Design and Run-time aspects of Secure Cyber Physical Systems

Book Chapter

Published in:

Security and Quality in Cyber-Physical Systems Engineering (Biffl S., Eckhart M., Lüder A. & Weippl E. eds.), Springer International Publishing (In Press)

Keywords:

Cyber Physical Systems Security, Cybersecurity, Digital Twins, Security by Design, Security Run-time Monitoring

Abstract:

Cyber Physical Systems (CPS) combine computational and physical components enabling real world interaction. Digitization, decentralization and high connectivity as well as incorporation of various enabling technologies raise various security issues. These security concerns may affect safety, endangering as- sets and even human lives. This is especially true for CPS utilization in different sectors of great significance, including manufacturing or critical infrastructures, creating a need for efficiently handling relevant security issues. Including security as part of a software intensive technical system (i.e the CPS) that can be distribut- ed and highly resilient highlights the need for appropriate security methodologies to be applied on the CPS from the engineering stage during CPS design. The effi- cient security related processes that are implemented at design time, have an im- pact on security monitoring during the CPS operational phase (at run time). Effi- cient and accurate security monitoring that follows security-by-design principles can be a potent tool in the hands of the CPS manager for detecting and mitigating cyber threats. Monitoring traffic and activity at the system boundaries, detecting changes to device status and configuration, detecting suspicious activity indicating attacks, detecting unauthorized activity that is suspicious or violates security poli- cies, timely responding to security incidents and recovering from them, are issues that need to be efficiently tackled with by security monitoring. In the present chap- ter, we are exploring the various CPS cybersecurity threats and discus how adding security as a parameter at the CPS design phase can provide a well-structured and efficient approach on providing strong security CPS foundations. New technolo- gies on CPS security Design are presented and emerging security directions are discussed. Furthermore, in the chapter, the different aspects of security monitoring are presented with a special emphasis on CPSs, discussing the various existing monitoring approaches that are followed in order to detect security issues at run time. Specific use-cases of CPSs in the manufacturing domain and with reference to critical infrastructures are also detailed and security requirements like confiden- tiality, integrity and availability are discussed