A security risk mitigation framework for cyber physical systems

Maryam Zahid, Irum Inayat*, Maya Daneva, Zahid Mehmood

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review

Abstract

Cyber physical systems (CPSs) are safety-critical, be it weapon systems, smart medical devices, or grid stations. This makes ensuring security of all the components constituting a CPS unavoidable. The rise in the demand of interconnectedness has made such systems vulnerable to attacks, ie, cyberattacks. Over 170 cases of cyber-security breaches in CPS were reported over the past two decades. An increase in the number of cyberattack incidents on CPS makes them more exposed and less trustworthy. However, identifying the security requirements of the CPS to pinpoint the relevant risks may help to counteract the potential attacks. Literature reveals that the most targeted security requirements of CPS are authentication, integrity, and availability. However, little attention has been paid on certain crucial security attributes such as data freshness and nonrepudiation. One major reason of security breaches in CPS is the lack of custom or generalized countermeasures. Therefore, we propose a security risk mitigation framework for a CPS focused on constraints, ie, authentication, data integrity, data freshness, nonrepudiation, and confidentiality. Furthermore, we evaluate the proposed work using a case study of a safety critical system. The results show a decrease in the severity of the identified security risks, ie, man-in-the-middle attack, spoofing, and data tempering.

Original languageEnglish
Article numbere2219
JournalJournal of software: Evolution and Process
DOIs
Publication statusE-pub ahead of print/First online - 29 Aug 2019

Fingerprint

Authentication
Cyber Physical System
Tempering
Availability

Keywords

  • Case study
  • Cryptosystem
  • Cyber physical systems (CPS)
  • Cyber security
  • Risk assessment
  • Risk identification
  • Risk management
  • Risk mitigation
  • Security

Cite this

@article{943188ff8e27459e84e164b57ac44be5,
title = "A security risk mitigation framework for cyber physical systems",
abstract = "Cyber physical systems (CPSs) are safety-critical, be it weapon systems, smart medical devices, or grid stations. This makes ensuring security of all the components constituting a CPS unavoidable. The rise in the demand of interconnectedness has made such systems vulnerable to attacks, ie, cyberattacks. Over 170 cases of cyber-security breaches in CPS were reported over the past two decades. An increase in the number of cyberattack incidents on CPS makes them more exposed and less trustworthy. However, identifying the security requirements of the CPS to pinpoint the relevant risks may help to counteract the potential attacks. Literature reveals that the most targeted security requirements of CPS are authentication, integrity, and availability. However, little attention has been paid on certain crucial security attributes such as data freshness and nonrepudiation. One major reason of security breaches in CPS is the lack of custom or generalized countermeasures. Therefore, we propose a security risk mitigation framework for a CPS focused on constraints, ie, authentication, data integrity, data freshness, nonrepudiation, and confidentiality. Furthermore, we evaluate the proposed work using a case study of a safety critical system. The results show a decrease in the severity of the identified security risks, ie, man-in-the-middle attack, spoofing, and data tempering.",
keywords = "Case study, Cryptosystem, Cyber physical systems (CPS), Cyber security, Risk assessment, Risk identification, Risk management, Risk mitigation, Security",
author = "Maryam Zahid and Irum Inayat and Maya Daneva and Zahid Mehmood",
year = "2019",
month = "8",
day = "29",
doi = "10.1002/smr.2219",
language = "English",
journal = "Journal of software: Evolution and Process",
issn = "2047-7481",
publisher = "Wiley",

}

A security risk mitigation framework for cyber physical systems. / Zahid, Maryam; Inayat, Irum; Daneva, Maya; Mehmood, Zahid.

In: Journal of software: Evolution and Process, 29.08.2019.

Research output: Contribution to journalArticleAcademicpeer-review

TY - JOUR

T1 - A security risk mitigation framework for cyber physical systems

AU - Zahid, Maryam

AU - Inayat, Irum

AU - Daneva, Maya

AU - Mehmood, Zahid

PY - 2019/8/29

Y1 - 2019/8/29

N2 - Cyber physical systems (CPSs) are safety-critical, be it weapon systems, smart medical devices, or grid stations. This makes ensuring security of all the components constituting a CPS unavoidable. The rise in the demand of interconnectedness has made such systems vulnerable to attacks, ie, cyberattacks. Over 170 cases of cyber-security breaches in CPS were reported over the past two decades. An increase in the number of cyberattack incidents on CPS makes them more exposed and less trustworthy. However, identifying the security requirements of the CPS to pinpoint the relevant risks may help to counteract the potential attacks. Literature reveals that the most targeted security requirements of CPS are authentication, integrity, and availability. However, little attention has been paid on certain crucial security attributes such as data freshness and nonrepudiation. One major reason of security breaches in CPS is the lack of custom or generalized countermeasures. Therefore, we propose a security risk mitigation framework for a CPS focused on constraints, ie, authentication, data integrity, data freshness, nonrepudiation, and confidentiality. Furthermore, we evaluate the proposed work using a case study of a safety critical system. The results show a decrease in the severity of the identified security risks, ie, man-in-the-middle attack, spoofing, and data tempering.

AB - Cyber physical systems (CPSs) are safety-critical, be it weapon systems, smart medical devices, or grid stations. This makes ensuring security of all the components constituting a CPS unavoidable. The rise in the demand of interconnectedness has made such systems vulnerable to attacks, ie, cyberattacks. Over 170 cases of cyber-security breaches in CPS were reported over the past two decades. An increase in the number of cyberattack incidents on CPS makes them more exposed and less trustworthy. However, identifying the security requirements of the CPS to pinpoint the relevant risks may help to counteract the potential attacks. Literature reveals that the most targeted security requirements of CPS are authentication, integrity, and availability. However, little attention has been paid on certain crucial security attributes such as data freshness and nonrepudiation. One major reason of security breaches in CPS is the lack of custom or generalized countermeasures. Therefore, we propose a security risk mitigation framework for a CPS focused on constraints, ie, authentication, data integrity, data freshness, nonrepudiation, and confidentiality. Furthermore, we evaluate the proposed work using a case study of a safety critical system. The results show a decrease in the severity of the identified security risks, ie, man-in-the-middle attack, spoofing, and data tempering.

KW - Case study

KW - Cryptosystem

KW - Cyber physical systems (CPS)

KW - Cyber security

KW - Risk assessment

KW - Risk identification

KW - Risk management

KW - Risk mitigation

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85071615646&partnerID=8YFLogxK

U2 - 10.1002/smr.2219

DO - 10.1002/smr.2219

M3 - Article

AN - SCOPUS:85071615646

JO - Journal of software: Evolution and Process

JF - Journal of software: Evolution and Process

SN - 2047-7481

M1 - e2219

ER -