1000/1000
Hot
Most Recent
Cyber-physical systems (CPS) merge the physical and cyber world to support critical functions and services. Cyber-security and safety are interdependent in such systems and therefore their study should be performed jointly. Various approaches have been proposed for cyber-security and safety co-engineering. In this entry, the key results of a comprehensive survey of such co-engineering approaches, along with various aspects of the problem that have not been sufficiently addressed in these methods, are presented.
Cyber-Physical Systems (CPS) comprise interacting digital, analog, physical, and human components engineered for function through integrated physics and logic. They are deployed in various application domains, such as automotive, smart manufacturing, and healthcare. The analysis of cyber-security and safety for such systems is important, and usually complicated due to strong dependencies between the cyber-security and safety domains. Three types of dependencies have been identified and analyzed in [1]; Conditional dependencies, Reinforcement, and Conflict. Such dependencies are studied and addressed by cyber-security and safety co-engineering approaches in varied degrees of depth and scope. Three different categories of cyber-security and safety co-engineering exist [2]; 1)Security-informed safety approaches: Approaches that extend the scope of safety engineering by adapting cyber-security-related techniques. 2) Safety-informed security approaches: Approaches that extend the scope of security engineering by adapting safety-related techniques, and 3) Combined safety and security approaches: Combined approaches for safety and cyber-security co-engineering.
Cyber-security and safety co-engineering approaches aim to identify, assess, and manage risks related to both security and safety in systems which are influenced by both the cyber and the physical world/environment. Although various surveys of cyber-security and safety co-engineering methodologies exist in the literature, the analysis and comparison of the existing methods vary in both the depth and the scope of the analysis. Piètre-Cambacédès et al. [3] surveyed the differences and similarities between safety and security aspects focusing on their dependencies per application domain. Kriaa et al. [4] conducted a survey of safety and security analysis methods and analyzed methods for industrial control systems. Various safety and security risk assessment methods, categorized according to their application domain, were reviewed by Chockalingam et al. [5]. Abulamddi [6] surveyed existing methods for safety and security requirements engineering in CPSs. A systematic literature review was conducted by Lisova et al. [7] that focused on already developed and evaluated methods. Lyu et al. [8] provided a short survey, in which five integrated safety and security co-engineering methods were analyzed. Finally, Paul and Rioux [2] provided an extended bibliography of research papers on safety and cyber-security co-engineering since the early 90's without, however, analyzing them.
This entry provides a summary of the results of a comprehensive review of sixty-eight co-engineering approaches [10]; it presents the key characteristics of such approaches, and it identifies issues for cyber-security and safety joint analysis that are not sufficiently addressed by the existing co-engineering methods.
Figure 1 provides a comprehensive picture of the current methodologies for cyber-security and safety analysis of CPSs, that forms a taxonomy of such methods. The attributes utilized for the analysis are used in prior surveys or related publications [4][5][7][8][9]. Further, the following characteristics provide additional insight into understanding the operational capacity of each method: Process (the extent to which the method is supported by a systematic and structured process), Scalability, Creativity (the extent to which the method includes mechanisms to stimulate creativity among the stakeholders), Communication (the extent to which the method offers features to facilitate communication between different stakeholders), Conflict resolution (the extent to which the method facilitates the identification and study of potential conflicts between safety and security aspects), Software tool ( the extent to which the method is supported by software tools).
Figure 1 also depicts (in parentheses) the number of existing co-engineering methodologies that have the corresponding attribute. Thus, it provides a bird’s eye view of the area. By leveraging this information, the weaknesses and strengths of existing approaches can be identified, thus allowing the identification of still open issues in the joint analysis of cyber-security and safety.
Such issues that have been under-researched have been identified and are listed below:
This entry provided the key findings of our work in [10]. Having revisited the existing surveys for cyber-security and safety co-engineering approaches, the methodologies that have not been reviewed before have been identified. Further, a multi-attribute taxonomy was proposed towards a comprehensive analysis of the existing approaches and the identification of the open issues in the joint analysis of cyber-security and safety in CPSs. Thus, a comprehensive discussion on the recent advances in cybersecurity and safety co-engineering was provided. Building upon the results of this survey, an integrated goal-based approach for joint safety and cyber-security requirements elicitation that enjoys several of the desirable characteristics and attributes of such a method is proposed in [11].