On the role of latent design conditions in cyber-physical systems security

Frey, Sylvain; Rashid, Awais; Zanutto, Alberto; Busby, J S; Follis, Karolina

doi:10.1145/2897035.2897036

Cited by 10 publications

(12 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A cyber-physical infrastructure, depicted through a Lego ® board, makes the game easy to understand and accessible to players from varying backgrounds and security expertise, without being too trivial a setting for security experts. The particular setting of a utility infrastructure is drawn from our prior experience of technical [26], [27] and non-technical investigations [28] as well as interviews with security experts, field engineers, IT users in such settings [29].…”

Section: Introductionmentioning

confidence: 99%

The Good, the Bad and the Ugly: A Study of Security Decisions in a Cyber-Physical Systems Game

Frey

Rashid

Anthonysamy

et al. 2019

IIEEE Trans. Software Eng.

Self Cite

View full text Add to dashboard Cite

General rightsThis document is made available in accordance with publisher policies. Please cite only the published version using the reference above. Full terms of use are available: http://www.bristol.ac.uk/pure/about/ebr-terms Abstract-Stakeholders' security decisions play a fundamental role in determining security requirements, yet, little is currently understood about how different stakeholder groups within an organisation approach security and the drivers and tacit biases underpinning their decisions. We studied and contrasted the security decisions of three demographics -security experts, computer scientists and managers -when playing a tabletop game that we designed and developed. The game tasks players with managing the security of a cyber-physical environment while facing various threats. Analysis of 12 groups of players (4 groups in each of our demographics) reveals strategies that repeat in particular demographics, e.g., managers and security experts generally favoring technological solutions over personnel training, which computer scientists preferred. Surprisingly, security experts were not ipso facto better players -in some cases, they made very questionable decisions -yet they showed a higher level of confidence in themselves. We classified players' decision-making processes, i.e., procedure-, experience-, scenario-or intuition-driven. We identified decision patterns, both good practices and typical errors and pitfalls. Our game provides a requirements sandbox in which players can experiment with security risks, learn about decision-making and its consequences, and reflect on their own perception of security.

show abstract

Section: Introductionmentioning

confidence: 99%

The Good, the Bad and the Ugly: A Study of Security Decisions in a Cyber-Physical Systems Game

Frey

Rashid

Anthonysamy

et al. 2019

IIEEE Trans. Software Eng.

Self Cite

View full text Add to dashboard Cite

show abstract

“…The key elements to be considered is the method selected to carry out risk assessments, deployed risk models, and adaptation of risk appetite to properly enumerate the threat landscape in particular cases in which IT and ICS integration takes place. Risk-mitigation plans have recently found their way in the cyber-physical ICS environment [51][52][53]. The key components of an informed defence-in-depth framework, within which assurance and functional controls could be integrated, are presented as follows.…”

Section: Orthogonal Defence-in-depth Frameworkmentioning

confidence: 99%

Preliminaries of Orthogonal Layered Defence Using Functional and Assurance Controls in Industrial Control Systems

Mackintosh¹,

Epiphaniou

Al-Khateeb

et al. 2019

JSAN

View full text Add to dashboard Cite

Industrial Control Systems (ICSs) are responsible for the automation of different processes and the overall control of systems that include highly sensitive potential targets such as nuclear facilities, energy-distribution, water-supply, and mass-transit systems. Given the increased complexity and rapid evolvement of their threat landscape, and the fact that these systems form part of the Critical National infrastructure (CNI), makes them an emerging domain of conflict, terrorist attacks, and a playground for cyberexploitation. Existing layered-defence approaches are increasingly criticised for their inability to adequately protect against resourceful and persistent adversaries. It is therefore essential that emerging techniques, such as orthogonality, be combined with existing security strategies to leverage defence advantages against adaptive and often asymmetrical attack vectors. The concept of orthogonality is relatively new and unexplored in an ICS environment and consists of having assurance control as well as functional control at each layer. Our work seeks to partially articulate a framework where multiple functional and assurance controls are introduced at each layer of ICS architectural design to further enhance security while maintaining critical real-time transfer of command and control traffic.

show abstract

“…Though research has looked at using smart CPS devices as a means to counter usability limitations of existing security feature designs, e.g., [11], the issues of security ergonomics in smart CPS environments have not been considered to date. Recent work by Frey et al [4] has discussed the role that system design plays in influencing operator perceptions during security incidents and highlighted potential challenges in the context of smart CPS. In this paper, we respond to the challenges highlighted by Frey et al and focus on security ergonomics as a key requirement for smart CPS.…”

Section: B Usable Securitymentioning

confidence: 99%

“…Recent work [4] has analysed the role of latent design conditions in impacting security perceptions of operators in industrial control systems and highlighted the challenges posed by smart CPS, notably their emergent design arising from dynamic aggregation of a range of devices and services and the focus on automation that aims to "hide" complexity from the users. Whilst usability is considered a key non-functional requirement during software engineering and there is a body of research on usable security, in this paper we argue that the very properties of emergent design and automation pose key challenges with regards to security behaviours in smart CPS.…”

Section: Introductionmentioning

confidence: 99%

Smart Cyber-Physical Systems: Beyond Usable Security to Security Ergonomics by Design

Craggs

Rashid

2017

2017 IEEE/ACM 3rd International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS)

Self Cite

View full text Add to dashboard Cite

Securing cyber-physical systems is hard. They are complex infrastructures comprising multiple technological artefacts, designers, operators and users. Existing research has established the security challenges in such systems as well as the role of usable security to support humans in effective security decisions and actions. In this paper we focus on smart cyberphysical systems, such as those based on the Internet of Things (IoT). Such smart systems aim to intelligently automate a variety of functions, with the goal of hiding that complexity from the user. Furthermore, the interactions of the user with such systems are more often implicit than explicit, for instance, a pedestrian with wearables walking through a smart city environment will most likely interact with the smart environment implicitly through a variety of inferred preferences based on previously provided or automatically collected data. The key question that we explore is that of empowering software engineers to pragmatically take into account how users make informed security choices about their data and information in such a pervasive environment. We discuss a range of existing frameworks considering the impact of automation on user behaviours and argue for the need of a shift-from usability to security ergonomics as a key requirement when designing and implementing security features in smart cyber-physical environments. Of course, the considerations apply more broadly than security but, in this paper, we focus only on security as a key concern.

show abstract

On the role of latent design conditions in cyber-physical systems security

Cited by 10 publications

References 9 publications

The Good, the Bad and the Ugly: A Study of Security Decisions in a Cyber-Physical Systems Game

The Good, the Bad and the Ugly: A Study of Security Decisions in a Cyber-Physical Systems Game

Preliminaries of Orthogonal Layered Defence Using Functional and Assurance Controls in Industrial Control Systems

Smart Cyber-Physical Systems: Beyond Usable Security to Security Ergonomics by Design

Contact Info

Product

Resources

About