Risk Management Decision Making for Security and Trust in Hardware Supply Chains

Modern cyber-physical systems are enabled by electronic hardware and embedded systems. The security of these sub-components is a concern during the design and operational phases of cyber-physical system life cycles. Compromised electronics can result in mission-critical failures, unauthorized access, and other severe consequences. As systems become more complex and feature greater connectivity, system owners must make decisions regarding how to mitigate risks and ensure resilience and trust. This paper provides an overview of research efforts related to assessing and managing risks, resilience, and trust with an emphasis on electronic hardware and embedded systems. The research takes a decision-oriented perspective, drawing from the perspectives of scenario planning and portfolio analysis, and describes examples related to the risk-based prioritization of cyber assets in large-scale systems

Cyber-Physical System and Curriculum Heutagogy Implementation in Higher Education for Creating 4.0 Generation

Higher education management must change its management model because the student's current needs in the Industrial Revolution 4.0 era are very diverse and the demand from the industrial world is more specific. This situation required a new approach in learning that can meet the students learning needs, therefore, can generate higher education graduates that have the capability, not competencies. This article is compiled based on the results of thoughts supported by a literature review using content analysis based on the results obtained from 58 articles that were published between 1999 and 2020. The universities can implement heutagogy in the curriculum which is supported by the cyber-physical system in learning. This is causing the students to be able to choose scientific competence they want independently with learning across disciplines for occupying certain ability. The cyber system development in higher education is used to assist the online learning process and as an administrator in supporting learning activities. The cyber-physical system refers to the physical things and the campus atmosphere felt by the students.

Threat Modeling of Cyber-Physical Systems in Practice

Traditional Cyber-physical Systems(CPSs) were not built with cybersecurity in mind. They operated on separate Operational Technology (OT) networks. As these systems now become more integrated with Information Technology (IT) networks based on IP, they expose vulnerabilities that can be exploited by the attackers through these IT networks. The attackers can control such systems and cause behavior that jeopardizes the performance and safety measures that were originally designed into the system. In this paper, we explore the approaches to identify threats to CPSs and ensure the quality of the created threat models. The study involves interviews with eleven security experts working in security consultation companies, software engineering companies, an Original Equipment Manufacturer (OEM),and ground and areal vehicles integrators. We found through these interviews that the practitioners use a combination of various threat modeling methods, approaches, and standards together when they perform threat modeling of given CPSs. key challenges practitioners face are: they cannot transfer the threat modeling knowledge that they acquire in a cyber-physical domain to other domains, threat models of modified systems are often not updated, and the reliance on mostly peer-evaluation and quality checklists to ensure the quality of threat models. The study warns about the difficulty to develop secure CPSs and calls for research on developing practical threat modeling methods for CPSs, techniques for continuous threat modeling, and techniques to ensure the quality of threat models

Prospectiva de seguridad de las redes de sensores inalámbricos

En las Redes de Sensores Inalámbricos (WSN), los nodos son vulnerables a los ataques de seguridad porque están instalados en un entorno difícil, con energía y memoria limitadas, baja capacidad de procesamiento y transmisión de difusión media; por lo tanto, identificar las amenazas, los retos y las soluciones de seguridad y privacidad es un tema candente hoy en día. En este artículo se analizan los trabajos de investigación que se han realizado sobre los mecanismos de seguridad para la protección de las WSN frente a amenazas y ataques, así como las tendencias que surgen en otros países junto con futuras líneas de investigación. Desde el punto de vista metodológico, este análisis se muestra a través de la visualización y estudio de trabajos indexados en bases de datos como IEEE, ACM, Scopus y Springer, con un rango de 7 años como ventana de observación, desde 2013 hasta 2019. Se obtuvieron un total de 4.728 publicaciones, con un alto índice de colaboración entre China e India. La investigación planteó desarrollos, como avances en los principios de seguridad y mecanismos de defensa, que han llevado al diseño de contramedidas en la detección de intrusiones. Por último, los resultados muestran el interés de la comunidad científica y empresarial por el uso de la inteligencia artificial y el aprendizaje automático (ML) para optimizar las medidas de rendimiento.In Wireless Sensor Networks (WSN), nodes are vulnerable to security attacks because they are installed in a harsh environment with limited power and memory, low processing power, and medium broadcast transmission. Therefore, identifying threats, challenges, and solutions of security and privacy is a talking topic today. This article analyzes the research work that has been carried out on the security mechanisms for the protection of WSN against threats and attacks, as well as the trends that emerge in other countries combined with future research lines. From the methodological point of view, this analysis is shown through the visualization and study of works indexed in databases such as IEEE, ACM, Scopus, and Springer, with a range of 7 years as an observation window, from 2013 to 2019. A total of 4,728 publications were obtained, with a high rate of collaboration between China and India. The research raised developments, such as advances in security principles and defense mechanisms, which have led to the design of countermeasures in intrusion detection. Finally, the results show the interest of the scientific and business community in the use of artificial intelligence and machine learning (ML) to optimize performance measurements

Application of a simulation-based digital twin for predicting distributed manufacturing control system performance

Publisher Copyright: © 2021 by the authors. Licensee MDPI, Basel, Switzerland.During the last years, several research activities and studies have presented the possibility to perform manufacturing control using distributed approaches. Although these new approaches aim to deliver more flexibility and adaptability to the shop floor, they are not being readily adopted and utilised by the manufacturers. One of the main challenges is the unpredictability of the proposed solutions and the uncertainty associated with these approaches. Hence, the proposed research aims to explore the utilisation of Digital Twins (DTs) to predict and understand the execution of these systems in runtime. The Fourth Industrial Revolution is leading to the emergence of new concepts amongst which DT stand out. Given their early stage, however, the already existing implementations are far from standardised, meaning that each practical case has to be analysed on its own and solutions are often created from scratch. Taking the aforementioned into account, the authors suggest an architecture that enables the integration between a previously designed and developed agent-based distributed control system and its DT, whose implementation is also provided in detail. Furthermore, the digital model’s calibration is described jointly with the careful validation process carried out. Thanks to the latter, several conclusions and guidelines for future implementations were possible to derive as well.publishersversionpublishe

CyPhERS: A cyber-physical event reasoning system providing real-time situational awareness for attack and fault response

Cyber-physical systems (CPSs) constitute the backbone of critical infrastructures such as power grids or water distribution networks. Operating failures in these systems can cause serious risks for society. To avoid or minimize downtime, operators require real-time awareness about critical incidents. However, online event identification in CPSs is challenged by the complex interdependency of numerous physical and digital components, requiring to take cyber attacks and physical failures equally into account. The online event identification problem is further complicated through the lack of historical observations of critical but rare events, and the continuous evolution of cyber attack strategies. This work introduces and demonstrates CyPhERS, a Cyber-Physical Event Reasoning System. CyPhERS provides real-time information pertaining the occurrence, location, physical impact, and root cause of potentially critical events in CPSs, without the need for historical event observations. Key novelty of CyPhERS is the capability to generate informative and interpretable event signatures of known and unknown types of both cyber attacks and physical failures. The concept is evaluated and benchmarked on a demonstration case that comprises a multitude of attack and fault events targeting various components of a CPS. The results demonstrate that the event signatures provide relevant and inferable information on both known and unknown event types

A Cyber-Security Strategy for Internationally-dispersed Industrial Networks

Globalization implies geographically dispersed supply chains composed of facilities strategically located in several countries and regions of the world. These structures commonly involve several Operational Technology (OT) and Information Technology (IT) infrastructures and integration to enable accurate and useful information processing. Such integration (also called Cyber-Physical Systems) transforms the industry and facilitates massive data volumes' systematic transformation into valuable information. Security risks posed by such integration may be substantial and, depending on the size of the company, and the number of integration points, dealing with them could easily cost millions of dollars. With the main objective of studying available strategies to manage security risks in companies with dispersed supply chains, this paper reviews international cyber-security standards and regulations and proposes a more comprehensive strategy. The strategy includes IT services, optimized perimeter segregation, and data flow policies among OT and IT networks to balance a high level of protection and cost-effectiveness

Safety related cyber-attacks identification and assessment for autonomous inland ships

Recent advances in the maritime industry include the research and development of new sophisticated ships including the autonomous ships. The new autonomy concept though comes at the cost of additional complexity introduced by the number of systems that need to be installed on-board and on-shore, the software intensiveness of the complete system, the involved interactions between the systems, components and humans and the increased connectivity. All the above results in the increased system vulnerability to cyber-attacks, which may lead to unavailability or hazardous behaviour of the critical ship systems. The aim of this study is the identification of the safety related cyber-attacks to the navigation and propulsion systems of an inland autonomous ship as well as the safety enhancement of the ship systems design. For this purpose, the Cyber Preliminary Hazard Analysis method is employed supported by the literature review of the system vulnerabilities and potential cyber-attacks. The Formal Safety Assessment risk matrix is employed for ranking of the hazardous scenarios. The results demonstrate that a number of critical scenarios can arise on the investigated autonomous vessel due to the known vulnerabilities. These can be sufficiently controlled by introducing appropriate modifications of the system design

Cyber-Physical Systems and Smart Cities in India: Opportunities, Issues, and Challenges

A large section of the population around the globe is migrating towards urban settlements. Nations are working toward smart city projects to provide a better wellbeing for the inhabitants. Cyber-physical systems are at the core of the smart city setups. They are used in almost every system component within a smart city ecosystem. This paper attempts to discuss the key components and issues involved in transforming conventional cities into smart cities with a special focus on cyber-physical systems in the Indian context. The paper primarily focuses on the infrastructural facilities and technical knowhow to smartly convert classical cities that were built haphazardly due to overpopulation and ill planning into smart cities. It further discusses cyber-physical systems as a core component of smart city setups, highlighting the related security issues. The opportunities for businesses, governments, inhabitants, and other stakeholders in a smart city ecosystem in the Indian context are also discussed. Finally, it highlights the issues and challenges concerning technical, financial, and other social and infrastructural bottlenecks in the way of realizing smart city concepts along with future research directions