A security risk mitigation framework for cyber physical systems

Maryam Zahid, Irum Inayat*, Maya Daneva, Zahid Mehmood

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review

Abstract

Cyber physical systems (CPSs) are safety-critical, be it weapon systems, smart medical devices, or grid stations. This makes ensuring security of all the components constituting a CPS unavoidable. The rise in the demand of interconnectedness has made such systems vulnerable to attacks, ie, cyberattacks. Over 170 cases of cyber-security breaches in CPS were reported over the past two decades. An increase in the number of cyberattack incidents on CPS makes them more exposed and less trustworthy. However, identifying the security requirements of the CPS to pinpoint the relevant risks may help to counteract the potential attacks. Literature reveals that the most targeted security requirements of CPS are authentication, integrity, and availability. However, little attention has been paid on certain crucial security attributes such as data freshness and nonrepudiation. One major reason of security breaches in CPS is the lack of custom or generalized countermeasures. Therefore, we propose a security risk mitigation framework for a CPS focused on constraints, ie, authentication, data integrity, data freshness, nonrepudiation, and confidentiality. Furthermore, we evaluate the proposed work using a case study of a safety critical system. The results show a decrease in the severity of the identified security risks, ie, man-in-the-middle attack, spoofing, and data tempering.

Original languageEnglish
Article numbere2219
JournalJournal of software: Evolution and Process
DOIs
Publication statusE-pub ahead of print/First online - 29 Aug 2019

Keywords

  • Case study
  • Cryptosystem
  • Cyber physical systems (CPS)
  • Cyber security
  • Risk assessment
  • Risk identification
  • Risk management
  • Risk mitigation
  • Security

Fingerprint Dive into the research topics of 'A security risk mitigation framework for cyber physical systems'. Together they form a unique fingerprint.

  • Cite this