Fundamental Challenges of Cyber-Physical Systems Security Modeling
This addresses a critical gap in security-by-design for safety-critical cyber-physical systems, but it is incremental as it builds on existing modeling practices.
The paper tackles the problem of insufficient security modeling tools for cyber-physical systems, which can lead to safety hazards, and proposes implementing security assessment tools to address threats earlier in the system lifecycle.
Systems modeling practice lacks security analysis tools that can interface with modeling languages to facilitate security by design. Security by design is a necessity in the age of safety critical cyber-physical systems, where security violations can cause hazards. Currently, the overlap between security and safety is narrow. But deploying cyber-physical systems means that today's adversaries can intentionally trigger accidents. By implementing security assessment tools for modeling languages we are better able to address threats earlier in the system's lifecycle and, therefore, assure their safe and secure behavior in their eventual deployment. We posit that cyber-physical systems security modeling is practiced insufficiently because it is still addressed similarly to information technology systems.