Cyberphysical Security Through Resiliency: A Systems-centric Approach

TL;DR

This paper advocates for a systems-centric approach to cyber-physical security, emphasizing resilience over perimeter defenses, and introduces the Mission Aware framework for evaluating and enhancing CPS resilience.

Contribution

It proposes a holistic, system-oriented methodology for assessing and improving CPS resilience, addressing the lack of evaluation methods and supporting decision-making.

Findings

Resilience can better address CPS security shortfalls than perimeter security.

The Mission Aware framework integrates mission goals, system dynamics, and risk for resilience assessment.

A systems-centric approach enables traceable and defensible security decisions.

Abstract

Cyber-physical systems (CPS) are often defended in the same manner as information technology (IT) systems -- by using perimeter security. Multiple factors make such defenses insufficient for CPS. Resiliency shows potential in overcoming these shortfalls. Techniques for achieving resilience exist; however, methods and theory for evaluating resilience in CPS are lacking. We argue that such methods and theory should assist stakeholders in deciding where and how to apply design patterns for resilience. Such a problem potentially involves tradeoffs between different objectives and criteria, and such decisions need to be driven by traceable, defensible, repeatable engineering evidence. Multi-criteria resiliency problems require a system-oriented approach that evaluates systems in the presence of threats as well as potential design solutions once vulnerabilities have been identified. We present a systems-oriented view of cyber-physical security, termed Mission Aware, that is based on a holistic understanding of mission goals, system dynamics, and risk.