Modeling Industrial IoT Security Using Ontologies: A Systematic Review

The significance of Industrial Internet of Things (IIoT) is undeniable, yet many critical industries remain hesitant to adopt it due to fundamental security, transparency and safety concerns. Developing a mechanism to address these concerns is challenging, as it involves a large number of heterogeneous devices, complex relations and human-machine contextual factors. This article presents a comprehensive analysis through a systematic review of ontologies and key security attributes essential for modelling the security of IIoT environments. Our review includes an extensive analysis of research articles, semantic security ontologies, and cybersecurity standards. Through this analysis, we identify critical security concepts and attributes, which can be leveraged to develop standardised security ontologies tailored for IIoT. Additionally, we explore the potential of integrating ontologies into the Industry 5.0 paradigm, which emphasises human-centricity, resilience, and sustainability. While ontologies offer structured modelling capabilities, their alignment with Industry 5.0’s unique collaborative and adaptive security needs remains limited. Our review suggests that existing security ontologies are not fully aligned with security goals, exposing many important research gaps. These gaps include areas such as semantic mapping techniques, security-by-design ontologies, holistic security standards, and ontologies that address the sociotechnical aspects of IIoT.