Managing cybersecurity risks of cyber-physical systems: The MARISMA-CPS pattern

Cyber-physical systems (CPSs) are smart systems that include engineered interacting networks of physical and computational components. CPSs have an increasingly presence on critical infrastructures and an impact in almost every aspect of our daily life, including transportation, healthcare, electric power, and advanced manufacturing. However, CPSs face a growing and serious security issue due to the widespread connectivity between the cyber world and the physical world. Although risk assessment methods for traditional IT systems are now very mature, these are not adequate for risk assessment of CPSs due to the different characteristics of the later. As such, there is an urgent need to define approaches that will adequately support risk assessment for CPSs. To contribute to this important challenge, we propose a novel risk analysis technique for CPSs based on MARISMA, a security management methodology, and eMARISMA, a technological environment in the cloud. Our work contributes to the state of the art through the definition of the MARISMA-CPS pattern that incorporates a set of reusable and adaptable elements that allows risks in CPSs to be managed and controlled, which is aligned with the main CPSs frameworks, such as those defined by NIST and ENISA. A case study for a smart hospital is presented, showing how the reusability and adaptability of the proposal allows the proposed MARISMA-CPS pattern to be easily adapted to any CPS environment. Such adaptability is important to ensure wide application in the domain of CPSs

Responsive cyber-physical risk management (RECYPHR) a systems framework

Organizations are highly exposed to the vulnerabilities inherent in Internet connectivity, and the exposure increases every day as cyber-attacks become more lethal. Competitiveness demands an ever-increasing presence, and therefore reliance, on all things electronic. Over the past generation, businesses, consumers and governments around the globe have moved in to cyberspace and cloud environment in order to conduct their businesses. However, criminals have identified rewards from cyberspace frauds therefore, the risks and threats have increased too which indicate that the current risk management methodologies are inefficient and fast becoming obsolete in order to assess, manage, reduce, mitigate and accept risk in real time to effectively reduce cyber incidents. For our societies to function, securing the cyber space is essential and will be an enabler with result in better use of the digital environment. In this paper a new Responsive CyberPhysical Risk Management Framework (RECYPHR) is proposed in order to tackle the traditional shortfalls and provide a Near Real-Time (NERT) response to managing risks