Abstract:
Cyber physical systems (CPSs) are found in many aspects of daily life, and they control and
protect energy production, manufacturing and even healthcare. Due to long lifecycles and the use of
legacy technologies, its associated security comes with many challenges. Security taxonomies are
useful to classify and communicate security-related information and elements. Despite the existence
of numerous taxonomies, they are fragmentary, limited to only specific lifecycle phases or cover
only specific aspects. A harmonized taxonomy must be applicable to all lifecycle phases of the CPS.
This paper presents well-established taxonomies that are combined into a single comprehensive and
harmonized taxonomy and allows application throughout the different lifecycle phases. Application
of the taxonomy to real-world scenarios requires a consistent implementation methodology. The
use of the harmonized taxonomy methodology is demonstrated by applying it to an actual incident
case study. The taxonomy is used to identify information security gaps through its implementation
in the industrial facility in question. The identified gaps are then addressed as part of the security
lifecycle of the CPS. The harmonized taxonomy can be expanded to apply it to industries with
specific requirements.
