Cyber-Physical Security Through Resiliency: A Systems-centric Approach

Cyber-physical systems (CPS) are often defended in the same manner as information technology (IT) systems -- by using perimeter security. Multiple factors make such defenses insufficient for CPS. Resiliency shows potential in overcoming these shortfalls. Techniques for achieving resilience exist; however, methods and theory for evaluating resilience in CPS are lacking. We argue that such methods and theory should assist stakeholders in deciding where and how to apply design patterns for resilience. Such a problem potentially involves tradeoffs between different objectives and criteria, and such decisions need to be driven by traceable, defensible, repeatable engineering evidence. Multi-criteria resiliency problems require a system-oriented approach that evaluates systems in the presence of threats as well as potential design solutions once vulnerabilities have been identified. We present a systems-oriented view of cyber-physical security, termed Mission Aware, that is based on a holistic understanding of mission goals, system dynamics, and risk.

[1]  Paulo Tabuada,et al.  Robustness of attack-resilient state estimators , 2014, 2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS).

[2]  Nancy G. Leveson,et al.  Engineering a Safer World: Systems Thinking Applied to Safety , 2012 .

[3]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[4]  Dimitrios Serpanos,et al.  There Is No Safety Without Security and Dependability , 2019, Computer.

[5]  Stephen C. Adams,et al.  Selecting System Specific Cybersecurity Attack Patterns Using Topic Modeling , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[6]  Nancy G. Leveson,et al.  Inside Risks An Integrated Approach to Safety and Security Based on Systems Theory , 2013 .

[7]  Georgios Bakirtzis,et al.  A systems approach for eliciting mission-centric security requirements , 2018, 2018 Annual IEEE International Systems Conference (SysCon).

[8]  Xavier Litrico,et al.  Cyber Security of Water SCADA Systems—Part I: Analysis and Experimentation of Stealthy Deception Attacks , 2013, IEEE Transactions on Control Systems Technology.

[9]  Dimitrios Serpanos,et al.  The Cyber-Physical Systems Revolution , 2018, Computer.

[10]  Stephen C. Adams,et al.  A Preliminary Design-Phase Security Methodology for Cyber-Physical Systems , 2019, Syst..

[11]  Cody H. Fleming,et al.  Fundamental Challenges of Cyber-Physical Systems Security Modeling , 2020, 2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S).

[12]  Georgios Bakirtzis,et al.  Looking for a Black Cat in a Dark Room: Security Visualization for Cyber-Physical System Design and Analysis , 2018, 2018 IEEE Symposium on Visualization for Cyber Security (VizSec).

[13]  Nancy G. Leveson,et al.  Safety Assessment of Complex, Software-Intensive Systems , 2012 .

[14]  Igor Linkov,et al.  Resilience metrics for cyber systems , 2013, Environment Systems and Decisions.

[15]  Cody H. Fleming,et al.  Data-Driven Vulnerability Exploration for Design Phase System Analysis , 2020, IEEE Systems Journal.

[16]  Roy Sterritt,et al.  Fulfilling the Vision of Autonomic Computing , 2010, Computer.

[17]  Barry M. Horowitz,et al.  A System‐Aware Cyber Security architecture , 2012, Syst. Eng..