Two-tier forensic readiness architecture for Zero Trust-enabled Industry 4.0 applications

Zero Trust (ZT) architecture enables a robust security framework against potential cybersecurity threats in an Industry 4.0 environment. Integrating the forensic readiness model in the context of ZT-enabled Industry 4.0 is a comprehensive approach to improving the critical aspect of cybersecurity. A comprehensive understanding of the interaction between these approaches is essential for Industry 4.0 applications to create a robust security framework to prevent security breaches and ensure the organization’s capability to handle and respond to cyber incidents efficiently. With the increased adoption of ZT architecture in the Industrial Internet of Things (IIoT) systems, applying traditional digital forensic readiness procedures is arduous in the resource-constrained IIoT platform. It is because the characteristics of ZT complicate the storage of all the logs in the resource-constrained IoT, which increases the difficulty of the forensic investigation. Thus, this work designs the forensic readiness model, which is the composition of forensic-rich features from the ZT architecture. A novel two-tier procedure is proposed for digital forensic readiness in ZT-enabled applications to enforce forensic investigation. The readiness model performs the universal and application-specific forensic readiness procedures as the two-tier procedure at the edge network, addressing the necessity of developing an independent forensic readiness model for each application. In tier 1, the hierarchical forensic edge network and quintet-level readiness procedures improve the investigation environment at both the structural and process levels, respectively. Moreover, the proposed approach enriches the quintet-level readiness using the neural network to resolve the forensic constraints posed by the ZT. Furthermore, in tier 2, the readiness enables the management and operation level optimization for the application-specific forensic readiness, which aims to access the activity temporally logs about the application context along with cognitive fine-tuning. Thus, the proposed forensic readiness model guides the investigator to capture the forensically sound artifacts cost-efficiently in the ZT-enabled IIoT infrastructure.