Software Safety and Security Risk Mitigation in Cyber-Physical Systems

Cyber-physical systems (CPSs) offer many opportunities but pose many challenges--especially regarding functional safety, cybersecurity, and their interplay, as well as the systems\u27 impact on society. Consequently, new methods and techniques are needed for CPS development and assurance. This article [and issue] aims to address some of these challenges

Gestión de riesgos para el desarrollo de proyectos de sistemas críticos

Today we can find different critical systems in different fields such as health, military, space, security, etc., where the lives and economy of many people are in danger due to the consequences that may arise from a failure in these systems. For this reason, it is essential to identify, analyze and treat the risks related to critical systems projects and typical risk management processes. In this article, we show and explore different techniques and models applied in different environments, such as medicine and the military field, recognizing concepts and similarities in critical systems and risk management. Finally, determining that there are no defined methodologies for risk management in these systems, in many cases necessary to apply hybrid and dynamic options.Hoy en día podemos encontrar distintos sistemas críticos en diferentes campos como en la salud, militar, espacial, seguridad, etc., dónde peligra la vida y economía de muchas personas debido a las consecuencias que pueden surgir de alguna falla en estos sistemas. Por ello es importante identificar, analizar y tratar los riesgos relacionados a los proyectos de sistemas críticos, procesos típicos de la gestión de riesgos. En este artículo mostramos y analizamos distintas técnicas y modelos aplicados en diferentes ámbitos como la medicina y el campo militar, reconociendo conceptos y similitudes sobre los sistemas críticos y la gestión de riesgos. Finalmente determinando que no existen metodologías definidas para la gestión de riesgos en estos sistemas, siendo en muchos casos necesaria la aplicación de opciones hibridas y dinámicas

Security risks in cyber physical systems—A systematic mapping study

The increased need for constant connectivity and complete automation of existing systems fuels the popularity of Cyber Physical Systems (CPS) worldwide. Increasingly more, these systems are subjected to cyber attacks. In recent years, many major cyber-attack incidents on CPS have been recorded and, in turn, have been raising concerns in their users' minds. Unlike in traditional IT systems, the complex architecture of CPS consisting of embedded systems integrated with the Internet of Things (IoT) requires rather extensive planning, implementation, and monitoring of security requirements. One crucial step to planning, implementing, and monitoring of these requirements in CPS is the integration of the risk management process in the CPS development life cycle. Existing studies do not clearly portray the extent of damage that the unattended security issues in CPS can cause or have caused, in the incidents recorded. An overview of the possible risk management techniques that could be integrated into the development and maintenance of CPS contributing to improving its security level in its actual environment is missing. In this paper, we are set out to highlight the security requirements and issues specific to CPS that are discussed in scientific literature and to identify the state-of-the-art risk management processes adopted to identify, monitor, and control those security issues in CPS. For that, we conducted a systematic mapping study on the data collected from 312 papers published between 2000 and 2020, focused on the security requirements, challenges, and the risk management processes of CPS. Our work aims to form an overview of the security requirements and risks in CPS today and of those published contributions that have been made until now, towards improving the reliability of CPS. The results of this mapping study reveal (i) integrity authentication and confidentiality as the most targeted security attributes in CPS, (ii) model-based techniques as the most used risk identification and assessment and management techniques in CPS, (iii) cyber-security as the most common security risk in CPS, (iv) the notion of “mitigation measures” based on the type of system and the underline internationally recognized standard being the most used risk mitigation technique in CPS, (v) smart grids being the most targeted systems by cyber-attacks and thus being the most explored domain in CPS literature, and (vi) one of the major limitations, according to the selected literature, concerns the use of the fault trees for fault representation, where there is a possibility of runtime system faults not being accounted for. Finally, the mapping study draws implications for practitioners and researchers based on the findings.</p

Strategies to Improve Project Management of Software Development Processes

Excessive project failure rates result in billions of dollars in wasted resources annually. Information technology (IT) businesses lose competitive advantage when leaders fail to utilize project portfolio management (PPM) initiatives to improve performance and increase consumer value. Grounded in the project portfolio management theory, the purpose of this qualitative multiple case study was to explore strategies some project management offices (PMO) IT project leaders use to manage projects successfully in the information technology industry. The participants were 5 IT project leaders within the Northeastern region of the United States who successfully manage information technology projects. Data were collected using semistructured interviews, transcribed, and analyzed using thematic analysis. Seven themes were identified: (a) identification of objectives and desired outcomes, (b) appointing the team, (c) planning and strategizing, (d) stimulating teamwork, (e) keeping close communication throughout the project, (f) developing best practices, and (g) supervision and monitoring. A key recommendation includes project leaders fully understanding the objectives and desired outcomes of a particular project better to mitigate any potential issues or risks to the effort. The implications for positive social change include potentially increasing profitability, positively impact employment and economic growth