Cyber-physical systems are a major part of the industry.
Because attacks constantly change and compromise multiple devices or components, ensuring security in these systems becomes critical.
As threats to the company's systems are increasingly understood, one needs proper tools to analyze attacks or suspicious behaviors.
Honeypots have existed since the eighties and evolved into different varieties of security tools, classified depending on their purpose, behavior, and architecture.
Honeynets are realistic imitations of a system of information presented as an ideal target for attackers without any risk to the company.
The main goal of honeynets consists of maintaining as long as possible any attacker into the fake system, capturing data such as behavior, tools, and exploits involved during the attack.
When this data is collected, one can analyze it to build a more efficient defense.
This paper gives a reference architecture of honeynet technology and future directions for honeynets leading to a survey.
Future directions concern the legal issue of using honeypots, risks added by the implementation of honeynets, how reproducible collected attacks are, and how to motivate attackers to compromise a honeypot.
\end{abstract}