A Survey on Security and Privacy of Industry 4.0 and Beyond: Technical Aspects, Use Cases, Challenges, and Research Directions

Industry 4.0 and 5.0 offer a promising framework for connecting electro-mechanical systems to cyberspace, enabling real-time access, telecontrol, human-machine collaboration, and intelligent automation of industrial operations. While horizontal and vertical interoperability serve as critical enablers of this ecosystem, heterogeneity among entities and the lack of standardized governance in interoperability allow cybercriminals to exploit structural vulnerabilities. These weaknesses and unknown bugs provide avenues for cyber-attackers to breach systems, conduct espionage, sabotage assets, and extort organizations, threatening IT and OT infrastructures, finances, reputations, and even human lives. This survey paper discusses cybersecurity and privacy threats within the Industry 4.0 and 5.0 ecosystems, their potential impact on industrial processes and peripherals, and the security challenges associated with the transition from Industry 4.0 to 5.0. To identify research gaps and vulnerabilities, we examine the architecture and components of diverse industrial frameworks and establish functional mappings using IIRA and RAMI models. Following a comprehensive threat modeling approach, we present a layered taxonomy of cyber-threats, classified based on their nature, behavior, and execution characteristics. To assist network administrators and security professionals, we propose a threat prioritization framework based on likelihood, detectability, impact severity, and operational consequences. Furthermore, we outline perspective-based cybersecurity challenges that expose deficiencies in current protective measures. As countermeasures, we advocate for AI-driven, blockchain-enabled, edge-computing-based, and privacy-preserving security solutions to defend against threats and mitigate potential damages. We also elaborate on key standardization initiatives, nation-specific privacy regulations, and ongoing research efforts focused on safeguarding the security and privacy of Industry 4.0 and beyond. The paper concludes by summarizing key lessons learned, identifying unresolved research questions, and suggesting future directions for a secure and resilient Industry 5.0 paradigm.