A Preliminary Design-Phase Security Methodology for Cyber–Physical Systems

Abstract: Despite “cyber” being in the name, cyber–physical systems possess unique characteristics that limit the applicability and suitability of traditional cybersecurity techniques and strategies. Furthermore, vulnerabilities to cyber–physical systems can have significant safety implications. The physical and cyber interactions inherent in these systems require that cyber vulnerabilities not only be defended against or prevented, but that the system also be resilient in the face of successful attacks. Given the compl… Show more

“…Previous work [16] identified a six step approach for engineering in safety, security, and resilience could take the following interaction between model artifacts and teams.…”

“…Step Fig. 2 In mission aware the systems engineering lifecycle is segmented by specific teams that address system design and resilience based on losses related to safety and security (adapted from Carter et al [16])…”

“…For example, in the field of safety, Leveson has developed systems-theoretic accident model and process (STAMP) [49], which examines safety incidents in terms of hierarchical control and unacceptable losses. In the intersection of security and resilience, there is System Aware [42,43] and its evolution Mission Aware [16,17], which see mitigation in terms of resilient modes in addition to traditional security defenses. Finally, the general field of model-based systems engineering (MBSE) has produced both methods and tools in assessing the safety and security posture of system designs and is the paradigm in which the majority of system models must conform to.…”

An ontological metamodel for cyber-physical system safety, security, and resilience coengineering

“…Previous work [16] identified a six step approach for engineering in safety, security, and resilience could take the following interaction between model artifacts and teams.…”

“…Step Fig. 2 In mission aware the systems engineering lifecycle is segmented by specific teams that address system design and resilience based on losses related to safety and security (adapted from Carter et al [16])…”

“…For example, in the field of safety, Leveson has developed systems-theoretic accident model and process (STAMP) [49], which examines safety incidents in terms of hierarchical control and unacceptable losses. In the intersection of security and resilience, there is System Aware [42,43] and its evolution Mission Aware [16,17], which see mitigation in terms of resilient modes in addition to traditional security defenses. Finally, the general field of model-based systems engineering (MBSE) has produced both methods and tools in assessing the safety and security posture of system designs and is the paradigm in which the majority of system models must conform to.…”

An ontological metamodel for cyber-physical system safety, security, and resilience coengineering

“…Mission Aware involves an early systems engineering process that identifies a high-level set of system objectives and unacceptable losses that represents system owners, operators, and other stakeholders. 12,13 Assuming that one has a high-level, comprehensive set of unacceptable outcomes, Mission Aware then involves constructing a model of the system from a control perspective based on the System-Theoretic Accident Model and Processes (STAMP) framework. 14 Specifically, we identify the controllers, the actions available to them, and the way in which those actions potentially lead to mission losses.…”

“…The pieces of information collected in the STAMP-based analysis are encoded into the system models (Figure 2), which are then used for further analysis and updated iteratively. 12,13 The specification graph (S-graph) combines diverse types of "states," or nodes, to represent the system operating in its mission environment. Valid decision behaviors of the operator, hazardous conditions, and mission outcome nodes are encoded as truth tables, which perform the standard Boolean algebra on critical combinations of states in the system.…”

Cyberphysical Security Through Resiliency: A Systems-Centric Approach

The “Mission Aware” Concept for Design of Cyber‐Resilience