Cyber-physical Systems Security - Challenges and Research Ideas
Citation: Partha Pal, Rick Schantz, Kurt Rohloff and Joseph Loyall. "Cyber-physical Systems Security - Challenges and Research Ideas." Workshop on Future Directions in Cyber-physical Systems Security, July 2009.
Formats:
Paper (PDF)
Abstract:
Cyber-physical systems (CPS) are at a crossroads. Typical CPSs with multi-loop control consisting of device controllers, plant-level distributed control, and system-wide SCADA components are pushed (see Figure 1 below) by market forces to:- Connect many diverse (e.g., control and business) systems leading to an internetworked system of systems spanning wide geographic areas,
- Use off-the-shelf networks (sometimes involving public infrastructure like the Internet, and often shared) for communication, and general purpose computing hardware and software for information processing, and
- Empower end-users and customers with more information and control.
As a result of this push, restrictive and purpose-built interfaces typical of CPSs are replaced by more open interfaces, and new dependencies among interconnected subsystems are established (sometimes unintentionally). Access to more information and control surfaces for users and supervisors in an open and interconnected situation amplifies the impact of erroneous or malicious actions. Because today's cyber-physical system of systems is often part of critical national infrastructure, the stakes are even higher. Additionally, unlike many distributed systems (e.g., e-commerce or logistics planning systems) where a delay or unavailability of a few seconds is usually tolerable, CPSs must often meet strict timing requirements during normal operation as well as during recovery. We argue that securing the emerging internetworked and information-rich CPSs is harder than securing typical distributed information systems because a number of cyber-security issues that have been addressed individually or in isolation within a subsystem come together in a new context with many additional challenging requirements. In this position paper we present some of them.
