Cyberphysical Security Through Resiliency: A Systems-centric Approach
This work aims to provide a structured method for evaluating and applying resilience in cyber-physical systems, which is a critical problem for engineers and security professionals in this domain.
This paper addresses the insufficiency of traditional perimeter security for cyber-physical systems (CPS) by proposing a systems-centric approach to cyber-physical security called Mission Aware. It focuses on evaluating resilience in CPS, considering mission goals, system dynamics, and risk to help stakeholders make informed decisions on applying resilience design patterns.
Cyber-physical systems (CPS) are often defended in the same manner as information technology (IT) systems -- by using perimeter security. Multiple factors make such defenses insufficient for CPS. Resiliency shows potential in overcoming these shortfalls. Techniques for achieving resilience exist; however, methods and theory for evaluating resilience in CPS are lacking. We argue that such methods and theory should assist stakeholders in deciding where and how to apply design patterns for resilience. Such a problem potentially involves tradeoffs between different objectives and criteria, and such decisions need to be driven by traceable, defensible, repeatable engineering evidence. Multi-criteria resiliency problems require a system-oriented approach that evaluates systems in the presence of threats as well as potential design solutions once vulnerabilities have been identified. We present a systems-oriented view of cyber-physical security, termed Mission Aware, that is based on a holistic understanding of mission goals, system dynamics, and risk.