Modeling Safety and Security Compliance in a Pilot Factory: A Cobot and Milling Machine Use Case Using AutomationML and OWL

This dataset demonstrates the representation of AutomationML (an XML-based standard for exchanging engineering data in industrial automation) and OWL (Web Ontology Language for semantic modeling) to represent safety and security aspects in a smart factory setup.

Applications of AutomationML

1. System Integration and Monitoring: AutomationML helps connect OT systems with real-time monitoring tools like OPC UA, enabling continuous supervision of devices such as PLCs and sensors.
2. Asset Risk Modeling: By integrating standards like IEC 62443, AML supports the modeling of security-focused assets and risk assessments.
3. Network Security and Topology: AML can model network structures, define security zones and secure interconnections — useful for ICS environments.
4.  RoleClass Libraries and Semantics: External classification systems like eCl@ss and IEC 62443 can be used with AML to improve semantic context and classification of assets.
5. Detailed Asset Modeling: AML is used to represent OT components such as sensors, actuators, controllers, and network devices, including their communication protocols and connections.

Applications of OWL

1. Ontology Visualization: Tools like Protégé allow visualization of relationships between system components like PLCs, sensors, and firewalls.
2. Security Risk Assessment: OWL models can be queried using SPARQL or DL queries to detect vulnerabilities in industrial systems.
3. Compliance Reporting: OWL ontologies integrated with reasoning engines allow automated generation of reports for standards such as IEC 62443.

Use Case: TU Wien Pilot Factory 

We demonstrate the proposed representation of AutomationML and OWL modelling with a use case illustrated in Figure below, which shows the deployment of an automated smart pilot factory setup. This setup includes an ABB collaborative robotic arm and critical components, including the SINUMERIK PCU and NCU controllers, which manage the EMCO MAXXTURN 45 CNC milling machine. The network is secured through MGUARD routers, enterprise security gateways, and managed switches for handling data traffic. A remote maintenance server is enabled via secure connections, and remote communication is facilitated by an OPC UA server connected to multiple hosts. The robotic arm has appropriate tools and end-effectors in the CNC machine's workspace. The completed workpiece from the CNC machine is picked up by the robotic arm and placed in a nearby tray for further processing. This integrated approach enables real-time monitoring, predictive maintenance, and efficient handling of maintenance tasks, thereby optimizing production processes in the CNC machining environment. Additionally, it helps identify potential security vulnerabilities.

Classes Modeled in the System

• System Under Consideration: Defines what is being analyzed.
• Group: Logical or organizational groupings.
• Component: Hardware and software parts of the system.
• Requirement: Safety and security rules and goals.
• Stakeholders: People or groups with an interest in the system.
• Parameter: Technical settings or values for system components.
• Unit: Measurement units for parameters.
• Connection: Relationships or data links between system parts.

Safety and security compliance

The standards used in this representation are for safety we use the IEC 61508- a international standard for functional safety concerning electrical, electronic, and programmable electronic safety-related systems. It outlines methods for designing, deploying, and maintaining such systems, particularly those with automatic protection functions. For security we use IEC 62443-3-3 which defines system security requirements and security capability levels to build an IACS that meets the target security level and evaluate your practice for each requirement.

Related Publications

1. M. Bhole, W. Kastner and T. Sauter, "From Manual to Semi-Automated Safety and Security Requirements Engineering: Ensuring Compliance in Industry 4.0," IECON 2024 - 50th Annual Conference of the IEEE Industrial Electronics Society, Chicago, IL, USA, 2024, pp. 1-8, doi: 10.1109/IECON55916.2024.10905636.
2. M. Bhole, T. Sauter, S. Semper and W. Kastner, "Why to Fail Fast and Often: A Strategy for OT Safety and Security Evaluation," in IEEE Access, vol. 13, pp. 51793-51812, 2025, doi: 10.1109/ACCESS.2025.3553011.