Industry 4.0 Solutions Impacts on Critical Infrastructure Safety and Protection–A Systematic Literature Review

In today’s turbulent and complex times, the importance of the functional security and continuity of critical infrastructure (CI) is of particular importance. The Industry 4.0 (I4.0) toolset contains many technologies that support CI or are an integral part thereof. The purpose of this paper is to examine the relationship between CI and I4.0. The goal will be achieved by (1) conducting a systematic literature review using VOSviewer, (2) identifying leading research topics using Latent Dirichlet Allocation, (3) mapping the results obtained and identifying possibilities for further research. Web of Science, Scopus, and a set of specific keywords were used to select peer-reviewed papers presenting evidence of the considered connections. Selected clusters and topics were used to build a reference framework formed by relations between CI and I4.0. The results revealed that despite the popularity of both issues, studies examining the mutual relations between the same are lacking. The added value of the article is that it organizes the knowledge related to relations between I4.0 and CI, and indicates the research areas that require further scrutiny. It is the first comprehensive literature review focusing specifically on CI & I4.0.

The purpose of the paper is to show the spectrum of I4.0-related topics covered in the in the available The associate editor coordinating the review of this manuscript and approving it for publication was Francisco Perez-Pinal . literature, especially in the context of links to critical infrastructure. The authors intentionally do not limit themselves to the main currents related to I4.0 by presenting the results of analysis of data available in bibliometric databases.
The idea of I4.0 is to transition from centralized production towards greater flexibility and self-control. This direction naturally follows from the historical developments in computer integrated manufacturing (CIM) and flexible manufacturing systems (FMS) [5] made in past decades, as well as the mass digitization observed in recent years [6]- [8]. I4.0 is a network approach that complements CIM through ICT [9]. It is worth mentioning that the development of the toolset of I4.0 solutions and technologies has benefited not only the manufacturing sector but also the service sector (e.g. big data solutions in banking or marketing).
With the current advanced technologies, the ideas of CIM and FMS could be implemented at significantly lower (more rational) costs. I4.0 is technology-driven and its toolset covers technologies and solutions such as flexible automation, cyber-physical systems (CPSs), industrial Internet of Things (IIoT), embedded sensors, collaborative and cognitive robotics, cloud and edge computing, big data, computer modeling and simulations, additive manufacturing (3D printing), artificial intelligence, or the industrial Digital Twin [10]- [14].
Substantial benefits are expected from I4.0 technologies and solutions, e.g., more accurate forecasting and planning, shorter lead times, an increase of energy efficiency, decrease of waste, workplace improvements (an increase of ergonomics and occupational health and safety), etc. However, relatively early phases of the I4.0 technologies' lifecycle imply serious questions and concerns regarding, e.g. the related social threats, economic effectiveness, or environmental impact. These can prove cost-intensive and lead to difficulties estimating the actual financial benefits and economic effectiveness, as well as problems related to increased electro-waste, energy consumption, the incidence of human-robot interaction issues, technophobia, unemployment threats, or privacy issues to name just a few [15].
An additional problem is the issue of security, which may be defined differently by each entity. Safety involves a wide range of things, systems, and processes. The security issues could be categorized into three levels, namely, the process level, the data level, and the infrastructure level. Manufacturing companies may define the security of their operations as the continuity of their own processes, for example. Service enterprises operating in cyberspace will define security as: availability, integrity and confidentiality of processed data. CI operators, on the other hand, will focus on the security of managed infrastructure in the context of: cyber security, physical security, technical security, legal security, personal security and business continuity. The accepted understanding of the concept of security determines the set of actions implemented with the intention of protecting the enterprise's operations.
Commonly labelled as the ABCD (i.e., artificial intelligence, blockchain, cloud computing, big data analytics) technologies are essential in enhancing the safety and security of I4.0 systems. However, the digital twin (DT) also plays an important role. DT could be depicted as the successor of the computer simulation approach. It could be used to support the design and flexible reconfiguration of the system. DT enables quick validation and tests to locate the malfunction and inefficiency reasons, rule out the mistakes, and test the practicability and safety/security of physical solutions in a cyber environment [16]- [18].
The Internet of Things (IoT) facilitates the integration of automation technologies under this approach within the production environment [10]. This allows the assets of an entire factory to become interconnected, creating an intelligent network. I4.0 applications also impact systems reliability affecting the same in two distinct ways. On the one hand, they increase reliability by providing new functionalities (like forecasting, planning, real-time data acquisition, etc.). On the other hand, I4.0 technologies facilitate new subsystems and maintenance that need integration with each other and the existing environment [19].
In this paper, the authors focused on safety, which involves many things, systems, and processes. Instead of more narrow and technical security issues, that could be categorized into three levels (process, data, infrastructure). Many studies highlight options to apply different technologies to I4.0 solutions and systems to enhance systems' security, transparency, and traceability.
Special attention is currently put to blockchain solutions and their abilities to obtain: -sustainable manufacturing and lifecycle [20]- [22], -secure digital twin technology (off-chain and on-chain merger) [23], -anti-counterfeiting of things in the industrial internet. Some current studies focus not only on physical signatures, e.g. optical technologies like QR codes, radio technologies like UHF RFID or NFC, among others, but also on biological features or edible chemical signatures for things counterfeiting in an I4.0 context [24], [25]. Blockchain security is an issue itself as well [26]. The picture shows that some areas like blockchain are discussed in detail on many levels. However, those studies are focused on technical issues. They miss the broader business context of critical infrastructure, where efficacy is over effectiveness. They also ignore the broader context of the holistic environment that is the I4.0 system and focus purely on security aspects, leaving more complex safety issues not covered. Therefore, I4.0 is dependent on the efficacy of the infrastructure providing access to energy, water, communications, transport, and ICT networks. A part of this infrastructure is referred to as Critical Infrastructure (CI).

B. CRITICAL INFRASTRUCTURE BACKGROUND
The term ''critical infrastructure'' was first coined by president Bill Clinton's 1996 Commission on Critical Infrastructure Protection, and the concept received additional attention after the 9/11 attacks in 2001 [27]. It is centered on the notion that CI is of essential importance for economic security, national defense, and the public. However, there is no global consensus as to which systems should be considered as elements of CI. The specific identification of CI depends on the preference of the state in question. However, systems such as electrical power, transportation, healthcare, gas and oil, telecommunications, transportation, banking and finance, emergency services, continuity of government, and water supply are commonly included [28], [29].
Regardless of the definition, CI components are subjected to different types of threats due to the behavior of individuals, natural disasters, military operations, terrorism, or cybercrime. The efficacy of CI, measured by the availability of its functionality, determines the citizens' perception of safety, rate of economic growth, social satisfaction, the sovereignty of the state, and effectiveness of public administration entities. Limited functionality of CI results in economic losses, environmental pollution, and a threat to the population's health and life [30].
Research pertaining to CI can be divided into two categories. The first focuses on particular critical infrastructures and their respective issues on a case by case basis, and the second on analyzing and governing critical infrastructures from a cross-sector perspective. The reviewed literature shows an evident limitation concerning the type of the infrastructure sectors analyzed. CI sectors such as finance, healthcare, food supply, public administration, safety and security, social insurance, and trade and industry are not considered or, in several cases, only included in combination with other sectors. Instead, there is a clear focus on sectors such as transportation, energy, water and sanitation, and information and communications. Many research initiatives have recently been carried out in terms of: -the overall strategies of CI management or protection [31], [32], -using CI as variables when estimating the vulnerability of various areas to flooding [33], [34], -the impact of CI on national security in the domains of economic development, state sovereignty, and improvement of the overall standard of living [35], [36], -the mutual interactions between CI systems [37], [38], -dependent risk [39], [40], -methods from the domain of management science which can be adapted to the management of CI safety [41], -methods of exchanging information on threats to which CI facilities are vulnerable [42], [43], -establishing a safety threshold for the functionality of CI facilities [44], [45].

C. INDUSTRY 4.0 ROLES IN CRITICAL INFRASTRUCTURE
Some I4.0 technologies will soon become or are already becoming integral parts of CI, e.g.
-Several manufacturing and service sectors widely consider the use of big data, blockchain, and edge computing technologies [46], [47]; -Cybersecurity is rapidly developing and the readiness to fend off large-scale attacks on critical infrastructure has improved dramatically [48], e.g. in the energy sector in the Gulf Cooperation Countries [49], manufacturing sector [50]; -Artificial intelligence supports CI systems [51], [52]; -Industrial automation [53], robotics [54], sensors, CPS [55], [56], IIoT [57], digital twins [58] enrich decision makers with data and enable extensive preventive and resilience capacities in CI; -Parts manufactured using additive manufacturing can enhance the technical resilience of CI [59], but also create new potential targets for attacks (physical and cybernetic) within safety-critical infrastructure.
Consequently, I4.0 is dependent on CI but at the same time also shapes the same through technological applications [60].
CI systems provide the basis for utilizing I4.0 technologies, and thus impact overall economic, environmental, and social sustainability. The complexity of the relationship between sustainability, I4.0, and CI requires a holistic approach to the management of CI safety, understood as maintaining business continuity. However, the progress of research done in areas relevant to CI varies. Studies cover only excerpts related to the CI safety management process. There is a lack of a proposal for a holistic solution to CI safety management. Therefore, said safety becomes dependent on I4.0 solutions, which means that apart from the efficacy paradigm, it should also be considered from a sustainability perspective.
I4.0 is also discussed in terms of its impact on national security [44]. Some systems and solutions combine recently emerging new technologies, e.g., cyber-physical systems, but no single technology is likely to solve a problem without being integrated with other technologies. Combined, all such technologies might find applications in in CI systems. Therefore, I4.0 could deliver benefits in terms of better CI management, increased CI protection, etc. At the same time, however, when I4.0 solutions become integral parts of CI systems, they become additional sources of potential risk as the respective subsystems must be considered in terms of their safety and security [45] (especially occupational health [46], cybersecurity [47]), and reliability [48], etc.).
Considering the rapidly increasing popularity of I4.0 solutions, their increasingly important role in industrial systems, and the importance of CI security for businesses and economies, the goal of the present study is to deduce their relations and interactions by analyzing the existing body of scientific peer-reviewed literature. In this paper, a literature-based analysis is performed to determine the relationship between I4.0 and CI across different industries. CI and I4.0 relations are still quite fuzzy. The analytical approach proposed below entails a comprehensive qualitative assessment based on a literature review and bibliometrics. Therefore, the paper is focused on a systematic literature network analysis with a view to identifying connections between I4.0 and CI by analyzing the citation network, co-occurrence of keywords network, and Latent Dirichlet Allocation approaches. The review presented below is oriented towards investigating the mutual relationship between CI and I4.0. Therefore, this paper can provide a rationale for understanding the range of interest and implications of I4.0 applications in CI. Furthermore, it contributes to systematizing the existing knowledge about concepts that were traditionally discussed separately (I4.0 and CI). It furthers the trend towards integrating the same, makes a valuable theoretical contribution to the body of scientific literature in the research field, and suggests directions for further study. This will allow scholars and other interested parties to conduct more complex research on the development of quantitative assessment methods combining CI and I4.0, which are still few and far between.
In the context of existing scientific articles, the following paper contributes to the present state of scientific knowledge by providing a comprehensive and systematic review of literature pertaining to CI and I4.0 by: -Rationalizing and systemizing the state-of-the-art knowledge on the considered topics using the dynamic Systematic Literature Network Analysis; -Presenting the literature analysis in terms of its three dimensions: (1) systematic review, (2) type and application of reviewed study, and (3) bibliographic networks of the literature review; -Attempting to provide answers to research questions addressed in current, relevant studies; -Contributing to the existing body of research literature focused on combining the concepts in question. The paper is structured as follows. Section 2 presents the research methodology and the bibliometric software used. Then results of the systematic literature network analysis are described in Section 3. Section 4 discusses results derived from the SLNA-based reference framework illustrating the discovered CI and I4.0 relations. Directions for future research are also described in Section 4, while Section 5 outlines the conclusions.

A. SELECTION OF METHODS AND TOOLS
The dynamic development of scientific research in many fields combined with its increasing interdisciplinarity has contributed to the overall body of scientific knowledge, but has also made it difficult for researchers to keep themselves up to date with the current state of research. Limited cognitive resources prevent a complete review of the literature, and the selection of publications based on search engines using specific ranking algorithms runs the risk of omitting interesting papers with a low number of citations, but with high potential impact. As a result, it becomes increasingly difficult to obtain a reasonably comprehensive picture of research in a given field and identify an interesting research gap.
In such situations, data mining and machine learning methods can be employed, especially in terms of natural language processing and analysis, knowledge extraction, and document classification. Clustering and visualization techniques using tools such as VOSviewer [61]- [63], topic modeling analysis methods [64], or trend detection [65] are particularly popular among researchers. The maturity and continuous improvement of these methods encourages researchers to develop methodologies for employing the same in literature review processes as supplementary tools or even, in some cases, in lieu of actually reading scholarly articles. For example, Buchkremer et al. [66] proposed the STIRL (Generation and Application of Systemic Taxonomies via Information Retrieval and Semantic Learning) methodology, where they use various data mining and machine learning methods in the stages of information retrieval, taxonomy enhancement, topics mapping, cleaning, corpus creation, evolution, topics and trends identification, predictive analytics and results presentation.
We employed a systematic literature review method, deepened by Global Citation Score (GCS) analysis and network analysis, by using the VOSviewer tool. This was followed by Latent Dirichlet Allocation (LDA) to identify leading topics of research conducted in the I4.0 and CI areas.
The literature search was conducted in two scientific databases: Web of Science Core Collection (WoSCC) and Scopus. The databases were chosen because they are the most-commonly used when conducting literature searches [67] and are also leading databases with significant scientific impact scores. Due to their restrictive indexing procedures, the documents returned from queries processed in the databases tend to be of good quality [68]. The databases are also considered to be the two most important multidisciplinary bibliometric databases [69] used for field delineation [70].
Due to evident similarities between the databases, many authors have commented on their preference for one over the other [71]. For example, Scopus has about 60% more records and includes in-press articles. WoSCC is better when we want to find more accurate citation information [72] and identify 'high-influence' papers [73]. Since both databases have their advantages and disadvantages, it was decided to use both in the present study.

B. SYSTEMATIC LITERATURE REVIEW
A systematic literature review was chosen as a research method to discover relations between I4.0 advancements and issues relevant to critical infrastructure. A systematic review was chosen as it entails strict procedures in searching for and selecting papers to be reviewed, and is therefore ''effective in synthesizing what the collection of studies are showing in a particular question and can provide evidence of the effect that can inform policy and practice'' [74].
The exploration of the existing literature on the relationships (one-way and two-way) between CI and I4.0 was based on the identification of available studies, which in turn was facilitated by a specific set of keywords. The selection of relevant papers for bibliometric research focused on the construction of a search query covering various terms, synonyms, and abbreviations related to the words ''critical infrastructure'' and ''Industry 4.0''. To identify all such relevant terms, synonyms, and abbreviations, the authors analyzed the most cited or recent literature reviews on critical infrastructure [75]- [78] and Industry 4.0 [15], [12], [79], [80] available in the WoSCC and Scopus databases.
The selection of keywords relevant to CI was based on a keyword analysis drawing on 3,290 articles on the topic published since 2018 [75]. The keyword selection was based on the scoping study framework [81]. A scoping study is designed to map the literature relevant to a subject or research area to support the identification of key concepts, research gaps, or evidence to inform practice, policymaking, and research [82]. The discussed scoping study framework [81] is in line with other systematic review methodologies, e.g. the PRISMA approach [83]. The search strings were iterated to encompass a broad range of articles related to CI. This was achieved by iteratively modifying the search string to either include new keywords or add new restrictions. For example, in some countries, the terms ''lifeline systems'' or ''vital societal function'' are used synonymously to critical infrastructure [36], [84]. There is no real consensus as to exactly which systems or institutions should be considered as critical infrastructures, although different categorizations in national policy frameworks show significant similarities [27], [29]. The eventual selection of keywords for CI was done using the Article Score. The Article Score is developed based on the principle that an article with many high-ranking keywords is more relevant to a given research field than an article with only a few low-ranking keywords. This resulted in a list of CI-related keywords that were used to prepare the queries for this paper. The original set of keywords was modified by excluding the names of critical infrastructure systems, i.e., transportation system, energy system, financial system, etc. This procedure was done to find cross-cutting works on multiple CI systems.
The term ''Industry 4.0'' is mainly used in Europe and is often associated with the Fourth Industrial Revolution. The concept of Industry 4.0 was first presented in 2011, and a full description thereof was first published in 2013 [1]. The core of Industry 4.0 is smart manufacturing, defined by the National Institute of Standards and Technology (NIST) as ''a fully integrated, collaborative manufacturing system that responds in real-time to meet changing requirements and conditions in the factory, in the supply chain, and the needs of customers'' [85]. On other continents, this paradigm is most often referred to as ''smart factory'', ''smart manufacturing'' or ''advanced manufacturing'' [70]. The use of different names results from national strategies that have been developed in response to the need to increase the competitiveness of national economies, especially in the area of manufacturing. A full list of Industry 4.0 equivalent programs is presented in the paper [3]. Literature reviews from various journals were used to include all the common terms, synonyms, and abbreviations applicable to 'Industry 4.0', [3], [15], [79], [80]. There are also other, less popular terms/synonyms related to Industry 4.0, such as industrial Internet or industrial Internet of Things (IIoT), cyber manufacturing, digital transformation, cyber-physical (production) system (CPS), cloud manufacturing, etc. [79]. It should be noted that many terms treated as synonyms of Industry 4.0 are correspond in fact to either its main technologies (IIoT, CPS, big data) or its underlying purpose (digital transformation). For this reason, such terms were not included in the query. It is also worth noting that in the vast majority of papers, apart from the specific terms mentioned above, the term Industry 4.0 itself also appears in the title/abstract/keywords.
In both cases (critical infrastructure and Industry 4.0), abbreviations were omitted to include only papers where the complete term appears in the abstract. In this case, adding abbreviations would only artificially inflate the number of results by including texts where those abbreviations are used in other meanings. Based on the above keyword considerations, the query was formulated for the search within titles, keywords, and abstracts, without a time restriction. The query was entered into the Scopus and WoSCC databases on November 26, 2021. The dataset obtained from the WoSCC database was fully contained in the dataset obtained from Scopus, hence only the results from the Scopus query are presented hereinbelow.
OR key servicesorkey resources OR ''essential services''or ''crisis management'') AND (''Industrie 4.0''or''Industry 4.0'' This step is very important, because the results may change if another query is used. This choice was made in line with the aim of the paper, i.e., presenting the landscape of scientific literature pertaining to the relationship between critical infrastructure and Industry 4.0. The selected set of keywords allowed the analysis of specific topics and their trends using the adopted methodology. Only studies in English (including papers in press) with available abstracts and references were considered for further analysis (inclusion criteria). There were no other exclusion criteria, so documents of all types could be considered and no other restrictions were imposed in terms of the time of publication, affiliations, etc. Altogether, 129 papers from Scopus were considered in further analyses.

C. BIBLIOGRAPHIC NETWORK ANALYSIS USING VOSVIEWER
We calculated the Global Citation Score (GCS) to detect groundbreaking publications. GCS corresponds to the total number of citations in the Scopus database. Studies with high GCS are considered seminal or have a significant impact on the area of knowledge to which they relate [86]. In other words, GCS allows the identification of papers that form the basis of a given field, which are often used by other authors to develop their publications. Citations from the entire Scopus database are counted, even if they are from articles that have not been identified or selected.
To identify recent groundbreaking studies that could have a potentially large impact and promising scientific input on Industry 4.0 & critical infrastructure, papers were ranked according to the number of citations received in the entire Scopus database in 2021, divided by the number of years since the year of publication. This allowed the identification of those studies that have (potentially) low GCS but have recently gained considerable interest from the scientific community. This process 'weighed' citations received in 2021 based relative to the 'lifespan' of papers. The ranking of papers prepared in this way is shown in Table 2.
We also performed a network analysis in terms of the co-occurrence network for authors' keywords and citation network analysis using the VOSviewer approach and tool. Co-occurrence analysis aims to analyze information characteristics. It applies to words, authors, classifications, and other record fields in books, journals, proceedings, and other literature [87]. There are three basic types of co-occurrence analyses [88]: (i) author co-occurrence (co-operation analysis), (ii) author-keywords co-occurrence (coupling analysis), (iii) keywords co-occurrence (co-word analysis). In the paper, it was decided that the author's keywords co-occurrence analysis will be used. This analysis allowed us to obtain the results that are the most important from the point of view of the purpose of the article. It concerns the analysis of keywords indicated by authors in their studies. This method of quantitative analysis allows one to discover the structure of the research area within the considered set of papers and its potential importance for the discipline. Due to the increasingly accurate bibliographic indexing, co-word analysis is widely used nowadays to analyze keywords in books and journals. Author's keywords co-occurrence analysis allows one to obtain information on the number of times that given keywords appeared simultaneously in a published article [89]. Co-occurrence of the author's keywords creates a map in which the size of the nodes corresponds to the frequency of the keyword, while the lines show the relationships between respective keywords [90]. A citation network is a network where the nodes are papers, and the links mean that there are citations between them. Hence, we can observe the flow of knowledge as well as trace the citation connections between papers. This, in turn, makes it possible to isolate clusters (smaller networks), which include papers with least a single connection with another paper within the cluster. Among other reasons, this is done to facilitate easier definition of the thematic scope of the cluster.

D. LATENT DIRICHLET ALLOCATION
This part of our study aimed to identify and analyze the most important topics in the area of I4.0 usage in critical infrastructure, its safety, and management using the Latent Dirichlet Allocation (LDA) method. This provided the basis for generating a fairly comprehensive representation of the current research related to the discussed subject matter. Latent Dirichlet Allocation is one of the most popular topic modeling methods used in scientific research to identify key research topics or research trends in fields such as medical sciences, software engineering, political sciences, geography, or enterprise architecture [91], [92]. First introduced by Blei, Ng, and Jordan [93], it is a generative probabilistic model of a corpus. It represents topics by word probabilities, and the words with the highest probabilities in each topic serve as an idea of the topic characteristics. To make the interpretation easier, Chuan, Manning, and Heer introduced Termite: a method for visualizing and interpreting topics [94], which later inspired Sievert and Shirley to create LDAvis: one of the most popular methods used for LDA results interpretation [95].
The input for the LDA analysis was a clean dataset containing Authors, Titles, and Abstracts from the Scopus database. LDA was used to analyze all the identified papers discussing applications of the I4.0 toolset in Critical Infrastructure management extracted from Scopus using (1).
In our analysis, we used an open-source PyCaret library [96] which utilizes a reliable LDA algorithm implementation supported by the LDAvis visualization technique. In the first step, we initiated the model with the most popular irrelevant words (e.g., use, paper, research, start, etc.) as the so-called stop-words. Next, we performed an intrinsic evaluation and computed a coherence value to identify the optimal number of topics. The highest coherence score (= 0.35) we obtained for four topics. The research procedure used in the article is illustrated in Fig. 1.

E. OTHER METHODS
In our analysis, we also applied two other topic modeling and knowledge extraction methods: BERTopic and Knowledge Graphs. BERTopic, a topic modeling technique based on the BERT (Bidirectional Encoder Representations from Transformers) model [97] resulted in an exceptionally high number of outliers (75 out of 129 articles did not fit into any of the topics). On the other hand, knowledge graphs generated with the use of a SpaCy.io library [98] displayed a very high number of relations making it very difficult to infer topic VOLUME 10, 2022  groups. That is why in this paper, we limited our analysis to LDA and VOSviewer.
The initial results for BERTopic and knowledge graphs justified our decision to focus solely on LDA application to the I4.0 toolset (methods, technologies, tools) in our Critical Infrastructure review: interested readers can find a more in-depth LDA presentation in e.g. [92], [93], [95].

A. GENERAL POPULARITY OF TOPICS
Given that the relationship between CI and I4.0 is such a niche topic, it was initially decided to search the Scopus and Web of Science Core Collection databases only for ''critical infrastructure'', for ''Industry 4.0'', and for a conjunction of the same. Under these criteria, the number of papers identified oscillated between 700,000 and 800,000. The results for the full terms ''critical infrastructure'' and ''Industry 4.0'' found in the titles, abstracts, and keywords of papers listed in the Scopus and Web of Science Core Collection databases are presented in Table 1.
Despite the much larger total number of texts on critical infrastructure and Industry 4.0 in the Scopus database (see Table 1), the proportions of texts tackling both issues to the summarized number of all found papers are ca. 2.0%• (Scopus) and 1.5%• (WoS CC). That was a good symptombecause it indicated that in both databases the subject of CI & I4.0 taken jointly is rarely discussed. The above considerations proved that critical infrastructure and Industry 4.0 are both separately considered as highly important and interesting. However, cross-thematic research tackling the same jointly seems to be in short supply. There is a gap in the body of knowledge regarding the impact of Industry 4.0 on critical infrastructure, its safety, and management. Meanwhile, both research directions are of crucial interest to modern economies. Therefore, one has to ask if Industry 4.0 technologies can support critical infrastructure, its safety, and management, or not, and whether I4.0 solutions may be considered a part of the critical infrastructure themselves. It is worth discussing the promises and potential of I4.0 as well as the existing threats stemming from its application within critical infrastructure systems.

B. BIBLIOGRAPHIC NETWORK ANALYSIS USING VOSVIEWER
The Global Citation Score (GCS) is used to determine the group of leading flares in the analyzed study area and to detect groundbreaking publications. Table 2 presents 10 of the most frequently cited papers ranked by their GCS in the Scopus database.
The most seminal works accordingly to GCS are presented in Table 2. A paper Sadeghi et al. [99] was by far the highest ranking of the lot. Another ranking of papers was constructed to identify recent groundbreaking studies that could have a potentially significant impact and promising scientific input on Industry 4.0 & critical infrastructure. The ranking based on citations in 2021 divided by years since publication (Table 3) identified four articles [100]- [103] that were not previously included in the GCS ranking (II). It is also important to notice that high GCS values did not always correspond to studies with a large impact and promising scientific input on I4.0 & CI. Based on the GCS, recent groundbreaking publications lean towards topics related to the Internet of Things (IoT) [102], [104], Industrial IoT systems [99], [107], Cyber-Physical Systems (CPSs) as a part of IoT-oriented infrastructure [106], [108], and Industrial Control Systems (ICS) [112]. One paper distinguished by a very high number of citations was also published early [99], i.e. they had initiated a scientific discussion on the security, privacy challenges, and cybersecurity themes. These are undoubtedly the main areas discussed in the most quoted papers. Sub-themes include issues related to the uses of IoT, IIoT, CPSs, and other Industry 4.0 technologies in the management of critical infrastructure, cities (smart cities), or entire economies. There are also studies that only to a very small extent concern critical infrastructure. In the same, the potential of Industry 4.0 is shown in the context of sustainable production and circular economy [110] as well as strategies for providers and users of Industry 4.0 [105]. It is worth noting that two papers [101], [102] already have 10 or more citations despite having been published as recently as in 2021.
The reference number of keywords (three) was adopted in accordance with proposals tested in previous studies [113], [114]. Using the VOSviewer program, a network (Fig. 2) consisting of 20 nodes corresponding to 4 clusters was obtained. In Fig. 2, each cluster is highlighted using a different color. Occurrences were used as weights. The size and clarity of a node corresponds to the frequency of its occurrence in the analyzed set. In turn, the proximity of particular elements indicates more frequent co-occurrence in specific sets as compared to the more distant elements.
The minimum number of authors' keywords in the set of selected documents was 3. If a higher value were selected, the number of keywords and clusters identified would decrease, which could lead to the omission of an important issue that has not yet been sufficiently investigated and described or is simply not properly exposed in the paper. For example, if the minimum number of author's keywords in a set of selected documents was set to 4, the query would return 13 keywords and 4 clusters, and for the value of 5, there would only be 8 keywords and 3 clusters. Conversely, setting a value lower than 3 would return too many words as keywords.
To understand the research trajectories, keywords are listed according to their total link strength, i.e. their importance in the cluster [115]. There were 75 links in the developed co-occurrence network and the total link strength was 99. The total link strength attribute indicates the total strength of the co-occurrence of a given keyword with other keywords. The higher the value, the more frequently a given keyword coexists with others and is more relevant to the network. Detailed information on the selected author's keywords is provided in Table 4.
The obtained clusters were described with reference to the papers in which the searched keywords appeared. This allowed us to present the results of research in given areas related to Industry 4.0 and critical infrastructure. The resulting clusters delineated by the authors' keywords are presented in Table 5. The aggregation results are discussed in the discussion section. Fig. 3 shows a citation network based on the selected papers, using an overlay visualization. As a result, it became possible to identify publications with the largest number of links with others (weights) within the entire network (129 papers). At the same time, the total number of citations in the Scopus database was presented using a color scale (from 0 -blue to 20 citations -yellow).
As we can see in Fig. 3, there was no greater network of citations, and the connected citations formed clusters of only up to 2 papers (5 such mini clusters were identified). Those instances indicate cases where a topic already discussed by one author was elaborated on by another. Klingenberg et al. [100] reviewed Industry 4.0 technologies for a data-driven paradigm wherein the analyzed technologies included, inter alia, Industrial Control Systems and IoT [112].  Popkova et al. [104] presented a model of state management in an IoT-based economy, and Tagirovet al. [116] proposed development scenarios for regions relying on Digital Economy. One study [117] addressed Industry 4.0 and national security issues, while another paper by the same team [118] presented considerations regarding cryptocurrency and national security. Montalban et al. [119] described non-orthogonal multiple access (NOMA) in combination with the 802.11n standard, and Forenbacher et al [120] described the results of a laboratory analysis on the use of an IEEE 802.11 wireless network in the presence of wireless audio transmissions. Another study [99] discussed the issues of security and privacy challenges in IIoT, while [121] discussed the issue of securing emergent IoT applications.
This may be seen as evidence to considerable dispersion of research, as well as disaggregation of the results obtained. Furthermore, no major direction of research could be identified as the respective topics were quite distant from each other. This may have been due to the fact that the authors all focused on rather narrow areas of critical infrastructure.

C. TOPICS IDENTIFIED USING LATENT DIRICHLET ALLOCATION
We employed the LDAvis method to identify and analyze the most important topics in the area of I4.0 usage in critical infrastructure management [76]. Fig. 4, Fig. 5, Fig. 6, and Fig. 7 present characteristics of the corresponding topics.
There were 42 articles under Topic 1, which corresponded to 31.9% of the studies analyzed. The prominent words in terms of frequency of occurrence in Topic 1 were systems, industry, security, technology, infrastructure, attack, critical, and network. The keywords applicable to topic one clearly suggest a focus on network technologies understood as the critical infrastructure of industrial systems. The dominant issues include cyber security and the types of attacks to which the infrastructure that keeps industry running may be susceptible.
There were 38 articles pertaining to Topic 2, which represented 29.9% of the studies analyzed. The prominent words in terms of frequency of occurrence in Topic 2 were systems, security, infrastructure, industry, critical, IoT, smart, cps, challenge, and framework. The thematic scope of the second set of papers can be boiled down to challenges faced by industrial systems security, where the critical infrastructure framework consists specifically of IoT, smart, CPS technologies. The papers in this collection extended the set of network threats to include CPS vulnerabilities. At the same time, the strong connection between IoT, CPS, and human factors required to achieve the benefits of industrial transformation towards I4.0 were emphasized.
There were 32 articles related to Topic 3, which constituted 25.1% of the studies analyzed. The prominent words in terms of frequency of occurrence in Topic 3 were network, systems, service, datum, critical, infrastructure, industry, cloud, and smart. The papers classified under this selection pertained to the system of intelligent network services processing data in the computational cloud. The authors identified this system as infrastructure critical to the industry according to the idea of I4.0. However, there was no indication of specific technologies, as was the case for Topic 2. The indication of cloud computing as a platform for the integration of data from various systems was the element that distinguished papers classified under Topic 3 from those related to Topic 1. Moreover, papers under Topic 3 focused more on the network of mutual connections and the model of cooperation of available network services, omitting the aspect of security and vulnerability of such services.
There were 17 articles pertaining to Topic 4, which represented 13.2% of the studies analyzed. The prominent words in terms of frequency of occurrence in Topic 4 were industry, technology, critical, security, infrastructure, model, network, risk, and business. The papers classified under Topic 4 discussed network technologies as elements of infrastructure critical to the industry according to the idea of I4.0 under the modeling approach. Unlike other papers, the works in this group focused on the issues of security management and risks resulting from the utilization of I4.0 tools in the industry. The works were less concerned with technical issues. The discussion was shifted to issues related to the user of such implemented solutions or economic justification for their implementation.

A. GENERAL FINDINGS
Our expectation that the scientific discourse does indeed include some deliberations related to the relations between CI and I4.0 were confirmed. However, given the number of works devoted to exclusively I4.0 or CI, the intersection of these two topics proved surprisingly poorly explored and limited to only approx. 100 works (see Table 1).
It is clear that both CI and I4.0, taken separately, are perceived as highly significant by practitioners and researchers alike. This is hardly surprising as both issues constitute building blocks of modern economies. At the same time, the small number of works considering CI and I4.0 jointly demonstrates a shortage of transdisciplinary research oriented towards the impact that I4.0 has on CI, its safety, and management.
As follows from the citation analysis, the most cited work was a publication by Sadeghi et al. [99]. It achieved a significantly greater number of citations than any other text in the research area investigated (see Table 2 ). However, considering additional time factors in the analysis of significance (measured by the number of citations), allowed the identification of additional breakthrough works [100]- [103] that were not evident in the analysis of citation numbers as such. This means that the relatively early work by Sadeghi et al. [99] initiated a continued discourse on topics related to the challenges of security, safety, privacy, and cybersecurity. However, the leading topics were those focused on the (industrial) Internet of Things (IoT) and cyberphysical systems (CPSs) as a part of infrastructure dedicated to industrial control systems (ICSs).
Two papers [101], [102] were published fairly recently (2021), but have already gained a relatively high number of citations. Usually, the number of citations increases in the years following the publication, which in this case suggests some potential of the two works to become highly relevant to the discourse on CI and I4.0. Wu et al. [101] presented a convergence of blockchain and edge computing for secure and scalable industrial IoT considered as an element of critical infrastructure in I4.0 systems. Due to the digital transformation of I4.0 driven by smart factories, big data, and machine learning, CI is becoming increasing dependent on IoT devices, or IIoT in the context of I4.0, creating the so-called CI with IoT or IoT CI. (The International Data Corporation forecasts that by 2025, there will be approximately 41.6 billion active IoT devices, generating 79.4 zettabytes of data). The authors of the study highlight two major problems. Firstly, industrial control systems (ICS) were originally designed mainly for proprietary and closed infrastructures without paying too much attention to security issues, as traditional CIs are sort of isolated and are not vulnerable to cyberattacks. However, as these infrastructures connected to the internet via IoT, they became vulnerable to a wide range of cyberattacks, including Distributed Denial of Service (DDoS), malware, breach attack, brute force attack, manin-the-middle attack, SQL injection, and phishing. These   threaten the ability of ICSs to provide normal support for services. Scalability is another challenge which ICSs were not originally designed to handle. Given the remarkable increase in the number of IoT devices and the volume of data they collect and analyze, the traditional centralized manner of data collection and analysis is becoming the bottleneck of ICSs. The emerging blockchain and edge computing paradigms are promising technologies that can tackle the above challenges in terms of CI security and scalability. The convergence of the two technologies is vital to providing the necessary computation and storage for IoT, while simultaneously guaranteeing the security and scalability CI under I4.0. The authors also identified the following future research directions: 1)  [102] comprehensively analyzed the security and safety of cyber-physical energy systems. Threats were modeled to assess risks. Moreover, the model considered resources and their behavior under adverse scenarios using specific metrics to prioritize vulnerabilities. The presented framework for modeling, simulating, assessing, and mitigating attacks in a CPS was examined on the example of four case studies representing possible scenarios of attacks against energy CPS. The reasons behind the attention gained by this paper have been three-fold:

1) APPLICATION DOMAIN
The importance of energy systems as operations domain, their critical nature within the power grid infrastructure where attacks can lead to disastrous consequences;

2) THEMATIC DOMAIN
The increasing importance of cyber-security as such, considering the rapidly growing number of digital solutions in organizations, but also in individuals settings;

3) UTILITARIAN SPECIFIC
The presented computer simulation models allow practitioners to easily modify and adapt the scenarios to specific cases.
The analysis of the two papers corroborated the original assumption that the issue of the safety and security of cyber-physical systems is a highly relevant topic in research pertaining to CI and I4.0.
There is an evident shortage of studies on CI and I4.0 following a more holistic approach, as evidenced by the network analysis performed using VOSviewer software. The whole citation network was composed of 75 links, and their total strength was 99. Given the total number of works (129), this proves the high granularity of isolated studies on separate topics (see Fig. 3). The connected sub-networks of citations consist of a maximum of two papers. Five such mini clusters were identified. This evidences considerable dispersion of research as well as disaggregation of the results obtained. There is also no major direction of research, and topics are quite distant from each other. This was mainly due to the narrowed analyses focusing on specific I4.0 technologies limited to specific CI applications. A holistic overview of different issues pertinent to CI and I4.0 as a total paradigm is lacking. I4.0 technologies (mainly CPS, IoT) are already 'critical', but absent from scientific literature and studies discussing connections between CI and I4.0 issues.
The co-occurrence network consisted of six clusters (C1-C6, see Table 5 ), but its analysis led to aggregation into three final clusters (FC1-FC3), as described below.

B. TOPICS RESULTING FROM THE VOSVIEWER ANALYSIS 1) FC1 -SECURITY OF INDUSTRIAL CONTROL SYSTEMS
Final cluster 1 (FC1) corresponds to the initially identified cluster C1 (see Table 5 ) which deals with general issues related to security, with a particular focus on cybersecurity in industrial control systems (ICSs). ICS is considered by many authors to be the heart of critical infrastructure [122], [123] because it is mainly responsible for supervisory control and VOLUME 10, 2022 data collection (SCADA), process monitoring, and control of system information flows in the industry. The importance of cybersecurity in this context has been discussed in many papers [99], [101]- [103], [112], [124]. The cluster also includes studies on software-defined networking issues, which is an important element responsible for the security of data transmitted within the network [108] and can be a countermeasure for Address Resolution Protocol (ARP) spoofing in Communication-Based Train Control (CBTC) systems [125]. Testbeds play an important role in the processes of cybersecurity systems verification or software validation [102], [111], [125].

2) FC2 -I4.0 SOLUTIONS AS SUPPORTIVE CI ELEMENTS
The initially identified clusters 2, 3, 4, and 6 (see Table 5) were merged into FC2 (final cluster 2) as they all pertain to the same major thematic area: implementing Industry 4.0 technologies to support critical infrastructure. It should be noted that in some of the papers, the authors observed that the main technologies of Industry 4.0 support critical infrastructure [103], [106], but in other studies technologies such as CPSs [102], (I)IoT [101], [102], cloud computing [100], [124], blockchain [101] were considered important and inseparable elements of critical infrastructure as such.
In some publications, the authors explore the integration of various I4.0 technologies in the context of CI, e.g. connections (industrial) IoT, and CPSs [126]. The respective texts consider this topic at different levels, from the combination of I4.0 and CI at the level of entire economies (digital economy) [116], through smart cities [108], to the level of communication protocols enabling communication between machines (OPC Unified Architecture -OPC UA) [127]. The aspect of the relationship between I4.0 and CI that receives the most attention revolves around cybersecurity and related issues, e.g. intrusion detection [128].

3) FC3 -RELIABILITY, AND RESILIENCE OF CI
Final cluster FC3 corresponds to the initially identified cluster C5 (see Table 5 ). FC3 reflects maintenance strategies in the context of ensuring the continuity of operation of devices classified as critical infrastructure, e.g. refrigeration units in hospital buildings [129]. It also discusses cybersecurity capabilities that ensure the resilience of critical infrastructure [124], as well as the alignment of AI with disaster resilience management support systems [130]. An important aspect of resilience is indicated in the paper [102], which presents anomaly detection as an important category of ensuring for the security of energy CPS.

C. TOPICS RESULTING FROM THE LDA ANALYSIS
The LDAvis method allowed the identification of four leading topics in the area of I4.0 usage in CI management: -T1-network technologies as CI of industrial systems (see Fig. 4), -T2 -security of I4.0-based CI in industrial systems (where CI framework is specific IoT, smart, CPS technologies) (see Fig. 5, Fig. 6, and Fig. 7), -T3 -smart network services processing data in cloud computing (see Fig. 6), -T4 -I4.0-based modeling for network technologies as industrial CI (see Fig. 7).

D. MAPPING VOSVIEWER AND LDA RESULTS
Our analysis of results from VOSviewer and LDA revealed that the findings were mutually consistent. The results from VOSviewer and LDA are mapped in Fig. 8 below.
The conducted literature review revealed that researchers and practitioners are divided as to which elements constitute Industry 4.0, how these elements are interrelated, and where Industry 4.0 specifically applies. Regardless of the definition, the idea of industry 4.0 indicates a transition from centralized production towards production that is highly flexible and self-controlled. Kolberg and Zuehlke [9] present Industry 4.0 as a further development of CIM and thus as a network approach that complements CIM through ICT. The integration of automation technologies supports this approach, e.g., cyber-physical systems (CPS), collaborative robots, cloud computing, and big data sets, with the production environment via IoT [10]. This provides the opportunity to network the entire factory, creating an intelligent environment with the efficiency and capacity far exceeding the existing capabilities of manufacturing companies. While this undoubtedly creates new opportunities, one must also consider the new unknown risks that may arise in this context.
The analyzed research indicates that the issue of CI appears in the context of technologies enabling the realization of the Industry 4.0 paradigm. In particular, many papers elaborate on the uses of network technologies, cyber-physical Systems, IoT, and cloud computing. The available studies indicate that Industry 4.0 is no longer a trend of the future. For many enterprises, it has lain at the very heart of their strategic and research agenda for five or more years [131]. In this context, Industry 4.0 and the technologies enabling its implementation may soon be included in the category of CI on which the proper functioning of the economy, society, and public administration will depend. At the same time, a substantial body of work already indicates that the technologies considered to be the foundations of I4.0 are currently widely used in systems classified as CI. Examples of the most advanced applications include IoT and CPS in the power industry, wastewater treatment systems, or systems for transporting electricity, oil, and gas.
However, there were no works discussing the applications of I4.0 technologies in systems such as food production, rescue services, medical care system, or public administration.  This is likely due to overall lack of papers focusing on non-technical CI systems. They appear in literature only as complementary elements to case studies discussing technical systems [60]. Secondly, it simply is easier to apply I4.0 technologies in CI systems of a technical nature because the problems occurring in these systems are analogous to those observed in manufacturing companies.
As follows from the literature review, the central topic of the current scientific discourse pertaining to the protection of Industry 4.0 is the issue of cybersecurity. The works analyzed focused on identifying threats related to network technologies. The results revealed a field of study in its fledgling stage, with a limited number of experts operating somewhat in isolation and offering single-point solutions instead of taking an integrated, holistic approach. In addition, deliberations on the security of elements identified as essential to Industry 4.0 do not consider all the threats to which the respective elements of Industry 4.0 are susceptible. Available works focus on the impact of single technologies supporting Industry 4.0 or the role of humans in the new industrial reality. There are also no practical guidelines or methods to consider when dealing with different types of threats at the decision-making stage with a view to lowering risk to an acceptable level. The available works tend to provide theoretical considerations, identifying success factors or barriers to applying technologies supporting Industry 4.0.
A few works present solutions as holistic cybersecurity management where the decision-making model can select an optimal portfolio of security safeguards. AI for minimizing cybersecurity investment and the expected cost of losses from security breaches in a supply chain [132].
Literature does not cover the impacts of CI needs on the I4.0 paradigm and technologies development. Therefore, Fig. 9 depicts only a one-directional relation between I4.0 and CI. One expects that the missing direction of interactions (CI to I4.0) ought to be covered in future research.
In general, literature delivers atomized knowledge on I4.0 technologies employed to support the management of CI and I4.0 applications as a part of CI (see relations between ''Specific technologies'' and ''CI'' entities in Fig. 9). However, research on how the full I4.0 paradigm could impact different types of CI is lacking (see relations between ''Paradigm'' and ''CI'' entities in Fig. 9).
The presented areas of research (Fig. 8) selected as a result of a literature review may be the basis of further, much more deepened research. Despite the existence of several papers in separate areas, many issues still require significant effort to researchers and practitioners.
Within FC1 and T2, future research should concern the issue of cybersecurity [51,126] and leaking of sensitive data [46]. Blockchain technologies [21], [23], [26], [46], [101] and Digital Twin [24,59] can be very important in this area. The development of IioT [101] will also be very important, and in particular the use of CloudEdge technology (data anonymization) [128]. Certainly, efforts will also be carried out on improving existing or creating new communication protocols, as well as the development of SCADA [125], [127].
Within FC2, T1 and T3, the development of cloud processing [100], [124] and faster processing of increasing amounts of available data (Big Data) [46], [47] can be indicated for key areas of future research. The continuous development of CPSs [55], [56], [102], [103], [112] is also significant, which currently constitute the basis for the functioning of many enterprises and enable much faster data flow or shop floor communication in real time.
Within FC3 and T4, very important works will concern issues related to the integration of systems within CI, as well as increasing their reliability and resilience [32], [36], [38], [41], [42], [45], [53], [57], [58], [59]. AI can be an important support here [51], [52], [66]. It should be noted that research are increasingly conducted on critical infrastructure facilities (e.g. hospitals, power plants), where reliability and resilience are the most important aspects [129]. Everything indicates that this trend will be maintained. An important aspect in the context of CI facility safety is to conduct a holistic research [25] considering either cyber security and physical security, technical security, legal security, personal security and business continuity.

V. CONCLUSION
There are not many works jointly covering both topics of I4.0 and CI, but there are plenty discussing each of the topics VOLUME 10, 2022 separately. One can note the complete absence of holistic works jointly addressing CI (not specific to any domain) and I4.0 from a general perspective, where I4.0 is understood as both solutions supporting CI management and solutions constituting an intermittent part of CI itself. Moreover, the current body of literature covers only selected I4.0 elements and is often focused on specific technologies, instead of the paradigmatic I4.0 itself and its full toolset of solutions and technologies. However, not even all of the most promising I4.0 aspects have been sufficiently discussed in the context of CI. For example, there are scarcely any studies on computer simulation modeling and digital twin applications and potential. The main research directions pursued currently and likely to remain dominant in the nearest future are oriented towards security, reliability, and resilience issues of specific I4.0 technologies considered as elements of CI or as tools supporting CI management. One has to conclude that the reality has now outpaced scientific research. Therefore, two main directions for further study should be considered, 1/ including also white papers and reports published on different levels (e.g. by national agencies responsible for CI management, etc.), and 2/ computer simulation modeling of I4.0 applications in CI systems. Both aspects are currently severely lacking in our research and scientific literature. Core technologies for I4.0 not only affect CI security but are already a key component thereof. This is particularly obvious in CI systems responsible for electricity production and transmission, pipeline transport, petroleum processing, or wastewater treatment. Therefore, it is necessary to undertake research on the development of CI operation models with adequate consideration of the full I4.0 paradigm. In this context, the presented results provide the starting point for more in-depth studies and may serve as an inspiration for the scientific community. There is a need for a holistic framework of CI and I4.0, but detailed case studies are also lacking, especially in terms of simulation modeling of I4.0 and CI interactions.