. Xu, W. He and S. Li, "Internet of Things in Industries: A Survey," IEEE Transactions on Industrial Informatics, vol. 10, no 4, pp. 2233-2243, 2014.
[6]     D. Mendez, I, Papapanagiotou, and B. Yang,"Internet of things: Survey on security and privacy," Information Security Journal: A Global Perspective, pp. 1-16, 2017.
[7]     M. Husamuddin and M. Qayyum, "Internet of Things: A study on security and privacy threats," in 2nd International Conference on Anti-Cyber Crimes (ICACC), 2017, pp. 93-97.
[8]     S. Rizvi, A. Kurtz, J. Pfeffer and M. Rizvi, "Securing the Internet of Things (IoT): A Security Taxonomy for IoT," in 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018, pp. 163-168.
[9]     V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal and B. Sikdar, "A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures," IEEE Access, vol. 7, pp. 82721-82743, 2019.
[10]  A. El bekkali, M. Boulmalf, M. Essaaidi, and G. Mezzour,"Securing the Internet of Things (IoT): Systematic Literature Review," Computing Community Consortium (CCC), pp. 1–6, 2019.
[11]  J. Cheng, W. Chen, F. Tao, and C. Lin,"Industrial IoT in 5G environment towards smart manufacturing," Journal of Industrial Information Integration, vol. 10, pp. 10-19, 2018.
[12]  A. S. Kumar and E. Iyer, “An industrial iot in engineering and manufacturing industries—benefits and challenges,” International journal of mechanical and production engineering research and dvelopment (IJMPERD), vol. 9, no. 2, pp. 151–160, 2019.
[13]  D. Raposo,  A. Rodrigues, S. Sinche, J. Sá Silva, and F. Boavida, "Industrial IoT Monitoring: Technologies and Architecture Proposal,". Sensors, vol. 18, no. 10, 2018.
[14]  K. N. Mallikarjunan, K. Muthupriya and S. M. Shalinie, "A survey of distributed denial of service attack," in 10th International Conference on Intelligent Systems and Control (ISCO), 2016, pp. 1-6.
[15]  A. Mosenia and N. K. Jha, "A Comprehensive Study of Security of Internet-of-Things," IEEE Transactions on Emerging Topics in Computing, vol. 5, no. 4, pp. 586-602, 2017.
[16]  H. -N. Dai, H. Wang, H. Xiao, X. Li and Q. Wang, "On Eavesdropping Attacks in Wireless Networks," in IEEE Intl Conference on Computational Science and Engineering (CSE) and IEEE Intl Conference on Embedded and Ubiquitous Computing (EUC) and 15th Intl Symposium on Distributed Computing and Applications for Business Engineering (DCABES), 2016, pp. 138-141.
[17]  D. Xu, H. Zhu and Q. Li, "Jammer-Assisted Legitimate Eavesdropping in Wireless Powered Suspicious Communication Networks," IEEE Access, vol. 7, pp. 20363-20380, 2019.
[18]  A. Mallik, A. Ahsan, M. Shahadat, and J. Tsou, "Man-in-the-middle-attack: Understanding in simple words, " International Journal of Data and Network Science, vol. 3, no. 2, pp. 77–92, 2019.
[19]  A. R. Chordiya, S. Majumder and A. Y. Javaid, "Man-in-the-Middle (MITM) Attack Based Hijacking of HTTP Traffic Using Open Source Tools," in IEEE International Conference on Electro/Information Technology (EIT), 2018, pp. 0438-0443.
[20]  I. Butun, P. Österberg and H. Song, "Security of the Internet of Things: Vulnerabilities, Attacks, and Countermeasures," IEEE Communications Surveys & Tutorials, vol. 22, no. 1, pp. 616-644, 2020.
[21]  Rapid7. (2017). Man in the Middle (MITM) Attacks | Types, Techniques, and Prevention, [Online] Available:
[22]  A. Ilmudeen, "The impact of computer virus attacks and its preventive mechanisms among personal computer (PC) users," Semantic Scholar, pp. 97-103, 2013.
[23]  H. A. Khan, A. Syed, A. Mohammad and M. N. Halgamuge, "Computer virus and protection methods using lab analysis," in IEEE 2nd International Conference on Big Data Analysis (ICBDA), 2017, pp. 882-886.
[24]  V. K. Gudipati, A. Vetwal, V. Kumar, A. Adeniyi, and A. Abuzneid, “Detection of Trojan Horses by the analysis of system behavior and data packets,” in Long Island Systems, Applications and Technology, 2015, pp. 1–4.
[25]  M. Tehranipoor and F. Koushanfar, "A Survey of Hardware Trojan Taxonomy and Detection," IEEE Design & Test of Computers, vol. 27, no. 1, pp. 10-25, 2010.
[26]  Webroot. (2022). What is a Trojan Virus. [Online]. Available:
[27]  L. Xue and Z. Hu, "Research of Worm Intrusion Detection Algorithm Based on Statistical Classification Technology," in 8th International Symposium on Computational Intelligence and Design (ISCID), 2015, pp. 413-416.
[28]  N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, “A taxonomy of computer worms,” in Proceedings of the 2003 ACM workshop on Rapid Malcode, 2003, pp. 11–18.
[29]  A.-R. Sadeghi, C. Wachsmann, and M. Waidner, “Security and privacy challenges in industrial internet of things,” in Proceedings of the 52nd annual design automation conference, 2015, pp. 1–6.
[30]  B. Zhu, A. Joseph and S. Sastry, "A Taxonomy of Cyber Attacks on SCADA Systems," in International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing, 2011, pp. 380-388.
[31]  G. Murray, M. N. Johnstone, and C. Valli, "THE CONVERGENCE OF IT AND OT IN CRITICAL INFRASTRUCTURE," in Australian Information Security Management Conference, 2017, pp. 149-155.
[32]  Coolfiresolutions. (2019). What Is The Difference Between IT and OT.[Online] Available:
[33]  Cymune. (2019). Industrial IoT (Industrial IoT) and Operational Technology (OT) Security challenges [Online], Available:
[34]  A. C. Panchal, V. M. Khadse and P. N. Mahalle, "Security Issues in IIoT: A Comprehensive Survey of Attacks on IIoT and Its Countermeasures," in IEEE Global Conference on Wireless Computing and Networking (GCWCN), 2018, pp. 124-130.
[35]  K. Tsiknas, D. Taketzis, K. Demertzis,  and C. Skianis, "Cyber Threats to Industrial IoT: A Survey on Attacks and Countermeasures," IoT 2021, vol. 2, no. 1, pp. 163-186, 2021.
[36]  E. Sisinni, A. Saifullah, S. Han,U. Jennehag, and M. Gidlund, "Industrial Internet of Things: Challenges, Opportunities, and Directions," IEEE Transactions on Industrial Informatics, vol. 14, no. 11, pp. 4724-4734, Nov. 2018.
[37]  B. Sumitra, C. R. Pethuru, and M. Misbahuddin, "A Survey of Cloud Authentication Attacks and Solution Approaches," International Journal of Innovative Research in Computer and Communication Engineering, vol. 2, no. 10, pp. 6245-6253, 2014
[38]  J. Kuusijärvi, R. Savola, P. Savolainen, and A. Evesti, "Mitigating IoT security threats with a trusted Network element," in International Conference for Internet Technology and Secured Transactions (ICITST), 2016, pp. 260-265.
[39]  M. Furdek et al., “An overview of security challenges in communication networks,” in 2016 8th International Workshop on Resilient Networks Design and Modeling (RNDM), 2016, pp. 43–50.
[40]  Blog.Netwrix. (2020). Data Security Management: Where to Start [Online], Available:
[41]  B. Leander, Access Control Models to secure Industry 4.0 Industrial Automation and Control Systems. 2022.
[42]  Q. Bai and Y. Zheng, "Study on the access control model," in Proceedings of 2011 Cross Strait Quad-Regional Radio Science and Wireless Technology Conference, 2011, pp. 830-834.
[43]  E. Khalaf, and M. M. Kadi, "A Survey of Access Control and Data Encryption for Database Security," Journal of King Abdulaziz University-Engineering Sciences, vol. 28, no. 1, pp. 19 – 30, Jan. 2017.
[44]  I. Basharat, F. Azam, and A. W. Muzaffar, "Database Security and Encryption: A Survey Study," International Journal of Computer Applications, vol. 47, no. 12, pp. 28-34, 2012.
[45]  Y. Kumar,  R. Munjal, and H. Sharma, "Comparison of Symmetric and Asymmetric Cryptography with Existing Vulnerabilities and Countermeasures,".  International Journal of Computer Science and Management Studies, vol. 11, no. 3, pp. 60-63, Oct. 2011.
[46]  J. Singh, T. Pasquier, J. Bacon, H. Ko and D. Eyers, "Twenty Security Considerations for Cloud-Supported Internet of Things," IEEE Internet of Things Journal, vol. 3, no. 3, pp. 269-284, June 2016,
[47]  S. Jones, S. Ross, and R. Ruusalepp, Data Audit Framework Methodology, version 1.8, Glasgow, HATII., 2009.
[48]  T. Li and C. Liu, "Data “Audit” Research Based on the Accounting Information System," in International Conference on E-Business and E-Government, 2010, pp. 2416-2419.