scholarly journals Risk Management and Standard Compliance for Cyber-Physical Systems of Systems

2021 ◽  
Vol 13 (2) ◽  
pp. 32-39
Author(s):  
George Matta ◽  
Sebastian Chlup ◽  
Abdelkader Magdy Shaaban ◽  
Christoph Schmittner ◽  
Andreas Pinzenöhler ◽  
...  
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Security Analysis ◽  
Cyber Physical Systems ◽  
Risk Identification ◽  
Security Requirements ◽  
Systems Of Systems ◽  
Physical Systems ◽  
Railway Systems ◽  
Industry Standards

The Internet of Things (IoT) and cloud technologies are increasingly implemented in the form of Cyber-Physical Systems of Systems (CPSoS) for the railway sector. In order to satisfy the security requirements of Cyber-Physical Systems (CPS), domainspecific risk identification assessment procedures have been developed. Threat modelling is one of the most commonly used methods for threat identification for the security analysis of CPSoS and is capable of targeting various domains. This paper reports our experience of using a risk management framework identify the most critical security vulnerabilities in CPSoS in the domain and shows the broader impact this work can have on the domain of safety and security management. Moreover, we emphasize the application of common analytical methods for cyber-security based on international industry standards to identify the most vulnerable assets. These will be applied to a meta-model for automated railway systems in the concept phase to support the development and deployment of these systems. Furthermore, it is the first step to create a secure and standard complaint system by design.

scholarly journals The Study on the Cyber Security Requirements of Cyber-Physical Systems for Cyber Security Frameworks

2012 ◽  
Vol 7 (5) ◽  
pp. 255-265
Author(s):  
Soo-Youl Park ◽  
Wook-Jin Choi ◽  
Bo-Heung Chung ◽  
Jeong-Nyeo Kim ◽  
Joo-Man Kim
Keyword(s):  
Cyber Security ◽  
Cyber Physical Systems ◽  
Security Requirements ◽  
Physical Systems

scholarly journals A Preliminary Design-Phase Security Methodology for Cyber–Physical Systems

Systems ◽  
2019 ◽  
Vol 7 (2) ◽  
pp. 21 ◽  
Author(s):  
Bryan Carter ◽  
Stephen Adams ◽  
Georgios Bakirtzis ◽  
Tim Sherburne ◽  
Peter Beling ◽  
...  
Keyword(s):  
Systems Engineering ◽  
Cyber Security ◽  
Cyber Physical Systems ◽  
Security Requirements ◽  
Complex Nature ◽  
Theoretic Model ◽  
Physical Systems ◽  
Model Based ◽  
The Face ◽  
Comparison Of The Results

Despite “cyber” being in the name, cyber–physical systems possess unique characteristics that limit the applicability and suitability of traditional cybersecurity techniques and strategies. Furthermore, vulnerabilities to cyber–physical systems can have significant safety implications. The physical and cyber interactions inherent in these systems require that cyber vulnerabilities not only be defended against or prevented, but that the system also be resilient in the face of successful attacks. Given the complex nature of cyber–physical systems, the identification and evaluation of appropriate defense and resiliency strategies must be handled in a targeted and systematic manner. Specifically, what resiliency strategies are appropriate for a given system, where, and which should be implemented given time and/or budget constraints? This paper presents two methodologies: (1) the cyber security requirements methodology and (2) a systems-theoretic, model-based methodology for identifying and prioritizing appropriate resiliency strategies for implementation in a given system and mission. This methodology is demonstrated using a case study based on a hypothetical weapon system. An assessment and comparison of the results from the two methodologies suggest that the techniques presented in this paper can augment and enhance existing systems engineering approaches with model-based evidence.

scholarly journals Tool for Risk-Based Operation of Socio-Cyber-Physical Systems

2021 ◽  
Vol 2 (4) ◽  
pp. 20-28
Author(s):  
Dana Prochazkova
Keyword(s):  
Risk Management ◽  
Preventive Measures ◽  
Management Plan ◽  
Cyber Physical Systems ◽  
Life Cycles ◽  
Critical Conditions ◽  
Human Society ◽  
Dynamic Changes ◽  
Systems Of Systems ◽  
Physical Systems

The human’s lives are strongly dependent on operation of socio-cyber-physical systems that create vitally infrastructure of human society system. These systems are complex systems, which have form “systems of systems”. Due to complexity, these systems are threatening not only by risks influencing their elements, but also with risks connected with uncomfortable links and flows among elements, which occur at critical conditions due to occurrence of unexpected interdependences. The aim of risk management of socio-cyber-physical systems at operation is the integral safety which ensures their co-existence with their vicinity throughout their life cycles. On the basis of present knowledge and experience, part of risks that threaten socio-cyber-physical systems is coped by preventive measures during their designing and manufacturing. Due to dynamic changes of the world, the conditions of socio-cyber-physical systems at operations change. If changes exceed the socio-cyber-physical systems´ safety limits which were inserted into their designs, the accidents or socio-physical -cyber-physical systems´ failures occur. The presented risk management plan is tool which ensures the correct response to such unaccepted situations and fast ensuring the safety.

scholarly journals Managing Cyber Security Risks of the Cyber-Enabled Ship

2020 ◽  
Vol 8 (10) ◽  
pp. 768
Author(s):  
Georgios Kavallieratos ◽  
Sokratis Katsikas
Keyword(s):  
Cyber Security ◽  
Cyber Physical Systems ◽  
Transformation Process ◽  
Cyber Attacks ◽  
Security Requirements ◽  
Shipping Industry ◽  
Security Risks ◽  
Industrial Control Systems ◽  
Physical Systems ◽  
Cyber Risk

One aspect of the digital transformation process in the shipping industry, a process often referred to as Shipping 4.0, is the increased digitization of on board systems that goes along with increased automation in and autonomy of the vessel. This is happening by integrating Information Technology with Operation Technology systems that results in Cyber Physical Systems on which the safe operations and sailing of contemporary and future vessels depend. Unavoidably, such highly interconnected and interdependent systems increase the exposure of the vessel’s digital infrastructure to cyber attacks and cyber security risks. In this paper, we leverage the STRIDE and DREAD methodologies to qualitatively and quantitatively assess the cyber risk of Cyber Physical Systems on board digitalized contemporary and future ships. Further, we propose appropriate cyber security baseline controls to mitigate such risks, by applying a systematic approach using a set of criteria that take into account the security requirements; the cyber risks; the possible attacks; and the possibly already existing controls, to select from the list of controls provided in the Industrial Control Systems (ICS) overlay of the NIST Guide to ICS Security. The results are expected to support the decision-making and the design of a security architecture for the cyber-enabled ship.

Security of Cyber-Physical Systems: A Generalized Algorithm for Intrusion Detection and Determining Security Robustness of Cyber Physical Systems using Logical Truth Tables

2013 ◽  
Vol 9 ◽  
Author(s):  
Curtis G. Northcutt
Keyword(s):  
Intrusion Detection ◽  
Cyber Security ◽  
Logical Truth ◽  
Cyber Physical Systems ◽  
Security Model ◽  
Security Measures ◽  
Physical Systems ◽  
Multiple Signal ◽  
Security Attack ◽  
Truth Tables

The recent proliferation of embedded cyber components in modern physical systems [1] has generated a variety of new security risks which threaten not only cyberspace, but our physical environment as well. Whereas earlier security threats resided primarily in cyberspace, the increasing marriage of digital technology with mechanical systems in cyber-physical systems (CPS), suggests the need for more advanced generalized CPS security measures. To address this problem, in this paper we consider the first step toward an improved security model: detecting the security attack. Using logical truth tables, we have developed a generalized algorithm for intrusion detection in CPS for systems which can be defined over discrete set of valued states. Additionally, a robustness algorithm is given which determines the level of security of a discrete-valued CPS against varying combinations of multiple signal alterations. These algorithms, when coupled with encryption keys which disallow multiple signal alteration, provide for a generalized security methodology for both cyber-security and cyber-physical systems.

scholarly journals Conceptualizing the key features of cyber‐physical systems in a multi‐layered representation for safety and security analysis

2019 ◽  
Vol 23 (2) ◽  
pp. 189-210 ◽  
Author(s):  
Nelson H. Carreras Guzman ◽  
Morten Wied ◽  
Igor Kozine ◽  
Mary Ann Lundteigen
Keyword(s):  
Security Analysis ◽  
Cyber Physical Systems ◽  
Physical Systems ◽  
Key Features

scholarly journals Graceful extensibility in asset management: extending the capacity to adapt in managing cyber-physical railway systems

2021 ◽  
Author(s):  
Jan-jaap Moerman ◽  
Jan Maarten Schraagen ◽  
Jan Braaksma ◽  
Leo van Dongen
Keyword(s):  
Asset Management ◽  
Adaptive Systems ◽  
New Technologies ◽  
Autonomous Driving ◽  
Cyber Physical Systems ◽  
Transportation Systems ◽  
Rolling Stock ◽  
Railway Transportation ◽  
Physical Systems ◽  
Railway Systems

AbstractGraceful extensibility has been recently introduced and can be defined as the ability of a system to extend its capacity to adapt when surprise events challenge its boundaries. It provides basic rules that govern adaptive systems. Railway transportation systems can be considered cyber-physical systems that comprise interacting digital, analog, physical, and human components engineered for safe and reliable railway transport. This enables autonomous driving, new functionalities to achieve higher capacity, greater safety, and real-time health monitoring. New rolling stock introductions require continuous adaptations to meet the challenges of these complex railway systems as an introduction takes several years to complete and deals with changing stakeholder demands, new technologies, and technical constraints which cannot be fully predicted in advance. To sustain adaptability when introducing new rolling stock, the theory of graceful extensibility might be valuable but needs further empirical testing to be useful in the field. This study contributes by assessing the proto-theorems of graceful extensibility in a case study in the railway industry by means of adopting pattern-matching analysis. The results of this study indicate that the majority of theoretical patterns postulated by the theory are corroborated by the data. Guidelines are proposed for further operationalization of the theory in the field. Furthermore, case results indicate the need to adopt management approaches that accept indeterminism as a complement to the prevailing deterministic perspective, to sustain adaptability and deal effectively with surprise events. As such, this study may serve other critical asset introductions dealing with cyber-physical systems in their push for sustained adaptability.

Sign in / Sign up

Export Citation Format

Share Document