A reference architecture for integrating the Industrial Internet of Things in the Industry 4.0

This paper presents a new reference architecture model for the integration of these systems and technologies. The reference architecture model is based on grouping of future and present techniques and presenting the design process through a new hierarchical framework and a new cascading model. With the application of the grounded theory, the hierarchical framework and the cascading model detail a new process for creating a taxonomy of categories and grouping of concepts into integration design. The new design process is tested and versified with an empirical review of Industry 4.0 frameworks and results with a new 5 levels reference architecture step by step model for the integration of these related systems and technologies (Industrial Internet of Things, Cyber Physical Systems, and Industry 4.0).

organization or product and therefore should be subject to the higher processes of compliance and regulation in each domain (Nurse 2017(Nurse , 2018. Building on this work, the reference architecture presented in Figure 3 aims to help industrial and academic research with formalizing compositional ways to reason about cyber risks in an I4.0 context. There is an inherent risk in integrating the physical with the cyber world. The Cyber risk environment is constantly changing (DiMase et al., 2015), and estimated loss of cybercrime varies greatly (Biener, Eling and Wirfs, 2014;DiMase et al., 2015;Shackelford, 2016). The real economic impact of cyber risk remains unknown (Shackelford, 2016), mainly due to lack of suitable data and lack of a universal, standardised impact assessment framework (Koch and Rodosek, 2016). To develop such a framework, accumulated risk needs to be quantified and shared across technology platforms (Ruan, 2017). This requires detailed a understanding of the I4.0 network and critical infrastructure cyber risk. In addition, new risk elements also need to be quantified, such as intellectual property of digital information (Koch and Rodosek, 2016) and the impact of media coverage (Biener, Eling and Wirfs, 2014).
The Cyber Value at Risk (CvaR) model (World Economic Forum, 2015;Delloite, 2016) represents an attempt to understand the economic impact of cyber risk for individual organisations (Koch and Rodosek, 2016). CVaR provides cyber risk measurement units (Ruan, 2017), value analysis methods related to the cost of different cyber-attacks type (Roumani et al., 2016), and proof of concept methods that are based on data assumptions (Koch and Rodosek, 2016).
Given the lack of data needed to validate the CvaR model, these studies calculate the economic impact based on organisations' 'stand-alone' cyber risk and therefore ignore the correlation effect of sharing infrastructure and information and the probability of 'cascading impacts ' (DiMase et al., 2015, Radanliev 2018a,b,c, 2019a) which represents a crucial element of I4.0. These limitations of the CvaR model are of great concern, e.g in sharing cyber risk in critical infrastructure (Zhu, Rieger, and Basar, 2011;Koch and Rodosek, 2016). Critical infrastructures are vital for strong digital economies, but issues of synchrony, components failures, and increasing complexity demand development and elaboration of new rigorous CPS methods (Rajkumar et al., 2010). In the absence of a common reference point of cyber risks, existing cyber risk assessment methodologies have led to inconsistencies in measuring University of Oxford 6 risk (Ruan, 2017), which negatively affects the adaptation of I4.0. Assessment of IIoT cyber risk in I4.0 should be based on a reference architecture that enables visualising and assessing the cyber network risk, not only the stand-alone cyber risks of a sole company.
In early literature, existing financial models have been proposed to assess information security investment (Anderson and Moore, 2006;Gordon and Loeb, 2002;Mercuri, 2003;Rodewald, 2005). However, cyber risk covers more elements than information security financial cost, such as brand reputation or intellectual property (Ruan, 2017;Koch and Rodosek, 2016). In terms of modelled economic and financial impact of massive cyber-attacks, additional questions emerge in relation to the impact on public sector, rethinking of business processes, growth in liability risk, and mitigation options (Ruffle et al., 2014). Such economic evaluations trigger a debate between limited economic lifespans of digital assets (Ruan, 2017) and value in inheriting 'out of date' data (Tan, Goddard, and Pérez, 2008). In an I4.0 context, cyber risks are not simply associated with machines and products that store their knowledge and create a virtual living representation in the network (Drath and Horch, 2014) but also to the global flows and markets they are part of.
Our literature review concludes that existing production economics models don't anticipate risks in sharing infrastructure and the probability of cascading impacts. We address this by proposing a reference architecture and associated best practices for I4.0 -applicable to any I4.0 initiatives.

Taxonomy of management technologies and methodologies for the I4.0 production economy
This section defines 5C architecture and creates a taxonomy representing a list of focal points for visualising and focusing the IoE-5C direction I4.0. To define the contribution from this study, we first explain the existing 5C architecture in Figure 1.  (Lee, Bagheri and Kao, 2015) University of Oxford 7 The aim of this study is to design a 5C architecture that can be adapted quickly (Niggemann et al., 2015;Brettel et al., 2016), to create multi-vendor and modular production systems (Weyer et al., 2015). Requiring multi-discipline testing and verification (Balaji et al., 2015), and understanding of system sociology (Dombrowski and Wagner, 2014), and should operate in a similar method with social networks (Bauer, Hämmerle, Schlund, and Vocke, 2015;Wan, Cai, and Zhou, 2015).
The integration of artificial intelligence (AI), machine learning, the cloud, and IoT creates systems of machines capable of interacting with humans Brettel et al., 2016;Carruthers, 2016;Marwedel and Engel, 2016). The application of behaviour economics into these systems of machines (Leonard, 2008) already enables market speculation on human behaviour (Rutter, 2015) and even neuromarketing (Lewis and Brigder, 2004) to determine consumer purchasing behaviour. We can expect to see autonomous machines adopting the use of these methods in order to predetermine human behaviour (Carruthers, 2016). Technologies that would enable the integration of IIoT and CPS include software defined networks (Kirkpatrick, 2013) and software defined storage (Ouyang et al., 2014). The foundations of IIoT and CPS industrial integration are built upon: protocols and enterprise grade cloud hosting (Carruthers, 2016); AI, machine learning, and data analytics Kambatla et al., 2014;Pan et al., 2015;Shafiq, Sanin, Szczerbicki, and Toro, 2015); and mesh networks and peer-to-peer connectivity (Wark et al., 2007). IIoT transforms the embedded control of CPS, creating security and risk management vulnerabilities from integrating less secured systems, triggering questions regarding risk management and liability for breaches and damages (Carruthers, 2016). Many other technical challenges can be foreseen in the CPS in economically vital domains -especially in the design, construction and verification of CPS.

CPS in I4.0 -key management technologies
The academic literature we analysed outlines the evolution of CPS into the more inclusive and encompassing IoE. IoE brings together people, process, data, and things -making networked connections and transactions more valuable to individuals, organizations, and things (Cisco, 2013). Hence, the key management technologies require (a) integration University of Oxford 8 of physical flows, information flows, and financial flows; (b) innovative approaches to managing operational processes; (c) exploiting the IIoT and industrial digitisation to gain competitiveness; (d) and utilization of Big Data to improve the efficiency of production and services. These requirements are analysed and categorised in Table 1 as: domain communities, processes, societies, and platforms.
3.3 IoE-CPS for I4.0 -the changing roles of innovation, production, logistics, and the service processes The changing roles of innovation, production, logistics, and the service processes in IoE-CPS-I4.0 integration requires: (a) domain communities; (b) internet-based system and service platforms; (c) business processes and services; (d) dynamic intelligent swamps of physical and human networks.

Dynamic intelligent swamps
The key contributors to the integration of cyber physical capabilities into an IoE environment (CPS-IoE) are presented in Table 1. The relationships of these elements to CPS can be grouped into the following categories: CPS-IoE communities, CPS-IoE processes, CPS-IoE societies and CPS-IoE platforms. These contributors and the synergies between them lead to an integrated cyber risk aware process for I4.0 that is discussed further in the section.

Connected devices and networks CDN
Compiling for advanced analytics CfAA

Business processes and services BPS
Cloud distributed process planning DPP

Web of Things WoT
Social manufacturing SM

CPS-IoE platforms
Internet Protocol version 6 IPv6 Internet-based system and service platforms ISP

Knowledge development and applications KDoA
Real-time distribution RtD  Table 1, one point appears as an error in the categorisation. That is the Internet Protocol v6 is categorised as a platform, while from an engineering perspective IPv6 is a networking protocol. There are multiple categorisations that appear as errors of this type. The explanation for this categorisation is that to reduce the categories and themes, the grounded theory approach used the Pugh controlled convergence and in the process, themes are associated with the 'best fit' categories. The rationale for this categorisation is as follows. Protocol (e.g. the Internet Protocol v6) is the official procedure or system of rules governing the communication or activities of programs and/or industries. Platform on the other hand refers to the technologies that are used as a base upon which other applications, processes or technologies are developed. A CPS in the context of this categorisation is a platform, while the languages it uses to communicate (e.g. IPv6) with software are the protocol. Further clarification as why such categorisations have been made by applying the Pugh controlled convergence to reduce the number of categories is that we can consider a platform as a software, while protocol is more like a theory, or theoretical model which a platform can be based on. The outlined categorisation process (Table 1 and Table 2) has triggered a long debate among the Pugh controlled convergence participants. Finally, in the interest of keeping the categories and themes to a level that can easily be understood, the presented categorisations have been accepted for the abbreviated taxonomy in Table 2.   Table 1 The taxonomy of abbreviations in Table 2 was derived from the taxonomy of literature in Table 1, which categorises the emerging concepts into integration structure. The taxonomic integration structure relates the industrial CPS with IoE, bringing together the IoP and IoS, along with the process and transaction of IoT data. For example, the IoT data from DIS (see Table 1 and 2 for definitions of abbreviations) connected to IoP and IoS, (representing systems of systems) enhances the cyber risk avoidance with real-time distribution and feedback directly from users and markets.

CPS -IoE
Thus, the evolution of IoT in the CPS space adds a new IoE perspective to the existing cyber risk avoidance mechanisms. The inter-relationships between these elements are crucial for defining a secure-by-default framework for I4.0. The current approaches taken for I4.0 assume development of IoP and IoS and reliability of IoE. In particular, a deeper understanding of the relationship between IoE and I4.0, following the categories presented in Table 1 is required in order to develop a new comprehensive cyber risk avoidance structure.
Furthermore, Table 2 shows that the next level of integration of CPS capabilities into the IoE is related to the integration of cyber physical capabilities into the industrial value chains (Hermann, Pentek, and Otto, 2016;Shafiq, Sanin, Szczerbicki, and Toro, 2015;Stock and Seliger, 2016;Wang et al., 2016). IoE uses principles of IoT and integrates network intelligence, providing convergence, orchestration and visibility across otherwise disparate systems (Hussain, 2017). The integration of CPS capabilities into IoE also provides a framework for the operation and management of multiple CPS-related elements in the context of I4.0. Figure 2 shows the inter-relationship between different CPS communities, processes, societies and platforms. The integration of cyber physical capabilities into the IoE, involves the integration of IoT, WoT, SM, IoP and IoS into SoS. The categories (derived from Table 1) are correlated in a hierarchical framework in Figure 2, to correspond with the integration taxonomy (in Table 2).
Security requires information assurance and data security, protection for data in transit from physical and electronic domains and storage facilities (Longstaff and Haimes, 2002;CoNSS, 2010;Wahlster et al., 2013;DiMase et al., 2015;Marwedel and Engel, 2016;Toro, Barandiaran, and Posada, 2015). Asset management and access control are required for granting or denying requests to information and processing services (CoNSS, 2010;Rajkumar et al., 2010;Evans and Annunziata, 2012;DiMase et al., 2015), especially because CPS will interface with nontechnical users and influence across administrative boundaries is possible (Rajkumar et al., 2010). A process is needed to address novel vulnerabilities caused by life cycle issues, diminishing manufacturing sources, and the update of assets (DiMase et al., 2015), --including system dynamics across multiple time-scales (Rajkumar et al., 2010;Marwedel and Engel, 2016), similar to loosely time-triggered architectures (Benveniste, 2010;Benveniste, Bouillard, and Caspi, 2010) and structure dynamics control (Sokolov and Ivanov, 2015).
Furthermore, CPS require anti-counterfeit and supply chain risk management to counteract malicious supply-chain University of Oxford 13 components modified from their original design to enable disruption or unauthorised function (Evans and Annunziata, 2012;DiMase et al., 2015, Radanliev 2014a,b, 2015a,b,c,d 2016a. Standardisation of design and process (Sangiovanni-Vincentelli, Damm, and Passerone, 2012;Weyer et al., 2015) and hyper-connectivity in the digital supply chain (Ruan, 2017) also need to be supported. It is also suggested that limiting source code access to crucial and skilled personnel can provide software assurance and application security and may be necessary for eliminating deliberate flaws and vulnerabilities in the CPS (CoNSS, 2010;Rajkumar et al., 2010;DiMase et al., 2015). But this position is contested in the security community.
Security should be supported with forensics, prognostics, and recovery plans, for the analysis of cyber-attacks and coordination with other CPSs and those that identify external cyber-attack vectors (DiMase et al., 2015). An internal track and trace network process can assist in detecting or preventing the existence of weaknesses in the logistics security controls (DiMase et al., 2015). To support this, a process for anti-malicious and anti-tamper system engineering is needed to prevent CPS vulnerabilities identified through reverse engineering attacks (DiMase et al., 2015). The CPSS-5C architecture areas of focus in Figure 2 will support a robust integration of the 5C architecture (Lee, Bagheri, and Kao, 2015) and of virtual object architectures (Giordano, Spezzano, and Vinci, 2016) into CPSS for Industry 4.0 (Wahlster et al., 2013), so that cyber and physical components and connectors constitute the entire system at runtime (Bhave et al., 2010).

5C architecture 5C
Electronic and physical security EaPS  The CPSS-5C focal areas emphasize the need for security and privacy (Rajkumar et al., 2010;Zhu, Rieger, and Basar, 2011) and lead to the conclusion that in order to prevent continuation of CPS cyber-attacks, fast cyber-attack reporting and shared databases should be developed (Wahlster et al., 2013;DiMase et al., 2015). The systematic analysis is applied to each focal area to determine the inter-relationships between emerging cyber security concepts.

Requirements for the I4.0 for manufacturing and servitization.
Servitization in the context of I4.0 refer to predictive maintenance, forecasting machine failure, and intelligent machinelearning algorithms that are taking information from the Industrial IoT sensors and platforms to automatically diagnose failures and provide the remaining useful life of machinery. Here we are applying the grounded theory method to group the requirements for I4.0 servitization in manufacturing.

Electronic and physical security
This requires real-time data acquisition and storage solutions (Shi et al., 2011;Niggemann et al., 2015;Marwedel and Engel, 2016;Almeida, Santos and Oliveira, 2016) for fleets of machines , providing adaptive analysis, and peer-to-peer monitoring (Lee, Bagheri, and Kao, 2015).

Information assurance and data security
This needs to be supported with autonomous cognitive decisions, machine learning algorithms and high performance computing or data analysis Niggemann et al., 2015;Pan et al., 2015), supported with fast cyberattack information sharing and reporting via shared database resources (Wahlster et al., 2013;DiMase et al., 2015).

Asset management and access control
In I4.0, this requires that machines evolve into Cyber-Physical Production Systems (Weyer et al., 2015).

Diminishing manufacturing sources, material shortages and supply chain risk management
This is required for prioritising and optimising decisions with self-optimising production systems (Shafiq, Sanin, Szczerbicki, and Toro, 2015;Wan, Cai, and Zhou, 2015;Brettel et al., 2016), supported with production-planning computer visualisation, such as SCADA systems integration with Virtual Reality  for developing University of Oxford 15 the decision support system (Lee, Bagheri, and Kao, 2015).

Software assurance and application security
This requires a big data platform (Lee, Kao, and Yang, 2014;Niggemann et al., 2015;Hussain, 2017) for sensors condition based monitoring (Lee, Bagheri, and Kao, 2015). Such platforms can enable complex models, such as cyber city designs (Petrolo, Loscri, and Mitton, 2016) using structured communications for mobile CPS (Almeida, Santos and Oliveira, 2016), cross-domain end-to-end communication among objects, and cloud computing techniques.

Forensics, prognostics, and recovery plans
This needs to be informed by key performance indicators (Bauer, Hämmerle, Schlund, and Vocke, 2015).

Track and trace
Feedback and control mechanisms (Niggemann et al., 2015) are required for enabling supervisory control of actions, to avoid or grant required access or to design a resilient control system (Lee, Bagheri, and Kao, 2015).

Self-maintaining connection
Software assurance and application security Big data platform BDP

Mobile CPS mCPS
Required: Condition based monitoring CBM

Self-aware conversion
Life cycle and anti-counterfeit Task specific human machine interfaces HMI

Self-aware machines and components MaC
Anti-malicious and anti-tamper Loosely time-triggered architectures LTTA

Structure dynamics control SDC
Required:

Prognostics and health management PHM
Cyber self-compare

Electronic and physical security
Real-time data acquisition and storage solutions RTD

Fleet of machines FoM
Adaptive analysis AA

Peer-to-peer monitoring PtPM
Required: Cyber physical systems CPS

Self-predicting cognition
Diminishing manufacturing sources, material shortages and supply chain risk management Prioritising and optimising decisions POD

Self-optimising production systems SOPS
Information assurance and data security Autonomous cognitive decisions ACD

Machine learning algorithms MLA
High performance computing for data analysis HPC

Information sharing and reporting ISR
Required: Decision support system DSS  We propose a new 5C architecture in I4.0, which includes: (1) self-maintaining machine connection for acquiring data and selecting sensors; (2) self-awareness algorithms for conversion of data into information (similar to Lee, Kao, and Yang, 2014;Toro, Barandiaran, and Posada, 2015;Weyer et al., 2015); (3) connecting machines to create selfcomparing cyber network that can predict future machine behaviour; (4) capacity to generate cognitive knowledge of the system to self-predict and self-optimise, before transferring knowledge to the user (similar to Brettel et al., 2016); (5) configuration feedback and supervisory control from cyber space to physical space, allowing machines to selfconfigure, self-organise and be self-adaptive.  The emerging applications and technologies in Table 5 are presented in the form of a hierarchical cascading model in Figure 3 in order to visualise their relationships in the 5C architecture for I4.0. Figure 3 presents the way machines can connect to the 5C architecture and exchange information through cyber network (Toro, Barandiaran, and Posada, 2015) and provide optimised production and inventory management (Lee, Bagheri, and Kao, 2015;Wan, Cai, and Zhou, 2015;Weyer et al., 2015) and CPS lean production (Kolberg and Zühlke, 2015).
The categorisation in Table 5 derived from applying grounded theory to categorise concepts in existing literature. The principles of grounded theory demand that all prominent themes need to be categorised, hence the emergence of the 'cyber' category. However, from a cyber security engineering perspective the 5C model in Section 5 is fundamentally flawed, referring to the middle layer as 'cyber' demonstrates a poor understanding in literature of current developments in industrial systems and the fact that cyber elements now extend from sensor/actuator through to supervisory control and advanced analytic solutions. The principles state that we need to report what we observe, not what we think its University of Oxford 18 correct or incorrect and since cyber is a buzz word, it can refer to many things. It is probably incorrect to use in this context, but the taxonomy is based on grounded theory and the fundamental principles of grounded theory are applied to categorise themes from existing literature.
Nevertheless, the described new 5C architecture for I4.0 also represents cognitive architecture. The cognitive architecture allows for learning algorithms and technologies to be changed quickly and re-used on different platforms (similar to Niggemann et al., 2015;Brettel et al., 2016), which is necessary in usual I4.0 situations, such as, to create multi-vendor and modular production systems (as recommended by Weyer et al., 2015). Such re-using can be achieved through VEO and VEP in CPS, which enable the real-time synchronised coexistence of the virtual and physical dimensions (as recommended by Shafiq, Sanin, Szczerbicki, and Toro, 2015). The emergence of cyber cognition, confirms that CPS design requires multi-discipline testing and verification, including: system design, system engineering and policy design (similar to Balaji et al., 2015), and requires understanding of system sociology (Dombrowski and Wagner, 2014). The proposed 5C architecture operates in a similar method with social networks, in the sense that individuals can influence the production line (recommended by Bauer, Hämmerle, Schlund, and Vocke, 2015;Wan, Cai, and Zhou, 2015).
Under stressed conditions, single failure can trigger complex cascading effect, creating wide-spread failure and University of Oxford 20 blackouts (Rajkumar et al., 2010). Flexible AC Transmission Systems would enable protection against such cascading failures (Rajkumar et al., 2010). Distributed energy resource technologies (Ahmed, Kim, and Kim, 2013;Marwedel and Engel, 2016) such as wind power, create additional stress and vulnerabilities. Advanced power electronics and energy storage are required for here for coordination and interactions (Rajkumar et al., 2010;Leitão, Colombo and Karnouskos, 2016;Marwedel and Engel, 2016).
However, as the integration of CPS into I4.0 is an evolutionary process (Wahlster et al., 2013), the techniques within the topics and techniques above will be changing with time, which requires flexibility management of the complexities of the CPS. In addition to these techniques, for creating a reliable, secure and economically sustainable power system, financial planning arrangements should be developed for buyers and sellers in the renewables electricity market (Rajkumar et al., 2010;Ahmed, Kim, and Kim, 2013). Finally, CPS applications such as Sentinel (Balaji et al., 2015) can be used to exploit the information flow for energy savings.

Future techniques for CPS-IoE in I4.0
Building upon the present techniques, the deployment of self-sustaining networked sensors and actuators (Rajkumar et al., 2010) should be in symbiotic relations with the physical environment (Pan et al., 2015). Such 5C vision could be modelled through a user-centric Cloud (Gubbi et al., 2013). There are also important environmental techniques associated with cloud computing (e.g. Greenpeace International, 2011; Greenpeace International, 2012).
Environmental natural resources are crucial in sustaining economic development (Stock and Seliger, 2016), and CPS in I4.0 should be focused on creating eco-industrial by-product synergy (Pan et al., 2015).
Another future challenge is the evolution of I4.0 into self-adapting 5C, by moving from centralised-federated to decentralised-integrated architecture. This process would present a new vision for distributed (Wan, Cai, and Zhou, 2015) and integrated-decentralised (Stojmenovic, 2014) multi-agent swarm intelligence, based on cooperation of large University of Oxford 21 population of simple agents. The decentralisation of the control function to a multi agent swarm -which implies lack of central control dictating individual behaviour and interactions among swarm agents -stimulates the emergence of intelligent global behaviour. Individual agents exploit cloud services to analyse, predict, optimise and mine scalable capabilities of historical data and enable applications to self-adjust their behaviour to self-optimise their own performance (Shafiq, Sanin, Szczerbicki, and Toro, 2015;Brettel et al., 2016). In such decentralised systems, individual agents' 'contract-based design' is applied before 'platform-based design' (Sangiovanni-Vincentelli, Damm, and Passerone, 2012). Contract-based design enables actor-oriented design of multiple models of computation to be integrated in a single hierarchical system (Bhave et al., 2011), similar to loosely time-triggered architectures (Benveniste, 2010) but applied to I4.0.
This review presents different groups of things, and a form of dependency or a causal edge relation between them.   Table 4) represent a form of conceptual grouping model for building upon 5C architecture in Figure 1 (Table 3) are used as reference categories.

Review of global I4.0 frameworks and initiatives
Secondly, the categories in Table 3 are used for building the I4.0 architecture model in Figure 4 that relates various areas to each other and eliminates conflicts in different and sometimes contrasting I4.0 approaches.
The main elements of each initiative are separated in: areas of focus, areas of decision and areas of action (Table 7-9). However, the compelling of data into these categories is quite challenging, as some initiatives, for example, represent a collection of descriptive explanations and do not provide explicit areas of focus, decision and action. The systematic analysis of the world leading initiatives (outlined in Table  Some initiatives promote activities in the format of workgroups (IVI, 2017), while other initiatives promote activities in the format of testbeds (IIC, 2017) or digital catapults (John, 2017). From the empirical analysis in Table 7 (Table 8) and the elusive initiatives (Table 9). Computing.

Relationship
(2) Design, execution and enhancements of research results; (3) Connecting nation and regional research with international policies; (4) Improving possibilities for using EU funds.

Realisation of research projects;
(2) Technology transfer, sharing of knowledge and networking; (

Priority area -mission:
Comprehensive upgrade of the Chinese industry.

Guiding principles -MiC
Role of the state -policy: (1) Provide an overall framework, The differences in these approaches correspond to the different national and international strengths and aspirations of the promoters of these strategies. The empirical review (Table 7- These differences call for the development of an I4.0 architecture model for inter-relating the three areas of focus, decision and action in a meaningful method. The systematic analysis outlined in Table 3 provides detailed explanation of these areas. We develop the method accounting for this analysis into an I4.0 architecture model that is presented in EnergyNet; (6) FoodNettechnological changes (7) HealthNet; (8) NeuroNet; and (9) FinNet. imperative elements of action in their I4.0 architectures.
The architecture model in Figure 4 addresses this issue through integrating best practices from the empirical analysis in Tables 7-9. Figure 4 represents the first I4.0 architecture model that integrates a state of the art academic literature  Table 4 and the I4.0 cascading model derived from academic literature presented in Figure 3 are then juxtaposed over the empirical study in Table 3.
The I4.0 world visions emerging from the world leading initiatives are aggregated in an attempt to make visible the potential integration areas. A comprehensive vision for the integration of CPS-IoE into 5C architectures for I4.0 requires consideration of all mission statements from each initiative presented in Tables 7-9. This holistic approach requires the formulation of encompassing principles for the integration of I4.0 across all initiatives (Figure 4:3).
The argument of this I4.0 architecture model is that the integration of CPS-IoE-5C into I4.0 is not a selective process.
Rather, it requires the synchronisation and harmonisation between I4.0 architectures, which leads to standardisation of world leading visions. Such integration requires evaluation principles. The first stage of this study identified the evaluation principles from academic literature on CPS-IoE in 5C architecture models. Figure 4 consolidates the framework from Figure 2, with the AoF from Figure 2, the Cascading model from Figure 3 and the grouping model from Table 6. In the second stage, this process is shaped by the particular I4.0 world leading initiative that acts in each national context. We suggest that each particular I4.0 world leading initiative should be considered prior to deciding whether the 5C reference architecture is adequate and corresponds to the individual national strategy.
For example, the German Industrie 4.0 initiative contains 6C architecture model: (1) Connection (sensor and networks); (2) Cloud (computing and data on demand); The integration of CPS-IoE-5C into I4.0 while minding the world leading principles requires also the alignment of I4.0 policies. The empirical study presented in Table 3 highlights gaps in some of the world leading policies. To address these gaps, the architecture model presented in Figure Figure 4 seem conflicting, e.g. loosely defined standards vs. standardisation. The reason is that I4.0 is continuously evolving, and standardisation must accommodate for changes as this evolution occurs. This situation is very different from the incumbent industries, where standardisation normally refers to a fixed set of rules and regulations within a well-defined domain. In the cyber world, standardisation needs to be adaptive, hence the process of standardisations must anticipate constant future changes. This process includes a certain initial degree of continually evolving loosely-defined standardisation.
The 5C design building blocks for I4.0 provides more narrowly focused concepts, but they lack the concrete action objectives that would enable the delivery of the ideas specified in Figure 4 to deliver, such as support sustainable business models; (iii) concrete actions, such as research collaboration; and concrete activities for feedback mechanisms, such as blog (forum). However, the design action stage of the I4.0 architecture models are still formulated by IVI and NTI deliberately in more general terms in order to provide flexibility in resolving each design action through different approaches present in the I4.0 initiatives around the world. For example, some of the 5C key projects for I4.0 identified, such as the HVM catapult, address part of the 5C design actions for I4.0 (e.g. the design element - Table 3). However, I4.0 involves more than the HVM catapult and, therefore, a new architecture model for national I4.0 strategy should integrate all the 11 catapults that form the UK I4.0 initiatives.
In a similar process, the 5C key technologies for I4.0 layer should integrate all the 27 key technologies from the HVM catapult and all other UK I4.0 catapults.
The next layer of the proposed CPS-IoE-5C integration into I4.0 differs from most of the existing I4.0 initiatives. The 5C key tech sectors for I4.0 layer is based on the NTI guiding principle to focus on market creation as opposed to technology development. The argument of the Russian NTI initiative is that market development is the solution, rather than technology development. According to this initiative, in case there is a market for a specific technology, there will be the specific market mechanisms that will force development of the new technology. This approach seems to be compliant with the recent UK digital strategy, which promotes digital sectors and relates them to the wider economy, including data economy (DCMS, 2017). In this context, the 5C architecture for I4.0 aims to revolve the strategy around specific tech sectors. Therefore, the logical sequence in our architecture model is continued with the 5C key tech networks for I4.0 layer where technologies can be grouped to generate networks, similar to the NTI initiative (ASI, 2016). The new tech networks require 5C key testbeds for I4.0.
Global sharing of existing innovation testbeds (22 US testbeds from IIC; 11 UK catapults; over 500 projects in Germany), would reduce cost and enable faster product to marker process. Global sharing is also needed for the 5C industries and 5C key markets, bringing into focus the G20 initiative policy key point for trade liberalisation (G20, 2016).
The second policy of the G20 initiative (the elimination of subsidies) is somewhat confusing. While there is a compiling argument for the elimination of subsidies in the traditional industries, the concept of CPS-IoE-5C-I4.0 integration requires technologies that are still in the infant stage of research and development. Economic policy dictates that infant industries need state support, hence emerging digital technologies also require state support. In any case, the NTI guiding principle (ASI, 2016) for focusing on market development is designed to reduce substantially any financial involvement of the state. The NTI (ASI, 2016) policy approach would address the second G20 policy key point 'the elimination of subsidies' (G20, 2016).

Discussion
This paper contributed with a new reference architecture model for the integration of the IIoT with existing processes from CPS and presented a design process for integrating these technologies in the I4.0. The reference architecture University of Oxford 35 model is based on grouping of future and present techniques and presenting the design process through a new hierarchical framework and a new cascading model. These are established models for decomposing and reverse engineering design processes and in this paper, these models are applied following established engineering design methodologies. This results with a detailed step by step design process that can be applied by companies operating in this field, companies that are trying to evolve their operations, governments trying to improve their national strategies and governments trying to build national strategies. The contribution of the process developed in this study (outlined in Figure 4), for company practitioners is that they can easily check if their existing integration in the Industry 4.0, or companies that are trying to enter the I4.0, the findings of this study would enable them to build their digital strategies.
The contributions of this study for national governments of the developed nations is that they can check and compare the existing digital strategies with the national digital strategies applied across the globe. The benefits for developing countries that have no digital strategies (e.g. most African, Latin American, Eastern European nations), is that they can review the current developments from around the world, and follow the step by step process to develop their national digital strategies for evolving in the Industry 4.0.
The methodologies applied in this study represent time-tested engineering design methods, such as the hierarchical framework and the cascading model combined with the grounded theory, which is a time-tested method for building  Table 4 and initiatives. The process of strategy cascading is applied with grounded theory to build an I4.0 architecture model that is grounded on academic knowledge and real-world practice.
The architectural model presented in this paper is designed to support the building of new I4.0 national strategies and the improving and reformulating of existing frameworks and practical initiatives. The architecture model would also benefit practitioners who aim to improve or evolve their operations in the I4.0 space. Similar model to the one presented in this paper does not exist in current literature -until present.

Validation of the I4.0 architecture model
In this paper, case studies of 14 world's leading I4.0 initiatives have been reviewed. Following the validation recommendations in other similar models (Toro, Barandiaran, and Posada, 2015), this paper proposed I4.0 reference architecture based upon the experiences from the empirical study of different ongoing world leading initiatives. Table 3 summarises the main elements of this study and indicates where individual aspects of the presented architecture are being implemented. However, research on CPS requires development of testbeds to validate the proposed solutions (Hahn et al., 2013). In scenarios where current testbeds have limited deployment capabilities for complex computation, the model design should be further validated through case studies (La and Kim, 2010).

Limitations and areas for further research
The architecture model for the integration of the CPS-IoE-5C into I4.0 requires further validation and delimiting, possibly through application to real world case studies. The process of implementing I4.0 is an evolutionary process, and as such, it would require flexibility in adapting the proposed framework to synchronise changes in the system complexities.
Alternative testing and validation of I4.0 architecture model Some elements of CPS are still futuristic and require virtual validation in the design stages (Leitão, Colombo and Karnouskos, 2016). In different types of CPS (ex. autonomous vehicles) the futuristic elements discussed have already been applied. Examples include virtual evaluation, validation and design platforms (Feth, Bauer, and Kuhn, 2015), unmanned network navigation (Wan et al., 2010), autonomous navigation (Berger and Rumpe, 2014), context aware CPS with Cloud Support (Wan et al., 2014a;Weyer et al., 2015), autonomous energy management (Wan et al., 2012) and integration of CPS in the cloud (Wan et al., 2014b). For validation, verification, optimisation and visualisation, advanced software tools can be applied (Pan et al., 2015). The next stage of development for the proposed I4.0 architecture model, is constituted by the application of these findings in multi-testbed / multi I4.0 initiatives settings.
However, this process would require refining the findings and applying the reference architecture in a real-world setting, University of Oxford 37 which can take several years to complete.
The verification problem of the architecture model in this study could be attempted for example through fuzzy verification that involves a sequence of Boolean questions and decisions meant to provide a level of confidence for a correct implementation of specific elements as in Marwedel and Engel (2016). But this verification would hardly provide a reasonable level of confidence for various systems of systems let alone for the entire system, also because some of the technologies discussed are not even invented, such as AI brain . Alternatively, industrial developers can test the 5C architecture by applying object oriented layered architecture for the cyber-physical components (Thramboulidis, 2015). However, to introduce performance measurements, the Thramboulidis (2015) method oversimplifies the process. Continuous experimentation method can also be applied in automated virtual testing, using simulations and data recordings from CPS (Giaimo et al., 2016). However this method presents serious weaknesses in terms of safety guarantees, hardware constraints and lack of supportive instruments.
This study proposed a new overarching I4.0 architecture model, and the holistic approach in this study can hardly be verified with the aforementioned methods. Nevertheless, these alternative approaches could be applied to validate individual components of the architecture model proposed.

Limitations in the economic and social areas
The article does not deal with the emerging literature on harnessing economic value from the I4.0 (Bauer, Hämmerle, Schlund and Vocke, 2015;Shafiq, Sanin, Szczerbicki, and Toro, 2015;Anderson, 2016;Brettel et al., 2016;Stock and Seliger, 2016;Wang et al., 2016;Hussain, 2017). Rather, the article points to the ways in which the reference architecture presented can inform the development of new economic models and future work on the actual assessment of emerging cyber risks in I4.0. This article is part of a series of articles published by this project and represents the preparation work for addressing the topic of harnessing economic value. Harnessing economic value is effectively a fundamental aspect of the approach particularly in relation to the economic risks that are briefly discussed in the paper.
The focus of the article is on the integration of IIoT and I4.0 resulting with the reference architecture. Addressing all the related topics in a single article would have resulted with a lack of focus. Therefore, the authors had to consider what area the article is trying to address and focus it accordingly.
In addition, future research should give consideration of system sociology, because the conceptual grouping model presented does not address the question of skilled job losses (Dworschak and Zaiser, 2014). It is argued that technological unemployment is already happening in both routine and non-routine manufacturing tasks (e.g. Brynjolfsson and McAfee. 2011) and that the associated social disruptions will be significant as the technologicallydriven labour market transitions are likely to take considerable time and domains such as in situations when AI University of Oxford 38 accelerates the pace of automation (Kaplan, 2017). The counter argument is that skilled and educated jobs will be created to control and maintain machines (Dombrowski and Wagner, 2014) as I4.0 optimises the manufacturing competitive edge in high-wage countries (Brettel et al., 2016), and enables a better work-life-balance in a high-wage economy (Wahlster et al., 2013). We believe that elements in this article would also contribute to the ongoing debates on this topic.
The categorisation in Table 5 from a cyber security engineering perspective the 5C model in Section 5 is fundamentally flawed, referring to the middle layer as 'cyber' while cyber elements now extend from sensor/actuator through to supervisory control and advanced analytic solutions. The principles of grounded theory state that we need to report what we observe, not what we think its correct or incorrect. It is probably incorrect to use in this context, but it is used in this exact context in existing literature reviewed. Since the taxonomy is based on grounded theory, the fundamental principles of grounded theory are applied to categorise themes from existing literature. Once literature changes the wording, the wording of this category should change as well.

Conclusions
The complexities of the IIoT require a new regulatory framework and standardisation of a reference architecture for managing collaborative systems safely and securely while using resources efficiently. This paper presents a new model for the future vision for IIoT integration in a 5C-CPS architecture. The paper also identifies and provides a methodological design process for some specific grand challenges, such as cognition and AI in I4.0. The paper creates a taxonomy of common basic terminology, common approaches and existing world leading initiatives into a proposition of new economics architecture for I4.0. The paper also suggests the need to formulate compositional ways to reason about the emerging cyber risks in an I4.0 context. The proposed model enables the current efforts to integrate the IIoT into I4.0, and in a larger perspective the development of specific CPSs for I4.0.
The contribution of this paper is two-fold. Firstly, the paper developed a method for aggregating evidence on the emerging advancements in the field of IIoT in relation to I4.0. The paper combines approaches to incorporate existing standards into new design model for I4.0. Secondly, the paper captures some of the best practices in industry and develops a reference architecture using a step-by-step process design. This analysis includes reflection on how automation and AI could lower the cyber risk from the IIoT integration into the I4.0 future architectures. The paper presents the first I4.0 architecture model that integrates the recent academic literature on IIoT integration into I4.0 with the state-of-the-art practical initiatives that are currently at work in world's leading I4.0 initiatives.