With the advent of Industry 4.0, there is a convergence between industrial systems and IoT. As industry becomes more distributed, connected and service-oriented, it tends to move closer to IoT. On the other hand, IoT, which was initially limited to smart home devices and gadgets, is expanding into much more critical areas. What you find today in factories, healthcare, transportation or smart cities, are complex connected devices, often connected to a local network or even the cloud; working with machine learning algorithms and potentially processing personal data. In the context of modern warfare, an increasing number of cyber attacks have taken place against industrial systems since Stuxnet in 2011 or the power outages in Ukraine in 2015 and 2016. IoT devices are also facing an increasing number of malware attacks such as Mirai or BASHLITE.

In the context of industrial system security, we will discuss several vulnerabilities and countermeasures at different scales. We will first address the security of MODBUS and OPC-UA communication protocols against network attacks. We will extend this analysis to safety properties by proposing a method to produce attack scenarios aiming at violating the safety properties consequently to malicious actions of the attackers. Finally, in the context of critical IoT security, we will see how to equip objects with embedded intrusion detection systems.