Concepts of Trust and Resilience in Cyber-Physical Systems

Abstract

System assurance is the confidence that a system functions as intended and is secure from vulnerabilities, whether intentional or unintentional. Cyber-Physical Systems (CPS) are vulnerable to new types of threats due to their interconnected computing and communication backbone. Designing resilient CPS involves ensuring security, functionality, and interconnectedness. System trust is based on the mutual assurance between interconnected systems. System assurance requires a comprehensive systems engineering approach covering system structure, engineering processes, and supporting models and techniques for evidence-based judgments. This chapter examines historical and evolving methods for system assurance in CPS. Old assurance methods are no longer suitable for today's complex systems and new tools are needed. The chapter reviews traditional assurance practices and their limitations and discusses the need for improved practices through functional and formal design methods. Other chapters elucidate research efforts that explore (1) system architectures for achieving resilience, (2) system methodologies, frameworks, and analysis tools for prioritizing resilience solutions, (3) the roles and procedures for engaging operators in the real-time management of system reconfigurations that provide resilience, and (4) designing in resilience through the engineering process.

Leads

Tom A. McDermott

Stevens Institute of Technology

Megan M. Clifford

Stevens Institute of Technology

Valerie B. Sitterle

Georgia Tech Research Institute

Publications

Avižienis , A. , Laprie , J. , Randell , B. , and Landwehr , C. ( 2004 ). Basic concepts and taxonomy of dependable and secure computing . IEEE Transactions on Dependa-ble and Secure Computing 1 ( 1 ): 11 – 22 .
Bliudze , S. , Furic , S. , Sifakis , J. , and Viel , A. ( 2017 ). Rigorous design of cyber-physical systems . Software & Systems Modeling 2 ( 2 )
Bodeau , D. J. , Graubart , R. , Picciotto , J. et al. (n.d.). Cyber resiliency engineering framework . DTIC .
Boehm , B. and Kukreja , N. ( 2015 ). An Initial ontology for system qualities . INCOSE International Symposium 25 ( 1 ): 341 – 356 .
DoDI ( 2014 ) Department of Defense Instruction (DoDI) 8500.01 , Cybersecurity. March 14, 2014.
E. Griffor (ed.) ( 2016 ). Handbook of System Safety and Security: Cyber Risk and Risk Management, Cyber Security, Adversary Modeling, Threat Analysis, Business of Safety, Functional Safety, Software Systems, and Cyber Physical Systems . Syngress .
Leveson , N. ( 2012 ). Engineering a Safer World: Systems Thinking Applied to Safety , 13 . MIT Press .
McDermott , T and Horowitz , B ( 2017 ). Human Capital Development – Resilient Cyber Physical Systems . Systems Engineering Research Center (SERC) Technical Report SERC-2017-TR-075 .
NATO ( 2010 ). North Atlantic Treaty Organization (NATO), Engineering for system assurance in NATO programs . Washington, DC : NATO Standardization Agency , DoD 5220.22M-NISPOM-NATO-AEP-67, February 2010.
NIST ( 2016 ). National Institute for Standards and Technology (NIST) Framework for Cyber-Physical Systems Release 1.0: Cyber Physical Systems Public Working Group (Rep.) . May 2016.
NSF ( 2016 ). Definition from National Science Foundation, 2016, “Cyber-Physical Systems,” program solicitation 16-549, NSF document number nsf16549 , March 4.
Reed , M. ( 2016 ). DoD Strategy for cyber resilient weapon systems . In: Paper presented at the National Defense Industries Association, Annual Systems Engineering Conference , Alexandria, VA (24 October 2016). NDIA .
Wan , J. , Canedo , A. , and Al Faruque , M. ( 2015 ). Security-aware functional modeling of cyber-physical systems . In: 2015 IEEE 20th International Conference on Emerging Technology & Factory Automation (ETFA) 2015 , Luxembour, Luxembourg (8–11 September 2015). IEEE , 1 – 4 .