Towards Cybersecurity by Design: A multi-level reference model for requirements-driven smart grid cybersecurity

This paper provides a first step towards a reference model for end-to-end cybersecurity by design in the electricity sector. The envisioned reference model relies, among others, on the integrated consideration of two currently fragmented, but complementary, reference models: NISTIR 7628 and powerLang. As an underlying language architecture of choice, we rely on multi-level modeling, specifically on the Flexible Meta Modeling and Execution Language (FMMLx), as multi-level modeling supports a natural integration across different abstraction levels inherent to reference models. This paper’s contributions are a result of one full consideration of Wieringa’s engineering cycle: for problem investigation, we describe the problems the reference model should address; for treatment design, we contribute the requirements the reference model should fulfill; for treatment implementation, we provide reference model’s fragments implemented in an integrated modeling and programming environment. Finally, for treatment evaluation, we perform expert interviews to check, among others, the artefact’s relevance and utility

Towards ensuring security by design in cyber-physical systems engineering processes

Engineering cyber-physical systems secure by design requires engineers to consider security from the ground up. However, current systems engineering processes are not tailored to cyber-physical systems, or lack an integration with security engineering. In this paper, we integrate secure software engineering practices into an engineering process for cyber-physical systems. Thereby, we enable engineers to specify security requirements at the level of systems engineering, and to take effective countermeasures during both platform-independent and platform-specific software engineering. Our key contribution is the integration of threat models for tracing security requirements to countermeasures. We illustrate our approach by an autonomous car with high security requirements