Abstract
Sophisticated production systems include plenty of information technology (IT) in order to gain more efficiency. However, this on-going development bears the drawback of lacking security. Cyber-physical production systems (CPPS) are likely to be struck by a cyber-launched attack; but might also be themselves the origin of an attack targeting IT infrastructures or other production systems. Far from an ideal solution, the involved engineering disciplines appear to work in parallel despite aiming for the same goal: securing the production systems. In this paper, we highlight small measures that are able to achieve large effects on CPPS security: (1) Extending interoperability testing by security testing gains robustness against intentionally malformed inputs; (2) the extension of today's models so that they enable the description of malicious actions would allow to assess system behavior in presence of an attack; and (3) a layered approach on CPPS security enables to address malicious activities at an adequate, semantic layer without the need for precarious shadow systems.