| Abstract [eng] |
Industrial automation systems are increasingly cyber-physical, interconnected, and software-dependent, which expands both their operational capability and their cybersecurity exposure. This article reports a systematic literature review, conducted following the PRISMA 2020 guidelines, of cybersecurity requirements and certification standards in industrial automation, with emphasis on Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), Programmable Logic Controllers (PLCs), and Industry 4.0 contexts. From 3570 records identified across five academic databases, 75 studies were retained after duplicate removal, title and abstract screening, and full-text eligibility assessment. The included studies were analyzed along three dimensions: cybersecurity requirements, standards and certification, and application context. Quantitative synthesis shows that network segmentation, intrusion detection, secure communication, access control, lifecycle security, and safety–security coordination are the six most frequently emphasized requirement categories, and that ISA/IEC 62443, ISO/IEC 27001, NIST SP 800-82, and NERC-CIP are the four dominant certification frameworks. The review identifies four critical gaps between technical cybersecurity requirements and certification practice and proposes an integrated mapping framework linking requirement categories, standards, and application contexts. The findings indicate that effective industrial cybersecurity assurance depends on a layered compliance architecture rather than on dependence on any single framework. |
