Yong Peng,Tianbo Lu,Jingli Liu,Yang Gao,Xiaobo Guo,Feng Xie

DOI: https://doi.org/10.1109/iih-msp.2013.116

2013-01-01

Abstract:Cyber Physical System (CPS) is a combination of physical systems with cyber systems, where there is a tight coupling between the two systems. It is widely used in critical national infrastructure, such as electric power, petroleum and chemical industries. Once an attack against the CPS obtains success, the consequence will be unimaginable. A well-designed risk assessment of CPS will provide an overall view of CPS security status and support efficient allocations of safeguard resources. Though there is much relationship between CPS and IT system, they are still different in various aspects, especially the requirement for real-time. Therefore, traditional risk assessment method for IT system can't be directly applied in CPS. New ideas on CPS risk assessment are in urgent need and one idea about this is addressed in this paper. Firstly, it presents a depict description of a three-level CPS architecture and makes an analysis on the corresponding security features in each level. Secondly, it sums up traditional risk assessment methods analyzes the differences between cyber physical system security and traditional IT system security. Finally, the authors blaze a trail under the new perspective of CPS after breaking the restriction of traditional risk assessment methods and propose a risk assessment idea for CPS.

Houda Harkat,Luis M. Camarinha-Matos,João Goes,Hasmath F.T. Ahmed

DOI: https://doi.org/10.1016/j.cie.2024.109891

IF: 7.18

2024-02-01

Computers & Industrial Engineering

Abstract:In recent years, cyber-physical systems (CPS) have been to many vital areas, including medical devices, smart cars, industrial systems, energy grid, etc. As these systems increasingly rely on Internet, ensuring their security requirements, which are different from those of ordinary information technology systems, has become an important research topic. However, the area is not yet well structured and, therefore, it is essential to review and analyze recent work in this field to better understand the adopted approaches and also to identify corresponding gaps and future interesting research directions. This article is based on a systematic literature review that addresses core issues in CPS security. Part of the focus is placed on the defense mechanisms introduced to help the system fully recover from attacks. However, the framework devoted to risk/threat assessments has also been highlighted, as there is a substantial need to strengthen the systems architecture to be more proactive. In addition, the ethical and societal impact of CPS is emphasized since it is essential to get a vision of the unintended outcomes of the possible evolution of these systems.

computer science, interdisciplinary applications,engineering, industrial

Beatrice Cassottana,Muhammad M Roomi,Daisuke Mashima,Giovanni Sansavini

DOI: https://doi.org/10.1111/risa.14089

Abstract:Cyber-physical systems (CPSs) are monitored and controlled by a computing and communicating core. This cyber layer enables better management of the controlled subsystem, but it also introduces threats to the security and protection of CPSs, as demonstrated by recent cyberattacks. The resulting governance and policy emphasis on cybersecurity is reflected in the academia by a vast body of literature. In this article, we systematize existing knowledge on CPS analysis. Specifically, we focus on the quantitative assessment of CPSs before and after the occurrence of a disruption. Through the systematic analysis of the models and methods adopted in the literature, we develop a CPS resilience assessment framework consisting of three steps, namely, (1) CPS description, (2) disruption scenario identification, and (3) resilience strategy selection. For each step of the framework, we suggest established methods for CPS analysis and suggest four criteria for method selection. The framework proposes a standardized workflow to assess the resilience of CPSs before and after the occurrence of a disruption. The application of the proposed framework is exemplified with reference to a power substation and associated communication network.The case study shows that the proposed framework supports resilience decision making by quantifying the effects of the implementation of resilience strategies.

Wenbo Wu,Rui Kang,Zi Li

DOI: https://doi.org/10.1109/icrse.2015.7366430

2015-01-01

Abstract:Cyber security is one of the most important risks for all types of cyber-physical systems (CPS). To evaluate the cyber security risk of CPS, a quantitative hierarchized assessment model consists of attack severity, attack success probability and attack consequence is proposed, which can assess the risk caused by an ongoing attack at host level and system level. Then the definitions and calculation methods of the three indexes are discussed in detail. Finally, this paper gives the risk assessment algorithm which describes the steps of implementation. Numerical example shows that the model can response to the attack timely and obtain the system security risk change curve. So that it can help users response to the risk timely. The risk change curve can also be used to predict the risk for the future time.

Mariana Segovia-Ferreira,Jose Rubio-Hernan,Ana Rosa Cavalli,Joaquin Garcia-Alfaro

DOI: https://doi.org/10.1145/3652953

2024-05-17

Abstract:Concerns for the resilience of Cyber-Physical Systems (CPS)s in critical infrastructure are growing. CPS integrate sensing, computation, control, and networking into physical objects and mission-critical services, connecting traditional infrastructure to internet technologies. While this integration increases service efficiency, it has to face the possibility of new threats posed by the new functionalities. This leads to cyber-threats, such as denial-of-service, modification of data, information leakage, spreading of malware, and many others. Cyber-resilience refers to the ability of a CPS to prepare, absorb, recover, and adapt to the adverse effects associated with cyber-threats, e.g., physical degradation of the CPS performance resulting from a cyber-attack. Cyber-resilience aims at ensuring CPS survival by keeping the core functionalities of the CPS in case of extreme events. The literature on cyber-resilience is rapidly increasing, leading to a broad variety of research works addressing this new topic. In this article, we create a systematization of knowledge about existing scientific efforts of making CPSs cyber-resilient. We systematically survey recent literature addressing cyber-resilience with a focus on techniques that may be used on CPSs. We first provide preliminaries and background on CPSs and threats, and subsequently survey state-of-the-art approaches that have been proposed by recent research work applicable to CPSs. In particular, we aim at differentiating research work from traditional risk management approaches based on the general acceptance that it is unfeasible to prevent and mitigate all possible risks threatening a CPS. We also discuss questions and research challenges, with a focus on the practical aspects of cyber-resilience, such as the use of metrics and evaluation methods as well as testing and validation environments.

Cryptography and Security

Somali Chaterji,Parinaz Naghizadeh,Muhammad Ashraful Alam,Saurabh Bagchi,Mung Chiang,David Corman,Brian Henz,Suman Jana,Na Li,Shaoshuai Mou,Meeko Oishi,Chunyi Peng,Tiark Rompf,Ashutosh Sabharwal,Shreyas Sundaram,James Weimer,Jennifer Weller

DOI: https://doi.org/10.48550/arXiv.2001.00090

2019-12-20

Abstract:Cyberphysical systems (CPS) are ubiquitous in our personal and professional lives, and they promise to dramatically improve micro-communities (e.g., urban farms, hospitals), macro-communities (e.g., cities and metropolises), urban structures (e.g., smart homes and cars), and living structures (e.g., human bodies, synthetic genomes). The question that we address in this article pertains to designing these CPS systems to be resilient-from-the-ground-up, and through progressive learning, resilient-by-reaction. An optimally designed system is resilient to both unique attacks and recurrent attacks, the latter with a lower overhead. Overall, the notion of resilience can be thought of in the light of three main sources of lack of resilience, as follows: exogenous factors, such as natural variations and attack scenarios; mismatch between engineered designs and exogenous factors ranging from DDoS (distributed denial-of-service) attacks or other cybersecurity nightmares, so called "black swan" events, disabling critical services of the municipal electrical grids and other connected infrastructures, data breaches, and network failures; and the fragility of engineered designs themselves encompassing bugs, human-computer interactions (HCI), and the overall complexity of real-world systems. In the paper, our focus is on design and deployment innovations that are broadly applicable across a range of CPS application areas.

Computers and Society,Distributed, Parallel, and Cluster Computing,Systems and Control

Ashraf Darwish,Aboul Ella Hassanien

DOI: https://doi.org/10.1007/s12652-017-0575-4

IF: 3.662

2017-09-14

Journal of Ambient Intelligence and Humanized Computing

Abstract:Emerging cyber-physical systems (CPS) field will impact on every activity of the daily life in the next few years With the increasing advances in ICT information communication technology (ICT), multidisciplinary fields of research such as cyber-physical systems (CPS) have been wide. The emergence of cyber-physical-social systems (CPS) as a novel paradigm has revolutionized the relationship between humans, computers and the physical environment. This paper aims to present a comprehensive overview of CPS key aspects from different points of views such as design, methodology, and key enabler technologies such as sensor networks, Internet of Things (IoT), cloud computing, and multi-agent systems. Also, some important applications such as smart cities which are considered as one of the important application that will provide new services for healthcare applications, vehicular networks, energy distribution, the monitoring of environmental changes, business and commerce applications, emergency response, and other social activities and industrial systems are explored. Also, this paper considers the requirements and methodologies for CPS integrations such as CloudIoT and CloudIoV systems. Although, there are significant efforts and studies have been made towards CPS application, key challenges and problems in CPS have been identified in this paper to be considered as research issues the next few years.

computer science, information systems,telecommunications, artificial intelligence

Changbin Jiang,Ying Ma,Hong Chen,Yangyin Zheng,Shan Gao,Shengxue Cheng

DOI: https://doi.org/10.1108/LHT-11-2017-0256

2018-01-01

Library Hi Tech

Abstract:PurposeCyber physical system (CPS) has attracted much attention from industry, government and academia due to its dramatic impact on society, economy and people's daily lives. Scholars have conducted a number of studies on CPS. However, despite of the dynamic nature of this research area, a systematic and extensive review of recent research on CPS is unavailable. Accordingly, this paper conducts an intensive literature review on CPS and presents an overview of existing research on CPS. The purpose of this paper is to identify the challenges of studying CPS as well as the directions for future studies on CPS.Design/methodology/approachThis paper examines existing literatures about CPS from 2006 to 2018 in Compendex, presenting its definition, architectures, characteristics and applications.FindingsThis study finds that CPS is closely integrated, diversified and large-scale network with complex multiple time scales. It requires dynamic reorganization/reconfiguration, mass computing, and closed, automated and control circuits. Currently, CPS has been applied in smart manufacturing, medical systems, smart city and smart libraries. The main challenges in designing CPS are to develop, to modify, to integrate abstractions and to set predictable timing of openness and physical interconnection of physical devices. Furthermore, security is a key issue in CPS.Originality/valueThis study adds knowledge to the existing literature of CPS by answering what the current level of development on CPS is and what the potential future research directions of CPS are.

Gongpu CHEN,Xianghui CAO,Changyin SUN

DOI: https://doi.org/10.13878/j.cnki.jnuist.2017.04.003

2017-01-01

Abstract:Cyber Physical Systems (CPSs) integrate control,communication and computation technologies to facilitate close interactions between human being and physical world.CPS is widely recognized as one of the revolutional technologies for smart cities,smart grid,intelligent manufacturing and so on.In all of these applications,due to potential vulnerability to cyber attacks,CPS security is one of the key design concerns and has drawn increasing research attention recently.In this paper,we provide a review of recent studies on CPS security.We first introduce several types of security threats that are able to cause severe damage to any target CPS if not well protected.We then present a survey of recent literature on attack analysis,detection and defeating strategies,and discuss a list of research challenges in this area.

Halima Ibrahim Kure,Shareeful Islam,Mustansar Ghazanfar,Asad Raza,Maruf Pasha

DOI: https://doi.org/10.1007/s00521-021-06400-0

2021-08-11

Neural Computing and Applications

Abstract:Risk management plays a vital role in tackling cyber threats within the cyber-physical system (CPS). It enables identifying critical assets, vulnerabilities and threats and determining suitable proactive control measures for the risk mitigation. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This paper aims for an effective cybersecurity risk management (CSRM) practice using assets criticality, predication of risk types and evaluating the effectiveness of existing controls. We follow a number of techniques for the proposed unified approach including fuzzy set theory for the asset criticality, machine learning classifiers for the risk predication and comprehensive assessment model (CAM) for evaluating the effectiveness of the existing controls. The proposed approach considers relevant CSRM concepts such as asset, threat actor, attack pattern, tactic, technique and procedure (TTP), and controls and maps these concepts with the VERIS community dataset (VCDB) features for the risk predication. The experimental results reveal that using the fuzzy set theory in assessing assets criticality supports stakeholder for an effective risk management practice. Furthermore, the results have demonstrated the machine learning classifiers exemplary performance to predict different risk types including denial of service, cyber espionage and crimeware. An accurate prediction of risk can help organisations to determine the suitable controls in proactive manner to manage the risk.

computer science, artificial intelligence

Ioannis Zografopoulos,Juan Ospina,XiaoRui Liu,Charalambos Konstantinou

DOI: https://doi.org/10.48550/arXiv.2101.10198

2021-01-25

Cryptography and Security

Abstract:Cyber-physical systems (CPS) are interconnected architectures that employ analog, digital, and communication resources for their interaction with the physical environment. CPS are the backbone of enterprise, industrial, and critical infrastructure. Thus, their vital importance makes them prominent targets for malicious attacks aiming to disrupt their operations. Attacks targeting cyber-physical energy systems (CPES), given their mission-critical nature, can have disastrous consequences. The security of CPES can be enhanced leveraging testbed capabilities to replicate power system operations, discover vulnerabilities, develop security countermeasures, and evaluate grid operation under fault-induced or maliciously constructed scenarios. In this paper, we provide a comprehensive overview of the CPS security landscape with emphasis on CPES. Specifically, we demonstrate a threat modeling methodology to accurately represent the CPS elements, their interdependencies, as well as the possible attack entry points and system vulnerabilities. Leveraging the threat model formulation, we present a CPS framework designed to delineate the hardware, software, and modeling resources required to simulate the CPS and construct high-fidelity models which can be used to evaluate the system's performance under adverse scenarios. The system performance is assessed using scenario-specific metrics, while risk assessment enables system vulnerability prioritization factoring the impact on the system operation. The overarching framework for modeling, simulating, assessing, and mitigating attacks in a CPS is illustrated using four representative attack scenarios targeting CPES. The key objective of this paper is to demonstrate a step-by-step process that can be used to enact in-depth cybersecurity analyses, thus leading to more resilient and secure CPS.

Tianbo Lu,Jinyang Zhao,Lingling Zhao

2016-01-01

Abstract:Cyber Physical System (CPS) is extensively used in various fields like critical infrastructure control, vehicular system and transportation, social networking, medical and healthcare systems. The security concern for CPS is of utmost importance. CPS is vulnerable to many kinds of attacks that may cause major loss and potential security risk. In this paper, we will elaborate the requirement of security in CPS on the basis of attacks on CPS taking into account the existing security issues and the challenges to provide the security.

Shaofei Huang,Christopher M. Poskitt,Lwin Khin Shar

2024-09-19

Abstract:Cyber-physical systems (CPS) are at the intersection of digital technology and engineering domains, rendering them high-value targets of sophisticated and well-funded cybersecurity threat actors. Prominent cybersecurity attacks on CPS have brought attention to the vulnerability of these systems, and the inherent weaknesses of critical infrastructure reliant on CPS. Security modelling for CPS is an important mechanism to systematically identify and assess vulnerabilities, threats, and risks throughout system lifecycles, and to ultimately ensure system resilience, safety, and reliability. This survey delves into state-of-the-art research in CPS security modelling, encompassing both threat and attack modelling. While these terms are sometimes used interchangeably, they are different concepts. This article elaborates on the differences between threat and attack modelling, examining their implications for CPS security. A systematic search yielded 428 articles, from which 15 were selected and categorised into three clusters: those focused on threat modelling methods, attack modelling methods, and literature reviews. Specifically, we sought to examine what security modelling methods exist today, and how they address real-world cybersecurity threats and CPS-specific attacker capabilities throughout the lifecycle of CPS, which typically span longer durations compared to traditional IT systems. This article also highlights several limitations in existing research, wherein security models adopt simplistic approaches that do not adequately consider the dynamic, multi-layer, multi-path, and multi-agent characteristics of real-world cyber-physical attacks.

Cryptography and Security

Daniel Schneider,Jan Reich,Rasmus Adler,Peter Liggesmeyer

2024-05-06

Abstract:Cyber Physical Systems (CPS) enable new kinds of applications as well as significant improvements of existing ones in numerous different application domains. A major trait of upcoming CPS is an increasing degree of automation up to the point of autonomy, as there is a huge potential for economic success as well as for ecologic and societal improvements. However, to unlock the full potential of such (cooperative and automated) CPS, we first need to overcome several significant engineering challenges, where safety assurance is a particularly important one. Unfortunately, established safety assurance methods and standards do not live up to this task, as they have been designed with closed and less complex systems in mind. This paper structures safety assurance challenges of cooperative automated CPS, provides an overview on our vision of dynamic risk management and describes already existing building blocks.

Software Engineering

Zhenhua Yu,Hongxia Gao,Xuya Cong,Naiqi Wu,Houbing Herbert Song

DOI: https://doi.org/10.1109/JIOT.2023.3289625

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Cyber-physical systems (CPSs) are new types of intelligent systems that integrate computing, control, and communication technologies, bridging the cyberspace and physical world. These systems enhance the capabilities of our critical infrastructure and are widely used in a variety of safety-critical systems. CPSs are susceptible to cyber attacks due to their vulnerabilities such that their security has become a critical issue. Therefore, it is important to classify and comprehensively investigate this issue. Most of the existing surveys on it are conducted from a single perspective. In this article, we present a comprehensive view of the security of CPSs from three perspectives: 1) the physical domain; 2) the cyber domain; and 3) the cyber-physical domain. In the physical domain, we review some attacks that directly damage the physical components of CPSs such as sensors and discuss corresponding defenses. We also review the attacks that CPSs in the cyber domain may face and study methods to detect and defend against them. In addition, we survey the intelligent attacks faced by CPSs and the corresponding defensive means. In the cyber-physical domain, we provide an overview of attacks that come from the cyber domain and eventually damage the physical parts, and discuss the corresponding detection and defense methods. Finally, we present the challenges and future research directions. Through this in-depth review, we attempt to summarize the current security threats to CPSs and the state-of-the-art security means to provide researchers with a comprehensive overview.

Abdulmalik Humayed,Jingqiang Lin,Fengjun Li,Bo Luo

DOI: https://doi.org/10.48550/arXiv.1701.04525

2017-01-17

Abstract:With the exponential growth of cyber-physical systems (CPS), new security challenges have emerged. Various vulnerabilities, threats, attacks, and controls have been introduced for the new generation of CPS. However, there lack a systematic study of CPS security issues. In particular, the heterogeneity of CPS components and the diversity of CPS systems have made it very difficult to study the problem with one generalized model. In this paper, we capture and systematize existing research on CPS security under a unified framework. The framework consists of three orthogonal coordinates: (1) from the \emph{security} perspective, we follow the well-known taxonomy of threats, vulnerabilities, attacks and controls; (2)from the \emph{CPS components} perspective, we focus on cyber, physical, and cyber-physical components; and (3) from the \emph{CPS systems} perspective, we explore general CPS features as well as representative systems (e.g., smart grids, medical CPS and smart cars). The model can be both abstract to show general interactions of a CPS application and specific to capture any details when needed. By doing so, we aim to build a model that is abstract enough to be applicable to various heterogeneous CPS applications; and to gain a modular view of the tightly coupled CPS components. Such abstract decoupling makes it possible to gain a systematic understanding of CPS security, and to highlight the potential sources of attacks and ways of protection.

Cryptography and Security

Mariana Segovia,Jose Rubio-Hernan,Ana Rosa Cavalli,Joaquin Garcia-Alfaro

DOI: https://doi.org/10.48550/arXiv.2009.06927

2020-09-15

Abstract:Cyber-Physical Systems (CPS) use computational resources to control physical process and provide critical services. For this reason, an attack in these systems may have dangerous consequences in the physical world. Hence, resilience is a fundamental property to ensure the safety of the people, the environment and the controlled physical process. In this paper, we present metrics to quantify the resilience level based on the design, structure, stability, and performance under the attack of a given CPS. The metrics provide reference points to evaluate whether the system is better prepared or not to face the adversaries. This way, it is possible to quantify the ability to recover from an adversary using its mathematical model based on switched linear systems and actuators saturation. Finally, we validate our approach using a numeric simulation on the Tennesse Eastman control challenge problem.

Cryptography and Security

Xin Zhou,Xiaodong Gou,Tingting Huang,Shunkun Yang

DOI: https://doi.org/10.1109/access.2018.2869834

IF: 3.9

2018-01-01

IEEE Access

Abstract:Cyber physical systems (CPSs) are rapidly developing, with increasing scale, complexity, and heterogeneity. However, testing CPSs systematically to ensure that they operate with high reliability remains a big challenge. Therefore, it is necessary to summarize existing works and technologies systematically, with the aim of inspiring new inventions for more efficient CPS testing. Accordingly, this paper first investigated the advances in CPS testing methods from ten aspects, including different testing paradigms, technologies, and some non-functional testing methods (including security testing, robust testing, and fragility testing). Then, we further elaborate on the infrastructures of CPS testbeds from the perspectives of their architecture and the corresponding function analyses. Finally, challenges and future research directions are identified and discussed. It can be concluded that future CPS testing should focus more on the combination of different paradigms and technologies for multi-objective by integrating more emerging cutting-edge technologies such as Internet of things, big data, cloud computing, and AI.

Kunlun PENG,Wei PENG,Dongxia WANG,Qianqian XING

DOI: https://doi.org/10.3969/j.issn.1671-1122.2016.07.004

2016-01-01

Abstract:A cyber-physical system (CPS) is a complex system which integrates information systems with physical systems. It realizes the function of real-time sensing and dynamical control of the physical world by environment perception and the integration of computing, communication and control process. CPS is viewed as the next information revolution after the Internet and security problem is one of the key issues affecting the wide application of CPS. This paper introduces the requirements and goals of CPS security, as well as security challenges that a CPS faces. Attacks on a CPS from physical layer, transport layer and application layer are also discussed in detail. By analyzing current research on techniques of anti-attack, identity authentication, privacy preservation and risk assessment in CPS, the paper discusses the future research trends in this area.