A security risk mitigation framework for cyber physical systems

Zahid, Maryam; Inayat, Irum; Daneva, Maya; Mehmood, Zahid

doi:10.1002/smr.2219

Cited by 8 publications

(5 citation statements)

References 50 publications

(78 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Those techniques were either focused on the identification, assessment, controlling or treating the risks individually. The individual topics (phases of risk management process) covered in literature are risk assessment, 46 risk mitigation, 43 modeling of risk assessment, 47 the recommendations to conduct risk management on smart grid, 47 social infrastructure-related risk management, 48 security risk management of CPS, 49 cybercrime-related risk management, 50 risk mitigation framework for automotive application, 51 cybersecurity risk analysis with remote monitoring the state of object, 52 continuous risk management process for IIOT, 53 the concept of safety risk management and illustrations, 54 and vehiclerelated security risk assessment in transportation. 55 Here, we summarize the key features that lack in the existing risk management techniques for security-safety risks.…”

Section: Related Workmentioning

confidence: 99%

Safety and security risks management process for cyber‐physical systems: A case study

Inayat

Farooq

Inayat

2022

J Software Evolu Process

Self Cite

View full text Add to dashboard Cite

Cyber‐physical systems (CPS) are applicable in emerging industries such as health, energy, autonomous vehicles, and Industrial Internet of Things (IIOT). In CPS the physical assets, that is, actuators and sensors, etc. communicate with each other over a messaging protocol. This communication process of CPS makes them vulnerable to cyber‐attacks which challenge the system safety, making security and safety two major concerns for CPS. Both safety and security risks are considered separately in literature. However, the International Society of Automation (ISA) focuses on the alignment of security and safety risks of CPS. Weak or no alignment in safety and security of a system may result in an inefficient or partially protected system which could end up in disasters. This pressed the need for an integrated safety‐security risk management process. For this purpose, we used a tetra packaging case study to (i) examine the vulnerabilities of CPS by running the risk management process, (ii) identify safety‐security requirements, and (iii) align retrieved safety‐security requirements with the relevant standards. The results show (i) safety hazards and security risks along with their severity and priority, (ii) mitigation guidelines are provided by consulting IEC 61508, and (iii) 15 safety‐security requirements are identified and are aligned with ISO9001 Packaging and labeling machine standard.

show abstract

Section: Related Workmentioning

confidence: 99%

Safety and security risks management process for cyber‐physical systems: A case study

Inayat

Farooq

Inayat

2022

J Software Evolu Process

Self Cite

View full text Add to dashboard Cite

show abstract

“…In terms of security and safety risk assessment of CPS, we observe that many of the standard‐based techniques used the International Organization for Standardization (ISO) standard as a basis for calculating risk values. However, we also observe that some techniques employed a standard, that is, European Norms (EN) and International Electrotechnical Commission (IEC) that was specifically developed for the peculiarities of application domains, that is, railway (EN50128–IEC 61508), 5 avionics (DO‐178B/C), 89 and medical equipment development (ISO 14971) 90…”

Section: Findings Of Our Reviewmentioning

confidence: 99%

“…Since trust, system reliability, and resilience against security threats in CPS are mainly based on data confidentiality, integrity, authenticity, and system's authorized access, 104 some papers have considered them along with availability, fault‐tolerance, and self‐healing to be a crucial factor being integrated in CPS 5 . In our selected set of papers, the most frequently covered security requirements are integrity (in 184 papers), confidentiality (170 papers), and authentication (165), while the most studied dependability attributes consisted of availability (177 papers), reliability (157 papers), and trust (108 papers).…”

Section: Findings Of Our Reviewmentioning

confidence: 99%

“…Successful applications of such systems include communications systems, home appliances, automotive electronics, games, drones, weapons, and aircraft control systems, to name a few. On the other hand, most of the applications of CPS can be found in safety‐critical systems such as medical devices, autonomous vehicles, and other devices involving an environment where safety is of paramount importance 5 . While having a great impact on our society, CPS is said to revolutionize our industry as they have been driving the biggest shift in business and technology since World War II 4…”

Section: Introductionmentioning

confidence: 99%

“…Despite the awareness of the importance of security requirements and risks in the analysis of CPS, little effort has been spent on consolidating our knowledge on the subject. An overview of the possible risk management techniques that could be integrated into the development and maintenance of CPS contributing to improving its security level is still lacking 5 . Yet understanding of the landscape of the proposed approaches to risk handling in security requirements engineering is beneficial for both practitioners and researchers in the field.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Security risks in cyber physical systems—A systematic mapping study

Zahid

Inayat

Daneva

et al. 2021

J Software Evolu Process

Self Cite

View full text Add to dashboard Cite

The increased need for constant connectivity and complete automation of existing systems fuels the popularity of Cyber Physical Systems (CPS) worldwide. Increasingly more, these systems are subjected to cyber attacks. In recent years, many major cyber‐attack incidents on CPS have been recorded and, in turn, have been raising concerns in their users' minds. Unlike in traditional IT systems, the complex architecture of CPS consisting of embedded systems integrated with the Internet of Things (IoT) requires rather extensive planning, implementation, and monitoring of security requirements. One crucial step to planning, implementing, and monitoring of these requirements in CPS is the integration of the risk management process in the CPS development life cycle. Existing studies do not clearly portray the extent of damage that the unattended security issues in CPS can cause or have caused, in the incidents recorded. An overview of the possible risk management techniques that could be integrated into the development and maintenance of CPS contributing to improving its security level in its actual environment is missing. In this paper, we are set out to highlight the security requirements and issues specific to CPS that are discussed in scientific literature and to identify the state‐of‐the‐art risk management processes adopted to identify, monitor, and control those security issues in CPS. For that, we conducted a systematic mapping study on the data collected from 312 papers published between 2000 and 2020, focused on the security requirements, challenges, and the risk management processes of CPS. Our work aims to form an overview of the security requirements and risks in CPS today and of those published contributions that have been made until now, towards improving the reliability of CPS. The results of this mapping study reveal (i) integrity authentication and confidentiality as the most targeted security attributes in CPS, (ii) model‐based techniques as the most used risk identification and assessment and management techniques in CPS, (iii) cyber‐security as the most common security risk in CPS, (iv) the notion of “mitigation measures” based on the type of system and the underline internationally recognized standard being the most used risk mitigation technique in CPS, (v) smart grids being the most targeted systems by cyber‐attacks and thus being the most explored domain in CPS literature, and (vi) one of the major limitations, according to the selected literature, concerns the use of the fault trees for fault representation, where there is a possibility of runtime system faults not being accounted for. Finally, the mapping study draws implications for practitioners and researchers based on the findings.

show abstract

Optimal Risk Management of Electric Power Systems with CLOUD Simulation and Security Meter Algorithms

Sahinoǧlu

2021

Handbook of Smart Energy Systems

View full text Add to dashboard Cite

A security risk mitigation framework for cyber physical systems

Cited by 8 publications

References 50 publications

Safety and security risks management process for cyber‐physical systems: A case study

Safety and security risks management process for cyber‐physical systems: A case study

Security risks in cyber physical systems—A systematic mapping study

Optimal Risk Management of Electric Power Systems with CLOUD Simulation and Security Meter Algorithms

Contact Info

Product

Resources

About